Our servers are hosted by Digital Ocean in Amsterdam.
Our servers enforce HTTPS with TLS 1.2 / AES 256, the best market standard.
All ports are blocked except 80/443. Servers are only accessible through SSH via a VPN and strong authentication.
All of your private data is stored on a Postgres database that's never accessible from the outside world. Sensitive employee / company data never leaves the database to third party services.
We use Amplitude to track product usage & analytics. Data sent to Amplitude never contains any personal data.
We strongly recommend you to enforce Two-Factor authentication on your Google or Microsoft accounts.
Company administrators have full access to who they decide to grant access to the tool. Moreover, you can used fine grained permissions to only grant access to specific job families or level to your team members.
Our codebase contains an extensive test suite that has a major focus on security.
Continuous integration is setup to prevent any failing build to reach production.
All of our data endpoints are protected by rate-limit throttling to prevent brute force attacks and denial of service.
September 2021: we're currently in contact with several companies to perform penetration testing and security audits on our systems. We'll publish the reports as soon as they're available.
End of 2021: we'd like to setup a bug bounty program to get continuous security monitoring.