Security

Workforce data is sensitive. We treat it that way.

Salaries, performance, leave, and personal records live in Careersome. Encryption, access control, and clear compliance commitments protect them.

SOC 2
Type I controls, ongoing security practices
TLS 1.3
Encryption in transit and at rest
RBAC
Role based access across the workspace
How we protect data

Clear controls, not marketing fog.

The same standards we describe in our Privacy Policy, written for procurement and infosec reviews.

Encryption

Data is encrypted in transit and at rest. Connections use modern TLS. Stored data uses industry standard encryption.

Access control

Role based permissions limit who can see what. Multi factor authentication is available for stronger account protection.

Secure infrastructure

The product runs on certified cloud providers with monitoring, DDoS protection, and regular independent audits of their platforms.

Audits and updates

We run security reviews, vulnerability management, and platform updates so known risks are addressed over time.

Backup and recovery

Automated backups and recovery processes help restore service if something goes wrong.

Privacy by design

We aim to collect what the product needs, support retention policies, and provide tools for export and deletion requests.

Infrastructure

Built on trusted cloud platforms.

Careersome uses established providers so your workspace inherits their operational security baseline.

Application hosting

Frontend delivery on Vercel, with global edge hosting and provider level security certifications.

Backend and data

Application services and data on Heroku, a Salesforce company, with provider certifications including SOC 2 and ISO 27001.

Independent assurance

Those providers undergo regular third party audits. Security documentation is available on request for serious evaluations.

Compliance

Aligned to the laws your teams operate under.

We design Careersome for organizations across Africa and internationally, and we work to meet applicable privacy requirements.

NDPR (Nigeria)

Practices aligned with Nigeria's data protection regulation for personal data handling.

Kenya Data Protection Act

Support for requirements around processing, storage, and transfers where Kenya law applies.

POPIA (South Africa)

Alignment with South Africa's Protection of Personal Information Act principles.

Ghana Data Protection Act

Handling personal data in line with Ghana's data protection framework.

GDPR

Alignment with GDPR principles where European standards apply to your use of Careersome.

SOC 2 Type I

Careersome maintains SOC 2 Type I controls. Our infrastructure providers hold additional certifications such as ISO 27001.

In the product

Security features your admins control.

Controls that live in the workspace, not only in our infrastructure.

Role based access

Permissions follow roles so people only see what they need for their job.

Multi factor authentication

Optional MFA adds a second factor beyond passwords.

Audit logs

Activity and access trails support monitoring and compliance reviews.

Export and deletion

Support for data export and deletion requests under applicable privacy rights.

Secure sessions

Authenticated sessions and encrypted connections for product traffic.

Ongoing updates

Regular platform updates include security fixes as issues are identified.

Incident response

When something goes wrong, we move fast.

We maintain an incident response process to detect, contain, and communicate.

  1. Monitoring and threat detection
  2. Rapid response team activation
  3. Containment of active threats
  4. Investigation and root cause analysis
  5. Communication with affected organizations
  6. Post incident review and improvements
Data residency

Talk to us about where data lives.

Infrastructure currently runs on AWS backed providers with processing in US and EU regions. For strict residency or DPA needs, contact us to discuss agreements and available configurations.

Security questions before you sign?

For procurement, compliance, or infosec review, we can share documentation and answer specific questions.