Security at VeScout

Your recruiting data is sensitive. We treat it that way. VeScout is built with enterprise-grade security from the ground up — encryption, access controls, AI governance, and full GDPR compliance.

GDPR Ready
AES-256 Encrypted
AI Audit Trail
SOC 2 Infra

Encryption & Data Protection

  • All data encrypted at rest using AES-256 encryption
  • TLS 1.3 for all data in transit between your browser and our servers
  • Database-level encryption with Supabase managed keys
  • Secure file storage with encrypted buckets for resumes and documents
  • Regular key rotation and secure key management practices
  • Automated backups encrypted with separate keys and stored in geographically separate regions

Authentication & Access Control

  • Industry-standard authentication via Supabase Auth with OAuth 2.0
  • Google OAuth and email/password sign-in options
  • Row-Level Security (RLS) policies ensuring data isolation between organizations
  • Role-based access control for team members (Admin, Recruiter, Hiring Manager, Viewer)
  • Session management with secure, httpOnly cookies
  • Rate limiting on all authentication endpoints to prevent brute-force attacks

AI Governance & Transparency

  • Full audit trail of all AI agent actions logged to the agent_actions table
  • AI reasoning stored alongside every decision for human review
  • No candidate data used to train third-party AI models
  • Human-in-the-loop design — AI recommends, humans decide
  • Bias monitoring and fairness checks built into screening algorithms
  • Configurable AI behavior with organization-level settings for automation boundaries

Data Residency & Infrastructure

  • Hosted on Vercel (frontend) and Supabase Cloud (backend) with SOC 2 Type II certification
  • Primary data storage in US regions with optional EU residency for Enterprise plans
  • CDN-distributed frontend for performance with no sensitive data at the edge
  • Infrastructure monitored 24/7 with automated alerting
  • 99.9% uptime SLA for Enterprise customers
  • Regular penetration testing and vulnerability assessments

GDPR & Privacy Compliance

  • Full GDPR compliance with data processing agreements available on request
  • Right to erasure — candidates and organizations can request complete data deletion
  • Data portability — export all your data at any time in standard formats
  • Consent management for candidate data collection and processing
  • Automated data retention policies with configurable retention periods
  • Privacy-by-design architecture with data minimization principles

Incident Response

  • Documented incident response plan with defined escalation procedures
  • Security team on-call for critical issues with 1-hour response time
  • Mandatory breach notification within 72 hours per GDPR requirements
  • Post-incident reviews and root cause analysis for all security events
  • Regular security training for all team members
  • Responsible disclosure program for external security researchers

Have security questions?

We are happy to answer detailed security questions, provide our data processing agreement, or discuss custom security requirements for Enterprise plans.

Start free trialContact security team