Updated: 29th January, 2021
Information security and compliance has always been at the center of Manatal’s drive for innovation. Therefore we are committed to building solutions that aim to safeguard your organization’s data all the while facilitating compliance with local and international regulations.
Your data’s security is our first priority. That is why we have worked very hard to equip Manatal with the best security measures that protect your data, ensure that access is only granted to authorized users and we go to considerable lengths to ensure all data sent through our software is handled securely. Keeping the platform and the information on it secure is fundamental to our business, and the foundation on which our customers’ trust is built upon.
In an effort to promote and help align recruitment operations with international and national regulations, Manatal features a wide range of tools that support compliance with regulations such as the GDPR, CCPA, PDPA, and others. Some of these features include:
For more in-depth content on how Manatal supports compliance with specific regulations, please refer to the following dedicated pages:
For any custom compliance requirements, please contact our support team.
Manatal’s computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley. With the platform’s security in mind, we have architected a secure multi-tier network environment on top of our Amazon’s infrastructure to ensure that any applications or data contained within are protected and always accessible. Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, Manatal ensures that the data it collects remains available through full daily backups, retained for 30 days and tested weekly. Manatal services have been built with disaster recovery in mind.
Manatal has an uptime of 99.9% or higher. You can check our past 90 days stats at https://status.manatal.com.
All payment instrument processing is outsourced to Stripe. Manatal does not store your payment details and has no access to your payment information. Stripe has been audited by a PCI-certified auditor and is a certified Level 1 PCI Service Provider. This is the most stringent level of certification available in the payment industry. Your billing information will, therefore, be always secure.
We employ secure coding practices and ensure that we are at the very least protected against the OWASP Top 10 Security Risks. All of the Manatal applications undergo frequent white-box security assessments to catch any security bugs we may have missed. We have two-factor authentication (2FA) processes in place and strong password policies on GitHub, Heroku, and AWS to ensure access to cloud services is protected. The communication between your employees and our servers is encrypted with SSL encryption. All user passwords are securely hashed; passwords are never stored in plain text. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.
Our staff is well trained and prepared to act quickly and efficiently in the case of a security incident. When such an incident occurs, our prevention tools immediately warn our tech teams, who will, in turn, be able to solve the issue without delay. After each incident, the protocol is updated, so that our response and intervention can be quicker next time.
Only key authorized personnel in Manatal can access your data. In order to protect your privacy, these individuals have signed a contract and agreed to never use or share the information. They access your data only when needed and strictly after receiving your authorization. With the exception of specific demands made by yourself or your company, our staff will never sell, share or retain the data for themselves. You will always be informed if your data is needed for specific tasks or activities, and permission to access it is yours to rescind. You can ask us at any given time for a report of who accessed your data, when and why.
Moreover, as our objective is to always improve our security, we periodically update our security measures. If you have a question, please do not hesitate to contact us at email@example.com.