Security Policy
Last update:
1. Hosting
The Teamtailor application is hosted by Heroku, a cloud application platform that protects customers from threats by applying security controls at every layer, from physical to application. Heroku's physical infrastructure is managed by Amazon, and has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley. Learn more about Heroku’s security practices.
2. The Personal Data Act
Teamtailor complies with all the necessary data protection regulations, including the General Data Protection Regulation (GDPR) (EU) 2016/679, which aims to prevent the violation of personal integrity in the processing of personal data. All data we collect and process is stored within, and on devices physically located within, the EU/EEA, or such third country deemed to offer an adequate level of security by the European Commission, or by service providers that have entered into binding agreements that fully comply with the lawfulness of third country transfers.
3. Encryption and passwords
All sensitive communication between the client and server is encrypted using 256-bit encryption and 2048-bit RSA key. Passwords are always encrypted and never stored in cleartext. All uploaded documents are encrypted using the strongest available encryption, 256-bit Advanced Encryption Standard (AES-256).
4. Backups
Full backups are done daily, and kept for 4 weeks (28 days). Backups are transferred off-site for an additional layer of security. Restores are performed regularly to test data integrity and backup practices
5. Access to customer data
Teamtailor staff does not access or interact with customer data as part of normal operations. Access is restricted to staff working with customer support or developing the application.
6. Export of customer data
Export of all candidate data (including documents, comments, notes) is available upon request in various formats.