This document provides a high-level overview of the security practices at HireFire.
HireFire continuously evaluates and updates its security practices to address emerging threats and adapt to changes in technology and regulations. This includes:
Customers are free to review this document at any time at https://www.hirefire.io/security for updates.
HireFire implements comprehensive security measures to prevent unauthorized access to hardware and third-party services. These measures include:
Access to HireFire systems and data is controlled using the following measures:
To ensure service resilience and reliability, HireFire employs mechanisms for high availability in its user-facing services. These mechanisms not only enhance availability but also mitigate risks such as DDOS attacks.
All connections between users and our services, as well as communication between internal services, use Transport Layer Security (TLS) to secure data in transit. Additionally, all services are hosted within data centers or platforms equipped with DDOS protection.
Third-party software, including open-source components used in our services, is updated regularly. Security patches are applied promptly upon availability.
All database connections are secured using Transport Layer Security (TLS). Data stored in our databases is encrypted at rest, and sensitive data is provided with an additional layer of encryption at the application level.
Databases are continuously backed up, allowing for point-in-time recovery. This ensures that in the event of a disaster, data can be restored to a specific moment in time, minimizing data loss and ensuring service continuity.
While HireFire implements extensive security measures, customers also play a critical role in ensuring their data remains secure. We recommend the following best practices:
HireFire employs rigorous development practices to ensure the security and reliability of our services. This includes:
Stripe handles payment processing and securely stores credit card information on our behalf, while Chargebee manages invoicing. HireFire does not directly store or process any payment information, relying entirely on these providers for compliance and security.
HireFire is committed to addressing security incidents promptly. In the event of a breach, we will:
HireFire leverages third-party platforms to operate its services:
Platforms such as Heroku and Cloudflare enhance efficiency by automating infrastructure management tasks, such as monitoring, security updates, providing failover for services and databases, and ensuring high availability. Of course, scaling automation is handled by HireFire itself! This allows us to focus on delivering customer value while ensuring robust security, performance, and availability.
All infrastructure managed by HireFire is protected with firewalls and strong authentication mechanisms. Regular updates and prompt application of security patches further enhance security.
HireFire adheres to the principles of the General Data Protection Regulation (GDPR). We ensure that a Data Processing Agreement (DPA) is signed with every vendor that handles personal data. This ensures our vendors meet strict GDPR requirements and maintain high standards of data protection. While GDPR is specific to the EU, we apply its principles universally to all customers. These practices include:
HireFire provides its own Data Processing Agreement (DPA), which does not require a signature, and goes into effect when we process personal data on behalf of our customers.
For more details, see our Data Processing Agreement (DPA).
As detailed in our Terms of Service, any matters relating to the use of HireFire’s services are subject to Dutch law. All disputes will be submitted exclusively to a competent court in The Netherlands.
