Encryption
Data is encrypted in transit and at rest. Connections use modern TLS. Stored data uses industry standard encryption.
Salaries, performance, leave, and personal records live in Careersome. Encryption, access control, and clear compliance commitments protect them.
The same standards we describe in our Privacy Policy, written for procurement and infosec reviews.
Data is encrypted in transit and at rest. Connections use modern TLS. Stored data uses industry standard encryption.
Role based permissions limit who can see what. Multi factor authentication is available for stronger account protection.
The product runs on certified cloud providers with monitoring, DDoS protection, and regular independent audits of their platforms.
We run security reviews, vulnerability management, and platform updates so known risks are addressed over time.
Automated backups and recovery processes help restore service if something goes wrong.
We aim to collect what the product needs, support retention policies, and provide tools for export and deletion requests.
Careersome uses established providers so your workspace inherits their operational security baseline.
Frontend delivery on Vercel, with global edge hosting and provider level security certifications.
Application services and data on Heroku, a Salesforce company, with provider certifications including SOC 2 and ISO 27001.
Those providers undergo regular third party audits. Security documentation is available on request for serious evaluations.
We design Careersome for organizations across Africa and internationally, and we work to meet applicable privacy requirements.
Practices aligned with Nigeria's data protection regulation for personal data handling.
Support for requirements around processing, storage, and transfers where Kenya law applies.
Alignment with South Africa's Protection of Personal Information Act principles.
Handling personal data in line with Ghana's data protection framework.
Alignment with GDPR principles where European standards apply to your use of Careersome.
Careersome maintains SOC 2 Type I controls. Our infrastructure providers hold additional certifications such as ISO 27001.
Controls that live in the workspace, not only in our infrastructure.
Permissions follow roles so people only see what they need for their job.
Optional MFA adds a second factor beyond passwords.
Activity and access trails support monitoring and compliance reviews.
Support for data export and deletion requests under applicable privacy rights.
Authenticated sessions and encrypted connections for product traffic.
Regular platform updates include security fixes as issues are identified.
We maintain an incident response process to detect, contain, and communicate.
Infrastructure currently runs on AWS backed providers with processing in US and EU regions. For strict residency or DPA needs, contact us to discuss agreements and available configurations.