TalentShake Data Security Overview
At TalentShake, your data's security and privacy are our top priorities. We are committed to protecting your information through industry-leading practices and technologies. Here's how we keep your data safe, combining robust security measures with the flexibility and innovation you expect from a modern tech startup.
Our Security Standards
We prioritize security by implementing best-in-class practices to protect your data. Although we currently perform audits internally, our commitment to rigorous testing and continuous improvement remains steadfast.
- Encryption at Rest and in Transit: We use AES-256 encryption for stored data and SSL/TLS for data in transit, ensuring constant encryption and preventing unauthorized access.
- Regular Security Audits: We conduct thorough internal security audits and penetration tests to identify and fix vulnerabilities.
- Access Control: Role-based access control (RBAC) ensures data access is restricted to authorized personnel only.
- Backup and Recovery: Regular backups and tested recovery procedures ensure data availability and security.
Hosting Infrastructure
Our application is hosted with leading cloud service providers known for their robust security measures. Our hosting and database infrastructures are separated for enhanced security. Here are some of the providers we use:
| Provider | Encryption | Backup and Recovery | Access Control |
|---|---|---|---|
| DigitalOcean | AES-256 at rest | Daily backups | Whitelisted IPs, closed private network |
| Amazon Web Services (AWS) | AES-256 at rest, AWS KMS, TDE | Backup and recovery options | Role-based access, IAM policies |
| Microsoft Azure | TDE, TLS 1.2+ | Geo-redundant storage (GRS) | Role-based access, Azure AD |
Database Security
Our PostgreSQL databases are secured to ensure data integrity and confidentiality. We utilize the following providers to ensure your data is protected:
| Provider | Encryption at Rest | Encryption in Transit | Backup Encryption | Access Control |
|---|---|---|---|---|
| DigitalOcean | AES-256, LUKS | SSL/TLS | RSA key-encryption key-pairs, AES-256 in CTR mode with HMAC-SHA256 | Whitelisted IPs, private network |
| Amazon Web Services (AWS) | AES-256, TDE | SSL/TLS | RSA key-encryption key-pairs, AES-256 in CTR mode with HMAC-SHA256 | IAM roles, security groups |
| Microsoft Azure | AES-256, TDE | SSL/TLS | RSA key-encryption key-pairs, AES-256 in CTR mode with HMAC-SHA256 | Azure AD, network security groups |
Third-Party Integration
We adhere to stringent security protocols when leveraging third-party APIs. Here are the trusted third-party providers we use:
| Provider | Data at Rest Encryption | Data in Transit Encryption | Compliance | Data Handling |
|---|---|---|---|---|
| OpenAI | AES-256 | TLS 1.2+ | SOC 2 | No training on customer data, secure deletion options |
| Mistral | AES-256 | TLS 1.2 | ISO 27001, SOC 2 | No training on customer data without consent |
| Anthropic | AES-256 | TLS 1.2 | SOC 2 | No training on customer data, secure deletion options |
Customer Policy Documents Storage
We securely store our customers' policy documents using trusted third-party services. Here are examples of the providers we use:
| Provider | Data Encryption | Compliance | Data Handling |
|---|---|---|---|
| OpenAI | AES-256 at rest, TLS 1.2+ | SOC 2 Type 2, GDPR | No model training on stored data, secure deletion options |
| ChromaDB | AES-256 at rest, TLS | Stringent security standards | No model training on stored data, backup retention policies |
Data stored in the vector store is not used to train models and can be securely deleted upon request. Typically, documents are retained for backups for 30 days before data is permanently deleted to ensure compliance with data recovery policies.
Email Server Integration
Our app securely handles email communication, ensuring your emails are protected through industry-standard protocols:
| Protocol | Security Features |
|---|---|
| IMAP | SSL/TLS for secure access |
| SMTP | STARTTLS for encryption |
To add an additional layer of security, customers can add our server IP to the SPF and DKIM records.
Additional Security Practices
- Regular Updates: Servers and applications are regularly updated and patched.
- Access Control: Database access is restricted to trusted sources and necessary personnel using RBAC.
- Backup and Recovery: Regular backups and recovery tests ensure data availability.
- API Security: API keys are securely stored and monitored.
- User Education: Clients are educated on best security practices with comprehensive documentation.
Compliance and Audits
- Internal Audits: We conduct thorough internal security audits and vulnerability assessments to ensure compliance with industry regulations and maintain high-security standards.