How secure is my data?
In a word: Very.
In 247 words and 10 acronyms: Greenhouse's computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
The communication between your employees and our servers is encrypted with 128-bit SSL encryption. All user passwords are securely hashed; passwords are never stored in plaintext. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own. In addition to strong security controls, Greenhouse ensures that the data it collects remains available through full, daily backups, retained for 30 days and tested weekly.
Greenhouse undergoes frequent third-party security assessments. We even have a “bug bounty” program to make sure that any flaws in our application are brought to light immediately.
Only authorized employees have access to our production infrastructure, and passwords are strictly regulated. We limit access to customer data to a select few employees who need it to provide support and troubleshooting on our customer's behalf. Accessing data center information as well as customer data is done solely on an as-needed basis, and only when approved by the customer (i.e. as part of a support request), or to provide support and maintenance.