The Teamtailor application is hosted by Heroku, a cloud application platform that protects customers from threats by applying security controls at every layer, from physical to application. Heroku's physical infrastructure is managed by Amazon, and has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.Learn more about Heroku's security practices
Teamtailor complies with the Personal Data Act (1998:204). The Personal Data Act is based on Directive 95/46/EC which aims to prevent the violation of personal integrity in the processing of personal data. All data is handled in the EU.
All sensitive communication between the client and server is encrypted using 128-bit SSL encryption. Passwords are always encrypted and never stored in cleartext.
All uploaded documents are encrypted using the strongest available encryption, 256-bit Advanced Encryption Standard (AES-256).
Full backups are done daily, and copies kept for 6 months. Backups are transferred off-site for an additional layer of security.
Restores are performed regularly to test data integrity and backup practices
Teamtailor staff does not access or interact with customer data as part of normal operations. Access is restricted to staff working with customer support or developing the application.
Export of all candidate data (including documents, comments, notes) is available upon request in various formats.