We handle the most sensitive personal information in the hiring process. That's why we've built enterprise-grade security into every layer of our platform.
Independently audited security controls for data handling, availability, and confidentiality.
International standard for information security management systems (ISMS).
Full compliance with the Fair Credit Reporting Act for consumer reporting.
Professional Background Screening Association accreditation for industry best practices.
Data processing compliant with EU General Data Protection Regulation requirements.
California Consumer Privacy Act compliance for California resident data.
Multi-layered security controls protect your data at every stage — from collection to storage to destruction.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database fields containing PII use additional application-level encryption.
Role-based access control (RBAC) with multi-factor authentication required for all employees. Principle of least privilege enforced across all systems.
Configurable data retention policies per client. Automated secure data destruction using NIST 800-88 guidelines when retention periods expire.
Complete audit trail of all data access, modifications, and system events. Logs are immutable and retained for 7 years for compliance purposes.
Hosted on AWS with SOC 2 certified data centers. Multi-AZ deployment with automatic failover. 99.99% uptime SLA.
Real-time database replication across multiple regions. RPO < 1 minute, RTO < 15 minutes. Annual DR testing with documented results.
Web Application Firewall (WAF), DDoS protection, intrusion detection/prevention systems, and 24/7 security monitoring.
Continuous vulnerability scanning, annual penetration testing by third-party firms, and a responsible disclosure program.
We collect only the minimum data required to perform background screenings. All data collection is consent-based and FCRA-compliant. Candidates are notified and must authorize before any screening begins.
All processing occurs within our SOC 2 certified infrastructure. PII is tokenized during processing and never stored in logs. AI analysis runs in isolated environments with no data persistence.
Data is stored in encrypted databases with field-level encryption for SSNs, dates of birth, and other sensitive identifiers. Access is restricted to authorized personnel with MFA and logged for audit purposes.
Background check results are shared only with the authorized requesting party. We never sell, share, or use candidate data for any purpose other than the authorized screening.
When retention periods expire or clients request deletion, data is securely destroyed using cryptographic erasure. Destruction is verified and documented for compliance records.
99.99%
Uptime SLA
<200ms
Average API Response
24/7
Security Monitoring
All data is stored in AWS data centers located in the United States (us-east-1 and us-west-2 regions). Data never leaves US borders unless specifically requested for international screenings.
Only authorized personnel with a business need can access candidate data. All access requires MFA, is logged, and is reviewed quarterly. Your account data is isolated from other clients.
Default retention is 7 years per FCRA requirements, but this is configurable per client. You can request immediate deletion at any time, and we'll provide a certificate of destruction.
Yes. We maintain a responsible disclosure program and work with security researchers to identify and fix vulnerabilities. Contact [email protected] for details.
Yes. We provide our SOC 2 Type II report to prospective and current customers under NDA. Contact our sales team to request a copy.