Security

JobsASI is committed to the confidentiality, integrity, and availability of your data.

Introduction

Recruiting and HR data is critical to your business and we take the security of customer data extremely seriously. We are committed to the confidentiality, integrity, and availability of your data. We host JobsASI using comprehensively hardened infrastructure-as-a-service (IaaS) platforms from Google Cloud.

Product Security

Authentication

JobsASI uses Clerk.com and allows authentication from Google Workspace (formerly GSuite) JobsASI does not store any passwords.

Permissions

JobsASI supports Admin and Member level permissions for teammates.

System Security

Servers and Networking

All JobsASI servers and structured datastores use managed infrastructure services provided and secured by Google Cloud. Our web servers encrypt data in transit using the industry standard for HTTPS security (TLS 1.2 and TLS 1.3) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are fully managed by GCP.

Storage

All persistent data is encrypted at rest.

Operational Security

Employee Access

We use Google account infrastructure to verify employee account identity and require two-factor authentication for apps that access critical infrastructure or customer data. Access to administrative interfaces additionally enforce administrator permissions where applicable, and all administrative access is logged and auditable both in the form of traditional web server logs and session recordings to make it easy to find and review any administrative activities with full fidelity. All employee contracts include a confidentiality agreement.

Service Levels, Backups, and Recovery

JobsASI infrastructure utilises multiple and layered techniques for increasingly reliable uptime, including the use of load balancing and task queues. JobsASI uses highly redundant datastores, rapid recovery infrastructure, and point-in-time backups making unintentional loss of customer data very unlikely.

Application Security

Server and Client Hardening

JobsASI servers GCP managed infrastructure. All requests are logged and searchable by operations staff.

Customer Payment Information

We use Stripe for payment processing and do not store any credit card information. Stripe is a trusted, Level 1 PCI Service Provider.

Incident Reporting

Incident Response

JobsASI implements a protocol for handling security events which includes escalation procedures, rapid mitigation, and post mortem. All employees are informed of our policies.