Hiring data is sensitive. We treat it that way. This overview describes the controls, certifications, and practices that keep your data protected at every layer.
01Compliance & certifications
InstaHire is independently audited and certified against leading security and privacy standards.
| Standard | Status |
|---|---|
| SOC 2 Type II | Certified |
| GDPR | Compliant |
| CCPA / CPRA | Compliant |
| ISO 27001 | In progress (2026) |
02Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Encryption keys are managed through a dedicated key-management service with regular rotation.
03Infrastructure security
InstaHire runs on hardened cloud infrastructure with isolated environments, automated patching, and 24/7 monitoring.
- Network segmentation and least-privilege access by default.
- Continuous vulnerability scanning and annual third-party penetration testing.
- Encrypted, geographically redundant backups.
04Access control
Employee access to production data is strictly limited, logged, and reviewed quarterly. We enforce SSO, mandatory MFA, and role-based permissions across all internal systems.
05Data privacy by design
Security and privacy go hand in hand. We minimize the data we collect, isolate customer data per tenant, and honor data-subject requests. See our Privacy Policy and DPA.
06Incident response
We maintain a documented incident-response plan with defined severities and on-call rotations. In the event of a breach affecting your data, we will notify affected customers without undue delay and within the timeframes required by law.
07Contact us
Questions about this document? Reach our team at legal@instahire.careers or write to InstaHire, Inc., 548 Market St, San Francisco, CA 94104.