Security Measures

HrFlow.ai provides the most sophisticated AI-Powered JOB & PROFILE API. Hundreds of Corporates and Software vendors trust us every day and leverage our technology to process the candidate's data.

From the start of HrFlow.ai, we always believed this was a great responsibility and maintained a particular focus on security issues. Besides the technical and procedural measures that companies traditionally adopt, we also focused on the human element as an essential part of our security strategy.

To get a better idea of HrFlow.ai's security and how we make sure our customer's data is safe at all times, we'll present the main measures taken to deal with all three aspects of security: Technology, Procedure, and People.

Technical measures

Data Encryption

Data encryption is an important security measure that increases the safety of transited data. With this method, information is encoded and can only be accessed or decrypted by a user with the correct encryption key.
HrFlow.ai encrypts all data in transit using security best practices to ensure unauthorized parties are not readable.

Infrastructure

All of our infrastructures are hosted by certified service providers (AWS Irlande, Europe) that follow strict security policies, ensuring hosted data safety. Our cloud suppliers are vigilant about privacy and security and provide multiple services addressing these issues (such as Identity & access management, infrastructure protection, Data protection, Detective controls).

Security logs

Keeping extensive security logs and doing regular analysis of these logs is very important for detecting abnormalities and identifying and preventing many security issues.

We collect and store security logs to provide an audit trail of our applications’ activity. We also track and analyze these logs to detect any possible anomalies.

Secure development

Security has always been one of our top priorities. Since the beginning, we have been following a Secure Development Lifecycle (SDL) process to ship “Secure by design” products.

Establishing a security strategy might seem irrelevant in the early stages of product development, but it is crucial to deliver a final product. At HrFlow.ai, we build our products following security best practices and frameworks, and we define our security strategy since the conception phase. This approach has a significant impact throughout the product lifecycle and helps us easily comply with all security standards.

We also encourage peer code reviews: every new code is reviewed by peers, whether it’s a new feature or bug fix. Security reviews are performed whenever necessary for the work.

Availability & Resilience

All data are continually replicated on two nodes in our AWS S3 storage. The data is hosted in separated datacenters and handled on servers with an automatic failover system.

We perform hourly backups with a full recovery process verified daily. The backups are transmitted through end-to-end HTTPS encryption, and access is protected through AWS and Kubernetes rights management.

Procedural measures

Incident management

Being ready for any security incident is crucial to mitigate the effects of such events. Our incident management policies and procedures are effective and fast to deploy. They can handle any disruption to customers’ data and provide full disaster recovery to ensure our services’ continuity.

Security assessments & audits

The most effective way to test the security level in a company is by performing internal security assessments and third-party audits whenever possible.

HrFlow.ai engineering team regularly performs security assessments. We are also obtaining the ISO/CEI 27001 certification, which recognizes the work done by the company to achieve the highest security levels and testifies to the security standards applied within the company.

Vulnerability disclosure and reward program

HrFlow.ai acknowledges the work independent security researchers do by flagging vulnerabilities we might not be aware of, and therefore we have put in place a bug bounty program to reward such efforts.

However, we insist that independent security experts let us know as soon as possible and don’t test against any users’ data. We also work with these security experts to close any vulnerability as soon as we know it.

Employees measures

Awareness

At HrFlow.ai, we believe that security is a shared responsibility and that everyone plays a vital role in keeping our apps and data secure. That is why we have established a culture of awareness on security matters and provide everyone with the knowledge and tools to fulfill their roles.

Security Training

Keeping up with the latest security practices and standards is very important for us. Thus, our security team regularly goes through relevant training then updates our security procedures and measures accordingly.