Skip to main content

Is my data secure with Traffit?

Data security details in Traffit

Anna Sykut avatar
Written by Anna Sykut
Updated over a week ago

Data encryption

All passwords are hashed with Bcrypt (no plain text is stored).

Login security

TRAFFIT users can log in to the system using one of the following methods:

  • via login/password

  • with SSO

Available options for SSO:

  • Google account

  • Linkedin account

  • SAML (activated on demand)

  • Auth0 (activated on demand)

Redundancy - API, database, and other key servers operate in clusters. That means that the failure of one element does not stop the work of the other elements.

Backups: Every 24 hours. We can roll back single pieces of data or the whole database.

Logs: Logs are stored for 30 days, then removed.

Server location: Dedicated servers on AWS - Amazon Web Services located in Europe (Frankfurt). AWS security details are available here.

Candidate data security

To keep you and your candidates’ data safe, we apply the following safeguards:

  1. The personal data are stored in separate instances (domains) on dedicated servers. That means that each client database is separate from the system files repository.

  2. Our system is encrypted with the HTTPS protocol.

  3. The TRAFFIT system administrator can decide on the password security requirements in Settings --> General settings, specifically:

  • password change requirement (in days),

  • active session time (in minutes).

  • limit wrong passwords before the account is blocked.

4. The TRAFFIT system administrator can block access to the system according to the office IP address and working hours.

5. Recommended browsers:

  • Google Chrome

  • Mozilla Firefox

  • Safari

  • Microsoft Edge

Email inbox security

Email mailbox integration is an optional feature that streamlines work and allows users to send emails from the system and maintain communication with the candidates.

The user adding the mailbox can select the folders he wants to integrate.

In the case of Gmail, the client injects the application on the side of their Google Workspace, and then sends us the data to allow us to plug it into Traffit. This gives the customer more control over their employees' inboxes.

For Microsoft 365 inboxes, the integration is done with a dedicated Microsoft API.

When synchronizing mailboxes, Traffit is given access to the entire mailbox (only for the presentation of the folders - at this point there is no synchronization of folder contents) to enable the selection of folders for synchronization. Synchronization of the contents takes place only after the user selects folders. The reason for this approach is that Gmail and Microsoft 365 do not allow you to restrict access to only selected folders.

When a user removes a mailbox from synchronization, his emails are also removed from the system.

Public API (career page integration)

Career page integration API documentation is available here.

This API is public - no authentication is required.

Integration API

Integration API documentation is available here.

Requires authentication by OAuth token.

Payments security

Payment for the system is possible by:

  • credit card attachment

  • bank transfer

The recurring credit card payment is secured by 3D-Secure verification.

AI usage in Traffit

TRAFFIT uses open AI - chat GPT 4.0.

The use of AI has been implemented in 2 places in the system:

Recruitment job posts creation

AI proposes the content of recruitment job posts based on the job title, Hiring Managers' requirements, and company data - using the indicated tone of voice.

Recruitment reports analysis

AI is analyzing the numbers visible in the recruitment reports in the system and comparing them with publicly available benchmarks.

No personal or sensitive data is sent to AI.

Only recruitment data and statistical data are sent to AI.

(Read more about AI-based features in Traffit)

GDPR (Generation Data Protection Regulation)

  1. All data is stored in EEA (European Economic Area) - Frankfurt, Germany.

  2. TRAFFIT users can add any types of consent to be put on application forms, to be accepted by the candidates.

  3. All the candidates’ consent and their expiration dates are stored in the system.

  4. TRAFFIT users can remove and anonymize candidates’ data at any time.

  5. The visibility of candidates' data and some activities in the system (like data import, downloading candidates’ files, and removing candidates’ data) can be limited for specific permission groups.

  6. Personal data processing terms are included in TRAFFIT terms and conditions, point X.

  7. TRAFFIT's privacy policy is available here.

Traffit Team

Only selected TRAFFIT employees to have access to your data. Their access is personal and secure. The application is supervised by designated employees on duty:

- application log control

- application operation control

- infrastructure operation control

Each released version of TRAFFIT is tested by the QA team. Details of every new version are shared here after every release. The team has multiple environments (sandboxes) to test different scenarios.

TRAFFIT is regularly tested by external companies.

Access to the load balancer (only to selected ports) is the only access available from the public network. Every other access is available only from a private network.

Related Articles
What is TRAFFIT and what is it used for?
How is TRAFFIT different from competing products?
How to customize your Traffit before you start?
How to integrate my Office365 mailbox with TRAFFIT?
Public & integration API in Traffit
Did this answer your question?