Security at Bull's Hire

Our platform is built on enterprise-grade infrastructure designed for reliability and security.

• Database with Row Level Security (RLS) ensuring complete data isolation between organizations
• All data connections encrypted via TLS/SSL protocols
• Multi-tenant architecture with logical data separation — each organization's data is completely isolated
• Regular automated backups with encrypted storage
• Infrastructure hosted in SOC 2 compliant data centers

Every piece of data in Bull's Hire is scoped to your organization. Our security model ensures no cross-organization data access is possible.

• Row-level security policies enforced at the database level — not just the application level
• Independent evaluation system: interviewers cannot see each other's scorecards until they submit their own
• Role-based access control with Admin and Interviewer permissions
• Scorecards are locked after submission to prevent tampering
• All API endpoints validate organization membership before processing any request

Interview recordings are handled with the highest security standards from capture to storage.

• Video calls use WebRTC technology with end-to-end encryption
• Explicit recording consent required from candidates before any session begins
• Cloud recordings stored in encrypted storage with automatic expiration
• Configurable audio retention periods (5, 10, or custom days depending on your plan)
• Recordings are permanently and irrecoverably deleted after the retention period

Our AI analysis pipeline is designed with data privacy as a core principle.

• Transcription services certified under SOC 2 Type II standards
• AI analysis processed in isolated environments — your data is never shared across clients
• Your interview data is never used to train AI models
• Audio files are processed and deleted after transcription — only text transcripts are retained
• AI-generated analyses are stored exclusively within your organization's data scope

We use modern authentication methods that prioritize security without sacrificing convenience.

• Passwordless magic links for candidates — no credentials to leak or steal
• Secure email-based authentication for interviewers and admins
• Invitation tokens with 7-day expiration for team onboarding
• Session management with automatic expiration
• All authentication flows protected against common attack vectors (CSRF, XSS, injection)

Bull's Hire is designed with privacy-by-design principles and complies with major data protection regulations.

• Data minimization: we only collect what's necessary to provide our service
• Explicit consent collection before any interview recording
• Right to access: request a copy of all your personal data at any time
• Right to erasure: request complete deletion of your data
• Right to portability: export your data in standard formats
• Transparent data processing with clear privacy policies
• Data Protection Officer (DPO) available for inquiries

We continuously monitor our systems to detect and respond to potential security threats.

• Access logging and audit trails for all sensitive operations
• Automated security monitoring and alerting
• Regular security assessments and vulnerability scanning
• Incident response procedures with defined escalation paths
• Continuous platform updates with security patches