We hold ourselves to the same standard we help our customers achieve: security that is embedded, adaptive, and continuously improving. Here's how we protect the platform and your data.
All data encrypted in transit using TLS 1.3. Data at rest encrypted using AES-256. Encryption keys managed through a dedicated key management service with quarterly rotation.
Multi-region cloud deployment with automatic failover. Infrastructure-as-code with immutable deployments. Network segmentation between customer tenants enforced at the infrastructure layer.
Zero-trust access model. MFA enforced for all internal systems. Least-privilege access with quarterly access reviews. PAM solution for privileged accounts.
Strict logical separation between customer environments. No cross-tenant data access. Customer data namespaced and encrypted with per-tenant keys.
24/7 security monitoring of our own infrastructure — we use Hirevex AI internally. Automated alerting on anomalous access patterns, configuration drift, and infrastructure events.
Documented IR playbooks covering detection, containment, eradication, and recovery. Enterprise customers notified of material security incidents within 72 hours of confirmed detection.
We operate a responsible disclosure program. If you believe you have discovered a security vulnerability in our platform, please report it to security@hirevex-ai.com before public disclosure. We commit to acknowledging reports within 2 business days and providing a remediation timeline within 10 business days.
We do not pursue legal action against researchers who act in good faith and comply with our disclosure policy. We ask that you do not access or modify customer data during research, avoid denial-of-service testing, and limit testing to your own account or designated test environments.
Enterprise customers with strict data residency requirements can request private or isolated deployment options. In private deployment configurations, all processing remains within your defined network perimeter and no data traverses Hirevex AI's shared infrastructure. Contact security@hirevex-ai.com to discuss available deployment models.
Security team: security@hirevex-ai.com
For urgent security issues: include "URGENT" in the subject line.
PGP key available on request for encrypted communication.