We understand that you place trust in us by using the Hireflow app, and it’s our promise to you that we take this trust seriously. We have invested in our security so that your information resides safely with us.
Hireflow is committed to ensuring the safety and security of our customers. We hope to foster an open partnership with the security community, and we recognize that the work the community does is important in continuing to ensure safety and security for all of our customers. We operate a responsible disclosure program to facilitate security vulnerability reporting:
While researching, we’d like you to refrain from:
Our infrastructure runs on a combination of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. Access to these services is protected by secure access tokens in addition to two factor authorization.
User data is stored in an encrypted RDS database hosted on AWS. All user data is encrypted in transit to and from our database, backend and clients. We use TLS encryption between all of our internal endpoints as well as for data served to the client.
Our application integrates with G-Suite so that we can send email messages on your behalf. Our system limits how much data it requests from G-Suite so that only email bodies generated by our system or any replies are ingested into our system for processing.
All employees follow a strict internal security policy. No production data is available to employees of the company with the exception of the devops team when dealing with production level bugs or specific customer issues.