HireTree

Security

Your security is our priority

Last updated: April 17, 2026

At HireTree, we take the security of your data very seriously. We implement multiple layers of protection to ensure your information is always secure.

Secure Infrastructure

Our platform is built on state-of-the-art cloud infrastructure:

  • Hosting on certified providers (SOC 2, ISO 27001)
  • Geographic redundancy for high availability
  • 24/7 infrastructure and application monitoring
  • Security updates applied regularly
  • Firewalls and DDoS protection

Encryption

We use end-to-end encryption to protect your data:

  • TLS 1.3 for all communications (HTTPS)
  • AES-256 encryption for data at rest
  • Passwords hashed with secure algorithms (bcrypt)
  • Secure cryptographic key management
  • SSL/TLS certificates automatically renewed

Authentication and Access

Multiple layers of protection for account access:

  • Magic Link authentication (no passwords to remember)
  • Session tokens with automatic expiration
  • Protection against brute force attempts
  • Role-based access control (RBAC)
  • Audit logging of all critical actions

Data Protection

Rigorous measures to protect your personal information:

  • Complete data isolation between companies (multi-tenancy)
  • Automatic daily backups with 30-day retention
  • Disaster recovery plan regularly tested
  • Data minimization (collecting only what's necessary)
  • Data retention and deletion policies

Application Security

Secure development practices implemented:

  • Protection against OWASP Top 10 vulnerabilities
  • Prevention against SQL Injection and XSS
  • CSRF protection on all requests
  • Rigorous input data validation
  • Vulnerability monitoring in dependencies

Compliance

Committed to the highest compliance standards:

  • Full compliance with Brazil's LGPD (Law 13.709/2018)
  • Alignment with GDPR principles
  • Transparent privacy policy
  • User consent management
  • Full support for data subject rights

Incident Response

Established procedures for handling security incidents:

  • Dedicated incident response team
  • Automatic detection of suspicious activities
  • Incident notification as required by law
  • Complete investigation and remediation
  • Post-incident analysis and continuous improvements

Vendor Security

We only work with partners that meet our standards:

  • Security evaluation of all vendors
  • Data processing agreements (DPA)
  • Preference for certified vendors
  • Periodic security reviews

Report Vulnerabilities

We value collaboration from the security community. If you identify a vulnerability in our platform:

  • Send an email to: security@hiretree.co
  • Include technical details for reproduction
  • Practice responsible disclosure
  • We recognize valid contributions

We do not conduct penetration testing without prior authorization.

Security Contact

For security-related questions:

Email: security@hiretree.co

DPO: dpo@hiretree.co

Response time: up to 48 business hours

Certifications and Standards

We follow industry best practices and constantly strive to improve our security posture.