At Reelcruit, safeguarding candidate and employer data is not an afterthought — it’s a foundation.

Our platform is hosted on Microsoft Azure, one of the world’s most secure and compliant cloud environments, and every layer of our system is designed with privacy-first principles, strong encryption, and regulatory compliance in mind.

Compliance & Certifications

SOC 2 Type II – Reelcruit’s infrastructure on Microsoft Azure is fully aligned with SOC 2 Type II standards, ensuring independent validation of security practices.

ISO/IEC 27001 & 27018 – Azure data centers are certified for information security and cloud privacy management.

Law 25 (Quebec) – We comply with all obligations around transparency, consent, breach notifications, and designation of a Privacy Officer.

PIPEDA (Canada) – Data collection, use, and retention practices follow federal Canadian privacy law.

GDPR (EU/EEA) – Our system is compliant with GDPR requirements for lawful basis, data minimization, and data subject rights.

CCPA (California) – Employers and candidates in the U.S. benefit from compliance with consumer rights under California law.

Product Security

We combine resilient technology, strict access control, and encryption to protect your information:

Role-Based Access Control (RBAC): Employers, candidates, and administrators each have distinct permission levels.

Single Sign-On (SSO): Seamless authentication with Azure Active Directory and major identity providers.

Password Security: Credentials are hashed and salted with modern algorithms (bcrypt/Argon2).

Data Encryption:

In Transit: TLS 1.2+/SSL enforced across all connections.

At Rest: AES-256 encryption for all customer data stored in Azure SQL and Blob Storage.

Audit Logging: Every critical action (login, data access, permission changes) is logged and monitored.

Azure Cloud Security

Reelcruit leverages Microsoft Azure’s enterprise-grade infrastructure:

Data Residency:

All primary data is stored in Canadian Azure regions (Montreal & Toronto), with geo-redundant backups across multiple availability zones.

Defense in Depth:

Azure Firewall & Web Application Firewall (WAF) to block DDoS, SQLi, XSS, bot traffic.

Network Security Groups (NSGs) restrict access to essential services only.

Regular automated patching and vulnerability scanning.

Access Control: Cloud resources are accessible only to trained Reelcruit engineers following the principle of least privilege (PoLP).

Monitoring & Alerts: Real-time monitoring via Azure Security Center, Microsoft Defender for Cloud, and SIEM integrations.

Application Security

Secure Development Lifecycle (SDLC): Reelcruit follows OWASP Top 10 and Microsoft SDL guidelines.

Code Review & QA: All changes go through peer review, automated testing, and staging environments before release.

Separate Environments: Development, staging, and production environments are fully isolated.

Penetration Testing: Annual independent penetration tests and continuous vulnerability scanning.

Dependency Management: Open-source libraries are vetted and monitored for CVEs.

Business Continuity & Reliability

99.9% Uptime Commitment: Thanks to Azure’s high availability infrastructure.

Backups: Real-time backups with 35-day retention and geo-redundant storage.

Disaster Recovery: Automated failover within Azure availability zones; recovery point objective (RPO) < 15 min, recovery time objective (RTO) < 1 hr.

Incident Response: Dedicated protocols for threat detection, breach reporting (including Law 25 72-hr breach notification), and customer communication.

Confidentiality & Privacy by Design

Candidate data is private by default — employers only see information once consent is granted.

Profiles are standardized and anonymized for fair evaluation before personal identifiers are revealed.

Employers must comply with their own privacy obligations when handling candidate data.

Data retention is limited — accounts and resumes are deleted or anonymized upon request.

Employee Security & HR Practices

Background Checks: Performed for all Reelcruit employees before granting system access.

Training: Mandatory security and privacy training during onboarding and annually thereafter.

Confidentiality Agreements: All staff are bound by strict NDAs and internal data handling policies.

Access Governance: Employee access is reviewed quarterly; terminated accounts are immediately revoked.

Incident Management & Responsible Disclosure

Reelcruit maintains a formal Incident Response Plan with escalation paths.

Customers are notified promptly in the event of a data breach, as required by Law 25, PIPEDA, or GDPR.

We encourage responsible disclosure of vulnerabilities. Researchers can submit reports to [[email protected]].

Your Rights

Depending on jurisdiction, users may exercise the following rights:

Access, correction, and deletion of personal data.

Right to withdraw consent at any time.

Right to data portability (GDPR).

Right to opt-out of data sales (CCPA).

Requests can be submitted to [email protected].

Contact

Reelcruit Inc. – Privacy & Security Office

1673 A Av. Aird,Montréal, QC, H1V 2V4

Email: info@reelcruit.com