All Collections
GDPR
How does Traffit secure its clients’ data?
How does Traffit secure its clients’ data?

Data security

Karolina Matyja avatar
Written by Karolina Matyja
Updated over a week ago

GENERAL INFO

Data encryption: All passwords are hashed with Bcrypt (no plain text is stored).

Login security: TRAFFIT users can log in to the system using one of the following methods:

  • via login/password

  • with SSO

Available options for SSO:

  • Google account

  • Linkedin account

  • SAML (activated on demand)

  • Auth0 (activated on demand)

Redundancy - API, database, and other key servers operate in clusters. That means that the failure of one element does not stop the work of the other elements.

Backups: Every 24 hours. We can roll back single pieces of data or the whole database.

Logs: Logs are stored for 30 days, then removed.

Server location: Dedicated servers on AWS - Amazon Web Services located in Europe (Frankfurt). AWS security details are available here.

CANDIDATES’ DATA

To keep you and your candidates’ data safe, we apply the following safeguards:

  1. The personal data are stored in separate instances (domains) on dedicated servers. That means that each client database is separate from the system files repository.

  2. Our system is encrypted with the HTTPS protocol.

  3. The TRAFFIT system administrator can decide on the password security requirements in Settings --> General settings, specifically:

  • password change requirement (in days),

  • active session time (in minutes).

  • limit wrong passwords before the account is blocked.

4. The TRAFFIT system administrator can block access to the system according to the office IP address and working hours.

5. Recommended browsers:

  • Google Chrome

  • Mozilla Firefox

  • Safari

  • Microsoft Edge

API

CAREER PAGE INTEGRATION API

Career page integration API documentation is available here.

This API is public - no authentication is required.

INTEGRATION API

Integration API documentation is available here.

Requires authentication by OAuth token.

GDPR (Generation Data Protection Regulation)

  1. All data is stored in EEA (European Economic Area) - Frankfurt, Germany.

  2. TRAFFIT users can add any types of consent to be put on application forms, to be accepted by the candidates.

  3. All the candidates’ consent and their expiration dates are stored in the system.

  4. TRAFFIT users can remove and anonymize candidates’ data at any time.

  5. The visibility of candidates' data and some activities in the system (like data import, downloading candidates’ files, and removing candidates’ data) can be limited for specific permission groups.

  6. Personal data processing terms are included in TRAFFIT terms and conditions, point X.

  7. TRAFFIT's privacy policy is available here.

TRAFFIT TEAM

Only selected TRAFFIT employees to have access to your data. Their access is personal and secure. The application is supervised by designated employees on duty:

- application log control

- application operation control

- infrastructure operation control

Each released version of TRAFFIT is tested by the QA team. Details of every new version are shared here after every release. The team has multiple environments (sandboxes) to test different scenarios.

TRAFFIT is regularly tested by external companies.

Access to the load balancer (only to selected ports) is the only access available from the public network. Every other access is available only from a private network.

Related Articles
How is TRAFFIT different from competing products?
How to integrate TRAFFIT with Inhire?
How to integrate my Gmail with TRAFFIT?
Candidate profile in TRAFFIT
How to use TRAFFIT's sourcing plugin?
Did this answer your question?