Security at SeekOut
At SeekOut, the security of our customers’ data and compliance with legal requirements are our top priorities. SeekOut is committed to earning and maintaining the trust of our customers. We design our software and business practices to protect customer data. SeekOut’s software platform and corporate policies & procedures are compliant with global standards and trusted by many Fortune 500 enterprises.
Security at SeekOut
At SeekOut, the security of our customers’ data and compliance with legal requirements are our top priorities. SeekOut is committed to earning and maintaining the trust of our customers. We design our software and business practices to protect customer data. SeekOut’s software platform and corporate policies & procedures are compliant with global standards and trusted by many Fortune 500 enterprises.
SOC2
SeekOut is SOC 2 Type 2 certified as of June 8, 2023.
Responsible disclosure
If you are a security researcher who has found a vulnerability on our site, please let us know by joining our HackerOne program.
Cloud security
SeekOut’s services run on Microsoft Azure, which has more certifications than any other cloud provider including SOC 2, ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA and IRS 1075. MFA is enforced for all employee access.
Data access
Access to customer data is provided to SeekOut employees on a need-to-know basis. For example, SeekOut Customer Success Team can only access customer data when necessary to investigate and resolve a customer issue and only after receiving approval from the customer to do so. The development team cannot access customer data for any other purpose. We review our access policies and access rights to our systems at least quarterly
Client data usage
Client data is only used to deliver the service to the client. SeekOut does not test its software with customer data. It does not use client data to enhance its own data to offer to other clients. It does not sell client data to other third parties. SeekOut uses Azure AI Services for our platform. SeekOut is compliant with ISO/IEC: 42001:2023 and ISO/IEC: 23894:2023. SeekOut does not use any client data to train our AI models.
Confidentiality
All SeekOut team members are required to sign an agreement that protects the security and privacy of our customers.
Data encryption
All customer data is encrypted in transit and at rest. The SeekOut service can only be accessed by secure HTTPS connection and all customer data is encrypted using AES-256. The encryption keys are managed by Microsoft Azure.
SeekOut customer access control
SeekOut never stores or transmits user passwords as plain text. We utilize a one-way, cryptographic hashing algorithm known as Bcrypt, an industry standard for password hashing.
For customers who want unified access control, SeekOut supports SAML-based Single Sign-On provisioning systems.
Backup
All SeekOut data is backed up daily. Those backups are geographically distributed and can be recovered quickly. SeekOut has never lost any customer data.
Physical security
SeekOut is entirely hosted on Microsoft Azure servers which are architected to the highest security standards and SOC 2 Type 2 Certified. No customer data is stored at SeekOut offices.
SeekOut team access control
SeekOut has a formal Access Control policy which includes role-based access to all resources and unique ID for all team members. In addition, we have standards and systems for role-based security, password strength & change frequency enforcement, and protections against brute force login attempts.
Incident response and notification
We have never had a security breach. If we were to suffer a security breach or other event that compromises the integrity of customer data, we would notify all affected customers within 24 hours.
Security awareness training
All employees receive comprehensive Security Awareness Training annually and at hire.
Network monitoring and protection
SeekOut monitors and responds to all security events, reviews firewall rules and monitors for attacks. We monitor service availability and performance.
Penetration testing
At least annually, a third party performs penetration testing of SeekOut’s cloud environment, web applications, and network configuration to detect any potential security vulnerabilities. We quickly remediate any issues discovered in penetration testing. We run monthly vulnerability scans against our webapps and networks. We have an active HackerOne program.
Disaster recovery and business continuity
SeekOut has a business continuity and disaster recovery plan and tests the plan annually. Most data is geographically replicated to enhance webapp performance and recovery during a disaster.
Integration with your Systems
We protect your information as its transmitted between systems. SeekOut integrates seamlessly with your applicant tracking system (ATS) without compromising the security of your data. Communication through ATS partner APIs is HTTPS encrypted using TLS 1.2+. The connection is encrypted and authenticated using AES-256 encryption.
Privacy Compliance
SeekOut has a robust compliance function that is focused on privacy laws both in the United States and internationally. To learn more about our privacy practices please visit our Privacy Policy at https://www.seekout.com/privacy. To request removal of your public data from SeekOut, please submit a request via our Privacy Choices Portal.
Data Protection Officer
SeekOut has an appointed Data Protection Officer who is responsible for documentation and implementation of our Data Protection policies and procedures.
EEOC & OFCCP Compliance
For customers who require Office of Federal Contract Compliance Programs (OFCCP) compliance monitoring, SeekOut can meet standards for OFCCP record keeping and reporting. SeekOut has many customers who are federal contractors. Learn more about SeekOut and EEOC. Learn more about SeekOut and OFCCP.