Recruitly Logo

Data Hosting and Security

Enterprise-grade infrastructure with comprehensive security measures

At Recruitly, we prioritize the security and integrity of your data with enterprise-grade infrastructure, comprehensive security measures, and transparent data management policies designed specifically for recruitment and HR operations.

Banking-grade security for your data!

Our founder is an ex-VP of Engineering for a leading banking business in the UK, with half a decade of experience designing defensible banking systems. This expertise ensures your recruitment data receives the same level of protection as sensitive banking information.

Defense in DepthZero Trust ArchitectureContinuous Compliance

Infrastructure Security Compliance

Recruitly leverages Google Cloud Platform (GCP) and MongoDB Cloud as our infrastructure providers, which maintain rigorous security certifications including ISO 27001, SOC 2 Type II, and various other compliance standards. While we benefit from their secure infrastructure, we follow security best practices aligned with these standards in our own operations.

Built on GCP InfrastructureMongoDB Cloud SecuritySecurity Best Practices

Security Infrastructure

Recruitly's infrastructure is built on Google Cloud Platform (GCP), implementing a Zero-Trust architecture for maximum security. Our platform leverages Google's secure-by-design infrastructure, built-in protection, and global network to safeguard your information, identities, applications, and devices.

Defense in Depth

Multiple layers of security controls throughout the technology stack

Principle of Least Privilege

Access rights limited to the minimum necessary to perform required functions

Network Segmentation

Critical systems isolated with defined security boundaries

Multi-factor Authentication

Mandatory MFA for all administrative access to systems

Our infrastructure undergoes regular security assessments, including vulnerability scanning and penetration testing conducted by independent third-party security firms to maintain the highest security standards.

Data Storage & Resilience

Recruitly implements a multi-region, highly redundant storage architecture to ensure your data remains available, protected, and compliant with regional data sovereignty requirements.

🇧🇪

Primary Data Center

Google Belgium (europe-west1) — Our primary data center where data is distributed across multiple physical locations for high availability and redundancy.

All data is stored exclusively within EU regions to meet data sovereignty requirements and GDPR compliance.

Infrastructure features: N+2 redundancy, automated failover, 99.99% uptime SLA, continuous monitoring

🇬🇧

Secondary Data Center

Google London (europe-west2) — Our secondary data center where we synchronize all data in real-time from Belgium for resilience. This data is retained for 30 days.

This dual-region approach ensures business continuity and robust disaster recovery capabilities with minimal recovery time objectives (RTOs).

Recovery metrics: RTO <4 hours, RPO <15 minutes, automated failover testing performed monthly

Data Replication & Redundancy

Belgium Primary
London Secondary

We employ synchronous replication for critical data between our primary and secondary data centers, ensuring data consistency and eliminating single points of failure. All database operations are recorded in transaction logs and replicated in real-time to maintain data integrity across regions.

Data Protection Measures

Backup & Recovery Strategy

We employ Mongo Cloud Ops Manager to deploy, monitor, and back up our database servers with enterprise-grade reliability. Our comprehensive backup strategy includes:

  • Continuous incremental backups with 15-minute intervals
  • Daily full database snapshots with integrity verification
  • Point-in-Time recovery options with 5-minute granularity
  • Automated backup verification and validation
  • Geo-redundant backup storage across multiple regions
  • Rapid restoration capabilities with documented procedures
  • Monthly disaster recovery testing and simulation

Our recovery processes are regularly tested and can restore services within our defined SLA recovery timeframes.

Security Controls & Encryption

Recruitly implements comprehensive data protection through multiple layers of security controls:

  • All data encrypted at rest using AES-256 encryption
  • All transfers between regions and services secured with TLS 1.3
  • Encryption key management with automatic rotation
  • Role-based access control (RBAC) implementation
  • Strict access controls based on least privilege principle
  • Regular security audits and penetration testing
  • Continuous security monitoring with 24/7 alerts
  • DDoS protection and Web Application Firewall (WAF)
  • Secure CI/CD pipeline with code scanning

Security Certifications

Our security program is regularly audited against industry standards including ISO 27001, SOC 2 Type II, and GDPR requirements.

Vulnerability Management

Automated scanning, risk assessment, and remediation tracking for all systems

Intrusion Detection

24/7 monitoring for suspicious activities with automated threat response

Identity Management

Centralized authentication with multi-factor verification for all access

Data Retention Policy

Our data retention policy balances the business needs of our customers with data minimization principles and regulatory requirements. We provide transparent processes for data lifecycle management with clear timelines for retention and deletion.

Active Accounts

Unlimited

All data retained while account is active

Deactivated Accounts

30 Days

Data retained in recoverable state

Terminated Accounts

30 Days in Backups

Automatically purged after backup rotation

Account Termination Process

When an account is terminated, we follow a structured process to ensure complete data removal:

1

Immediate logical deletion of all customer data from production systems

2

Data retained in our encrypted backups for 30 days

3

As backup rotation occurs, all data is permanently destroyed

4

Confirmation of deletion provided upon request

Custom Retention Policies

For enterprise customers with specific regulatory or compliance requirements, we offer customisable data retention policies that can be tailored to your organization's needs, including:

Extended retention periods for audit purposes
Configurable retention by data category
Automated deletion workflows
Legal hold capabilities

GDPR & Data Privacy Compliance

Recruitly is designed with privacy by design principles at its core. Our platform provides comprehensive tools to help your organization meet GDPR obligations while maintaining full control over candidate and employee data.

Data Subject Rights Management

Our platform includes built-in workflows to handle data subject access requests (DSARs) efficiently and in compliance with GDPR timeframes.

  • Right to access personal data
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restrict processing
  • Right to data portability

All data subject requests are logged and tracked to ensure timely responses and compliance.

Consent Management

Our robust consent management system allows you to collect, record, and manage user consent in line with GDPR requirements.

Consent Lifecycle Management

1

Collection

2

Storage

3

Management

4

Withdrawal

  • Supports GDPR consents for up to 4 years
  • Timestamp and version control for all consent changes
  • Automated data removal when consent is withdrawn
  • Audit trail for compliance purposes

Data Processing Transparency

As a data processor, Recruitly provides the necessary tools for you to enforce your own GDPR policies. Our platform includes:

Data Processing Register

Maintain a complete record of all processing activities as required by GDPR Article 30.

Data Impact Assessments

Tools to help you conduct and document DPIAs for high-risk processing activities.

Breach Notification

Processes and tools to detect, investigate, and report data breaches within required timeframes.

Cross-border Transfer Safeguards

Documentation and controls for international data transfers in compliance with Chapter V of GDPR.

Note: While we provide comprehensive tools for GDPR compliance, organizations are responsible for determining their legal basis for processing personal data and ensuring their usage complies with applicable regulations. We recommend consulting with your legal team or data protection officer.

Contact Our Security Team

Security Inquiries

For detailed information about our security measures or to discuss specific security requirements, please contact our security team at:

support@recruitly.io

Responsible Disclosure

We value the security research community. If you believe you've found a security vulnerability in our service, please report it to us through our responsible disclosure program:

support@recruitly.io

Your Data Security is Our Priority

Join hundreds of organizations that trust Recruitly with their sensitive recruitment data. Our enterprise-grade security keeps your information safe while our compliance-ready platform helps you meet your regulatory obligations.