Data Hosting and Security
Enterprise-grade infrastructure with comprehensive security measures
At Recruitly, we prioritize the security and integrity of your data with enterprise-grade infrastructure, comprehensive security measures, and transparent data management policies designed specifically for recruitment and HR operations.
Banking-grade security for your data!
Our founder is an ex-VP of Engineering for a leading banking business in the UK, with half a decade of experience designing defensible banking systems. This expertise ensures your recruitment data receives the same level of protection as sensitive banking information.
Infrastructure Security Compliance
Recruitly leverages Google Cloud Platform (GCP) and MongoDB Cloud as our infrastructure providers, which maintain rigorous security certifications including ISO 27001, SOC 2 Type II, and various other compliance standards. While we benefit from their secure infrastructure, we follow security best practices aligned with these standards in our own operations.
Quick Navigation
Security Infrastructure
Recruitly's infrastructure is built on Google Cloud Platform (GCP), implementing a Zero-Trust architecture for maximum security. Our platform leverages Google's secure-by-design infrastructure, built-in protection, and global network to safeguard your information, identities, applications, and devices.
Defense in Depth
Multiple layers of security controls throughout the technology stack
Principle of Least Privilege
Access rights limited to the minimum necessary to perform required functions
Network Segmentation
Critical systems isolated with defined security boundaries
Multi-factor Authentication
Mandatory MFA for all administrative access to systems
Our infrastructure undergoes regular security assessments, including vulnerability scanning and penetration testing conducted by independent third-party security firms to maintain the highest security standards.
Data Storage & Resilience
Recruitly implements a multi-region, highly redundant storage architecture to ensure your data remains available, protected, and compliant with regional data sovereignty requirements.
Primary Data Center
Google Belgium (europe-west1) — Our primary data center where data is distributed across multiple physical locations for high availability and redundancy.
All data is stored exclusively within EU regions to meet data sovereignty requirements and GDPR compliance.
Infrastructure features: N+2 redundancy, automated failover, 99.99% uptime SLA, continuous monitoring
Secondary Data Center
Google London (europe-west2) — Our secondary data center where we synchronize all data in real-time from Belgium for resilience. This data is retained for 30 days.
This dual-region approach ensures business continuity and robust disaster recovery capabilities with minimal recovery time objectives (RTOs).
Recovery metrics: RTO <4 hours, RPO <15 minutes, automated failover testing performed monthly
Data Replication & Redundancy
We employ synchronous replication for critical data between our primary and secondary data centers, ensuring data consistency and eliminating single points of failure. All database operations are recorded in transaction logs and replicated in real-time to maintain data integrity across regions.
Data Protection Measures
Backup & Recovery Strategy
We employ Mongo Cloud Ops Manager to deploy, monitor, and back up our database servers with enterprise-grade reliability. Our comprehensive backup strategy includes:
- Continuous incremental backups with 15-minute intervals
- Daily full database snapshots with integrity verification
- Point-in-Time recovery options with 5-minute granularity
- Automated backup verification and validation
- Geo-redundant backup storage across multiple regions
- Rapid restoration capabilities with documented procedures
- Monthly disaster recovery testing and simulation
Our recovery processes are regularly tested and can restore services within our defined SLA recovery timeframes.
Security Controls & Encryption
Recruitly implements comprehensive data protection through multiple layers of security controls:
- All data encrypted at rest using AES-256 encryption
- All transfers between regions and services secured with TLS 1.3
- Encryption key management with automatic rotation
- Role-based access control (RBAC) implementation
- Strict access controls based on least privilege principle
- Regular security audits and penetration testing
- Continuous security monitoring with 24/7 alerts
- DDoS protection and Web Application Firewall (WAF)
- Secure CI/CD pipeline with code scanning
Security Certifications
Our security program is regularly audited against industry standards including ISO 27001, SOC 2 Type II, and GDPR requirements.
Vulnerability Management
Automated scanning, risk assessment, and remediation tracking for all systems
Intrusion Detection
24/7 monitoring for suspicious activities with automated threat response
Identity Management
Centralized authentication with multi-factor verification for all access
Data Retention Policy
Our data retention policy balances the business needs of our customers with data minimization principles and regulatory requirements. We provide transparent processes for data lifecycle management with clear timelines for retention and deletion.
Active Accounts
All data retained while account is active
Deactivated Accounts
Data retained in recoverable state
Terminated Accounts
Automatically purged after backup rotation
Account Termination Process
When an account is terminated, we follow a structured process to ensure complete data removal:
Immediate logical deletion of all customer data from production systems
Data retained in our encrypted backups for 30 days
As backup rotation occurs, all data is permanently destroyed
Confirmation of deletion provided upon request
Custom Retention Policies
For enterprise customers with specific regulatory or compliance requirements, we offer customisable data retention policies that can be tailored to your organization's needs, including:
GDPR & Data Privacy Compliance
Recruitly is designed with privacy by design principles at its core. Our platform provides comprehensive tools to help your organization meet GDPR obligations while maintaining full control over candidate and employee data.
Data Subject Rights Management
Our platform includes built-in workflows to handle data subject access requests (DSARs) efficiently and in compliance with GDPR timeframes.
- Right to access personal data
- Right to rectification
- Right to erasure (right to be forgotten)
- Right to restrict processing
- Right to data portability
All data subject requests are logged and tracked to ensure timely responses and compliance.
Consent Management
Our robust consent management system allows you to collect, record, and manage user consent in line with GDPR requirements.
Consent Lifecycle Management
Collection
Storage
Management
Withdrawal
- Supports GDPR consents for up to 4 years
- Timestamp and version control for all consent changes
- Automated data removal when consent is withdrawn
- Audit trail for compliance purposes
Data Processing Transparency
As a data processor, Recruitly provides the necessary tools for you to enforce your own GDPR policies. Our platform includes:
Data Processing Register
Maintain a complete record of all processing activities as required by GDPR Article 30.
Data Impact Assessments
Tools to help you conduct and document DPIAs for high-risk processing activities.
Breach Notification
Processes and tools to detect, investigate, and report data breaches within required timeframes.
Cross-border Transfer Safeguards
Documentation and controls for international data transfers in compliance with Chapter V of GDPR.
Note: While we provide comprehensive tools for GDPR compliance, organizations are responsible for determining their legal basis for processing personal data and ensuring their usage complies with applicable regulations. We recommend consulting with your legal team or data protection officer.
Contact Our Security Team
Security Inquiries
For detailed information about our security measures or to discuss specific security requirements, please contact our security team at:
support@recruitly.ioResponsible Disclosure
We value the security research community. If you believe you've found a security vulnerability in our service, please report it to us through our responsible disclosure program:
support@recruitly.ioYour Data Security is Our Priority
Join hundreds of organizations that trust Recruitly with their sensitive recruitment data. Our enterprise-grade security keeps your information safe while our compliance-ready platform helps you meet your regulatory obligations.