This is a high level overview of the security practices at HireFire.
Our staff takes adequate security measures in order to prevent unauthorized access to its hardware, as well as first- and third party services. Measures include, but are not limited to the use of:
Mechanisms for high availability are in place for our user-facing services.
All connections between users and our services, as well as all communication between our internal services make use of transport layer security (TLS) in order to secure data in transit. All services run within data centers and/or platforms that have a form of DDOS protection in place.
All third party software used in our services is updated on a regular basis. Security patches are applied as soon as possible once they become available.
All connections to our databases are secured using TLS. Data in these databases are encrypted at rest. Extra sensitive data receives an additional layer of encryption at the database level.
Our databases are backed up continuously, allowing for point-in-time recovery, resulting in minimal data loss in the event of a disaster.
HireFire uses AWS (Amazon Web Services Inc., U.S.), Hetzner (Hetzner GmbH, Germany) and Scaleway (Scaleway SAS, France) data centers, as well as the Heroku (Salesforce Inc., U.S.), Netlify (Netlify Inc., U.S.) and Cloudflare (Cloudflare Inc., U.S.) platforms to operate our services.
All infrastructure managed by HireFire is locked down using firewalls and strong authentication mechanisms. Updates are applied on a regular basis, and security patches are applied as soon as possible once they become available.
Heroku manages our primary infrastructure and databases. They also host our primary services.
Refer to Heroku's Security Policy for more information regarding security.
Netlify serves our home page, documentation and web interface. This allows us to provide fast, reliable and secure content delivery.
Refer to Netlify's Security Page for more information regarding security.
Amazon Web Services is used indirectly (via Heroku) to run our primary infrastructure, databases and services. In addition to that, miscellaneous resources, such as log data, make use of AWS.
Refer to the AWS Security Paper for more information regarding security.
Hetzner is used in situations where high performance and/or bandwidth is a requirement.
Refer to Hetzner's Data Center Page for more information regarding security, ddos protection and certifications.
Scaleway is used in situations where high performance and/or bandwidth is a requirement.
Refer to Scaleway's Security Paper for more information regarding security.
Cloudflare is used for a variety of our services to improve performance, security and ddos mitigation.
Refer to Cloudflare's Magic Transit Paper for more information regarding ddos protection.
Stripe processes payments and securely stores credit card information on our behalf, while Chargebee handles invoicing.
Refer to Stripe's Security Page for more information regarding their security.
Refer to Chargebee's Security Page for more information regarding their security.