Security & Performance

How secure is my data?

In a word: Very.

In 247 words and 10 acronyms: Greenhouse's computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.

The communication between your employees and our servers is encrypted with 128-bit SSL encryption. All user passwords are securely hashed; passwords are never stored in plaintext. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own. In addition to strong security controls, Greenhouse ensures that the data it collects remains available through full, daily backups, retained for 30 days and tested weekly.

Greenhouse undergoes frequent third-party security assessments. We even have a “bug bounty” program to make sure that any flaws in our application are brought to light immediately.

Only authorized employees have access to our production infrastructure, and passwords are strictly regulated. We limit access to customer data to a select few employees who need it to provide support and troubleshooting on our customer's behalf. Accessing data center information as well as customer data is done solely on an as-needed basis, and only when approved by the customer (i.e. as part of a support request), or to provide support and maintenance.

Want more information on our security plan? Just drop us a line! For additional information, check out the security policies for Amazon.

What’s your uptime?

We guarantee 99% uptime, averaged over a month.

Is there scheduled maintenance?

We update Greenhouse frequently, but our product updates won’t disrupt your work in any way. For major undertakings where downtime is unavoidable (things like operating system upgrades, hardware repairs, or data center moves) we try to make our off-line time mercifully brief and thoroughly communicated. Within 48 hours of planned downtime, we will notify account holders of the maintenance window and fill you in on what what we’ll be working on in that time. Approximately 15 minutes before scheduled downtime, we’ll use in-app messaging to give you a heads up about it. If the downtime is due to a third-party service failure or maintenance window, we’ll tell you about that as well. All incidents are announced at greenhouse.statuspage.io with regular updates; users can subscribe to status updates via SMS or email on our status page.

Does Greenhouse integrate with any third-party service providers?

Our 100+ integration partners include Reschedge, OneLogin, BambooHR, Namely, Workday, Okta, HackerRank, CoderPad.io, and Entelo. Each of these integration partners has to be authorized by the customer in order to access any customer data.

Will third parties have access to my data?

Only data which you explicitly authorize and send to a third-party will ever leave Greenhouse. We don’t sell customer data to anyone.