Updated: 5th February, 2019
In today’s world, data has become a wealth one must protect. In addition, data in recruitment is of paramount importance, as it can reveal a lot of confidential information about your organization.
Therefore, the security of your data is our first priority. That is why we have worked very hard to secure everything possible in Manatal: Keeping our customers’ data secure is the most important thing that Manatal does. We go to considerable lengths to ensure that all data sent to Manatal is handled securely – keeping Manatal secure is fundamental to our business.
Manatal computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
We have architected a secure multi-tier network environment on top of our Amazon’s infrastructure to ensure that our applications and data are protected and always accessible. Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, Manatal ensures that the data it collects remains available through full, daily backups, retained for 30 days and tested weekly. Manatal services have been built with disaster recovery in mind.
All payment instrument processing is outsourced to Stripe. Manatal does not store your payment details and has no access to your payment information.
Stripe has been audited by a PCI-certified auditor and is certified PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Your billing information will, therefore, be always secured.
We employ secure coding practices and ensure we’re at-minimum protected against the OWASP Top 10 Security Risks. All of the Manatal applications undergo frequent white-box security assessments to catch any security bugs we may have missed. We have two-factor authentication (2FA) and strong password policies on GitHub, Heroku and AWS to ensure access to cloud services are protected.
The communication between your employees and our servers is encrypted with SSL encryption. All user passwords are securely hashed; passwords are never stored in plain text. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.
All our staff is regularly trained to act quickly and efficiently if a security incident comes up. When an incident appears, our prevention tools immediately warn our tech teams, which will be able to solve the issue as quickly as possible. After each incident, the protocol is updated, so that our teams can answer even quicker next time.
Only specified persons in Manatal can have access to your data. They have signed a contract to never use or share them. They access your data only when it is needed and always after receiving your authorization. Except for specific demands from yourself or your company, they will never sell, share or keep the data for themselves. They will always tell you before if they need to do something with your data. You can ask anytime you want when and why they have accessed your data.
Moreover, as our objective is to improve every day, we will regularly update our security tools. If you have a question, please do not hesitate to tell us at firstname.lastname@example.org.