Security & Trust

Your candidate data is yours alone

Recruitment data is sensitive — names, salaries, interview notes, rejection reasons. Recuite is built so your team controls who sees what, and so your data never mixes with another company's.

Safe vault door protecting candidate resumes

Isolated workspace per company

Every customer gets its own isolated workspace inside our database. One company's candidates, vacancies, and notes are never visible to another customer — not by accident, not by query mistake. The boundary is enforced at the database layer, not just by application code.

Dedicated workspace per customer
Database-level isolation
No cross-tenant data leakage
Per-customer backups

Role-based access with audit log

Recuite ships with 7 built-in roles — Super Admin, Company Admin, HR Manager, Recruiter, Hiring Manager, Interviewer, Employee — plus support for custom roles. Each role has fine-grained permissions: who can create vacancies, who can see salaries, who can export candidates, who can delete data. Every sensitive action is recorded in an audit log.

7 built-in roles + custom roles
Fine-grained permission model
Per-vacancy and per-department data scopes
Audit log of access and changes
Hiring-manager view limited to assigned vacancies
Recruiter view limited to assigned candidates

Encryption at rest and in transit

Traffic between your browser and Recuite is encrypted with TLS 1.3. Stored data is encrypted at rest. Integration credentials (job-board API tokens, email passwords, calendar OAuth tokens) are encrypted with AES-256-GCM in the database, so even a database backup is useless without the key.

TLS 1.3 in transit
AES-256 at rest
AES-256-GCM for integration credentials
Bcrypt password hashing
No plaintext secrets

GDPR posture and right-to-be-forgotten*

A candidate can ask to be deleted, and you can fulfil that request from inside Recuite — every related record (profile, files, notes, ratings, communication history) is erased. We track consent, retention windows, and data-subject requests in one place.

Right-to-be-forgotten workflow
Consent tracking per candidate
Configurable retention policies
Data-subject access request log
Data export for subject requests

Access audit logs

Every login, every permission change, every record export is logged with who, what, and when. If something looks wrong, you can trace it back. If a candidate asks who saw their CV, you can answer.

Login and session events
Permission and role changes
Sensitive-record reads
Data exports
Searchable and exportable

SSO / SAML for company sign-in*

Connect Recuite to your corporate identity provider via SSO/SAML so your team signs in with the same account they use for everything else. Provisioning and de-provisioning flow through your IdP — when an employee leaves, their Recuite access is gone the same day.

SAML 2.0 sign-in
IdP-driven provisioning
Session-slot limits per user
Forced sign-out on role change

Data location

Customer data is hosted in EU-based infrastructure. We do not transfer recruitment data outside the EU without your written consent. If you need a specific region (Ukraine, Germany, Poland), talk to us before signing.

EU-hosted by default
No undisclosed transfers
Region negotiable on Enterprise

*Available on Professional or Enterprise plan

Need a security questionnaire or DPA?

Send your standard vendor questionnaire or DPA to our security team. We answer enterprise security reviews directly — no forms, no waiting.

[email protected]