Enterprise-grade infrastructure with comprehensive security measures
At Recruitly, we prioritize the security and integrity of your data with enterprise-grade infrastructure, comprehensive security measures, and transparent data management policies designed specifically for recruitment and HR operations.
Our founder is an ex-VP of Engineering for a leading banking business in the UK, with half a decade of experience designing defensible banking systems. This expertise ensures your recruitment data receives the same level of protection as sensitive banking information.
Recruitly leverages Google Cloud Platform (GCP) and MongoDB Cloud as our infrastructure providers, which maintain rigorous security certifications including ISO 27001, SOC 2 Type II, and various other compliance standards. While we benefit from their secure infrastructure, we follow security best practices aligned with these standards in our own operations.
Recruitly's infrastructure is built on Google Cloud Platform (GCP), implementing a Zero-Trust architecture for maximum security. Our platform leverages Google's secure-by-design infrastructure, built-in protection, and global network to safeguard your information, identities, applications, and devices.
Multiple layers of security controls throughout the technology stack
Access rights limited to the minimum necessary to perform required functions
Critical systems isolated with defined security boundaries
Mandatory MFA for all administrative access to systems
Our infrastructure undergoes regular security assessments, including vulnerability scanning and penetration testing conducted by independent third-party security firms to maintain the highest security standards.
Recruitly implements a multi-region, highly redundant storage architecture to ensure your data remains available, protected, and compliant with regional data sovereignty requirements.
Google Belgium (europe-west1) — Our primary data center where data is distributed across multiple physical locations for high availability and redundancy.
All data is stored exclusively within EU regions to meet data sovereignty requirements and GDPR compliance.
Infrastructure features: N+2 redundancy, automated failover, 99.99% uptime SLA, continuous monitoring
Google London (europe-west2) — Our secondary data center where we synchronize all data in real-time from Belgium for resilience. This data is retained for 30 days.
This dual-region approach ensures business continuity and robust disaster recovery capabilities with minimal recovery time objectives (RTOs).
Recovery metrics: RTO <4 hours, RPO <15 minutes, automated failover testing performed monthly
We employ synchronous replication for critical data between our primary and secondary data centers, ensuring data consistency and eliminating single points of failure. All database operations are recorded in transaction logs and replicated in real-time to maintain data integrity across regions.
We employ Mongo Cloud Ops Manager to deploy, monitor, and back up our database servers with enterprise-grade reliability. Our comprehensive backup strategy includes:
Our recovery processes are regularly tested and can restore services within our defined SLA recovery timeframes.
Recruitly implements comprehensive data protection through multiple layers of security controls:
Our security program is regularly audited against industry standards including ISO 27001, SOC 2 Type II, and GDPR requirements.
Automated scanning, risk assessment, and remediation tracking for all systems
24/7 monitoring for suspicious activities with automated threat response
Centralized authentication with multi-factor verification for all access
Our data retention policy balances the business needs of our customers with data minimization principles and regulatory requirements. We provide transparent processes for data lifecycle management with clear timelines for retention and deletion.
All data retained while account is active
Data retained in recoverable state
Automatically purged after backup rotation
When an account is terminated, we follow a structured process to ensure complete data removal:
Immediate logical deletion of all customer data from production systems
Data retained in our encrypted backups for 30 days
As backup rotation occurs, all data is permanently destroyed
Confirmation of deletion provided upon request
For enterprise customers with specific regulatory or compliance requirements, we offer customisable data retention policies that can be tailored to your organization's needs, including:
Recruitly is designed with privacy by design principles at its core. Our platform provides comprehensive tools to help your organization meet GDPR obligations while maintaining full control over candidate and employee data.
Our platform includes built-in workflows to handle data subject access requests (DSARs) efficiently and in compliance with GDPR timeframes.
All data subject requests are logged and tracked to ensure timely responses and compliance.
Our robust consent management system allows you to collect, record, and manage user consent in line with GDPR requirements.
Collection
Storage
Management
Withdrawal
As a data processor, Recruitly provides the necessary tools for you to enforce your own GDPR policies. Our platform includes:
Maintain a complete record of all processing activities as required by GDPR Article 30.
Tools to help you conduct and document DPIAs for high-risk processing activities.
Processes and tools to detect, investigate, and report data breaches within required timeframes.
Documentation and controls for international data transfers in compliance with Chapter V of GDPR.
Note: While we provide comprehensive tools for GDPR compliance, organizations are responsible for determining their legal basis for processing personal data and ensuring their usage complies with applicable regulations. We recommend consulting with your legal team or data protection officer.
For detailed information about our security measures or to discuss specific security requirements, please contact our security team at:
support@recruitly.ioWe value the security research community. If you believe you've found a security vulnerability in our service, please report it to us through our responsible disclosure program:
support@recruitly.ioJoin hundreds of organizations that trust Recruitly with their sensitive recruitment data. Our enterprise-grade security keeps your information safe while our compliance-ready platform helps you meet your regulatory obligations.