Security is foundational to how we build RecruFY. This page describes the measures we take to protect your data and keep the platform safe.
1. Our Commitment to Security
Protecting the data entrusted to us is a core priority. Because RecruFY handles sensitive information — including assessment results and candidate data — we apply layered security practices across our infrastructure, applications, and processes. This page summarizes those practices.
2. Infrastructure Security
RecruFY runs on trusted, industry-standard cloud infrastructure. Our database and authentication are powered by Supabase, and our application is deployed on Vercel. These providers maintain robust physical and network security at the data-center level, including protections against unauthorized access and infrastructure-level threats.
3. Encryption
Data transmitted between your device and our servers is encrypted in transit using industry-standard TLS (HTTPS). Data stored in our database is protected by encryption at rest provided by our infrastructure partners. We do not transmit sensitive data over unencrypted channels.
4. Access Control
We enforce the principle of least privilege: access to systems and data is limited to those who need it to operate the Services. Database access is governed by row-level security policies that ensure users can only access data they are authorized to see — for example, Companies can only access applications to their own positions, and Candidates can only access their own results.
5. Authentication
User authentication is handled through secure, token-based sessions. Passwords are never stored in plain text; they are hashed using strong, industry-standard algorithms. We encourage all users to choose strong, unique passwords and to keep their credentials confidential.
6. Data Protection
Personal and assessment data is segregated by account and protected by access controls. We process personal data in accordance with our Privacy Policy and the Law of Georgia on Personal Data Protection. We do not sell user data, and we share it only as described in our Privacy Policy.
7. Assessment Integrity
To protect the fairness and validity of assessments, we employ a range of integrity measures, which may include question randomization, answer shuffling, time limits, single-attempt enforcement, and activity monitoring during tests. These measures help ensure that results are trustworthy for both Candidates and Companies.
Describe here only the anti-cheating measures you have actually implemented, to avoid overstating capabilities.
8. Monitoring & Logging
We monitor our systems for suspicious activity and maintain logs that help us detect, investigate, and respond to potential security events. Monitoring helps us identify anomalies and maintain the reliability and integrity of the platform.
9. Incident Response
In the event of a security incident affecting personal data, we will act promptly to contain and investigate the issue, and we will notify affected users and the relevant authorities where required by Georgian law. We maintain procedures to handle incidents in a structured and timely manner.
10. Backups & Continuity
Our infrastructure partners maintain regular, automated backups to protect against data loss and to support recovery in the event of a failure. We rely on these mechanisms to help ensure the availability and durability of your data.
11. Your Responsibilities
Security is a shared responsibility. To help keep your account safe, we recommend that you:
- Use a strong, unique password and do not reuse it elsewhere;
- Keep your login credentials confidential;
- Log out of shared devices;
- Notify us immediately if you suspect unauthorized access;
- Keep your own devices and software up to date.
12. Responsible Disclosure
We welcome reports from security researchers. If you believe you have found a security vulnerability in RecruFY, please report it to us responsibly and give us a reasonable opportunity to address it before public disclosure. We will investigate all legitimate reports and do our best to fix confirmed issues promptly.
Report vulnerabilities to: [SECURITY CONTACT EMAIL]
13. Contact
For security-related questions or to report a concern, contact us:
- Security email: [SECURITY CONTACT EMAIL]
- General contact: [CONTACT EMAIL]
This page describes intended security practices and should be kept accurate as your implementation evolves. Have it reviewed alongside your Privacy Policy by a qualified advisor.