Security at Staffparty

Our customers trust us with their sensitive data and we take keeping it safe seriously. We work with trusted vendors, enforce strict security policies, and require team training and reviews to ensure that customers can enjoy our products without concern.

Security

We work with best-in-class infrastructure providers such as AWS to ensure your data stays safe.

Privacy

Staffparty considers all customer data submitted to our applications to be confidential.

Training

Our team undergoes regular training to deflect social engineering and phishing attacks.

Infrastructure

AWS

Staffparty uses AWS for our computing infrastructure and data storage. AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC 2, SOC 3, ISO 9001 / ISO 27001, FedRAMP, DoD SRG, and PCI DSS Level 1.i.

Data Encryption

Data is encrypted both at rest and in transit, and restricted by access control management and monitoring. Data at rest is encrypted using AES-256. Data in transit is encrypted by Transport Layer Security (TLSv1.2+).

Data Backups

All customer data we collect remains available through full and continuous backups that are retained for 35 days. Point-In-Time Recover (PITR) enables Staffparty to back up customer data automatically with per-second granularity.

Applications

Our applications are built on a secure multi-tier network environment in AWS to ensure our applications and data are protected and always accessible. Access to our infrastructure is tightly controlled and monitored.

Please contact security@staffparty.com with any questions or concerns about our vendors or technical infrastructure.

Authentication

GSuite (Google Workplace)

Authentication for all Staffparty products is handled via SSO (Google Workplace / GSuite) which ensures that your identity and credentials remain safe. Staffparty’s use of and transfer of data processed from Google Accounts adhere’s to Google API Services User Data Policy.

In some cases, there are additional permissions beyond authentication that customers can leverage in Staffparty products:

Email

We can use Gmail API's to send messages directly from the authenticated user's email account to ensure that candidates receive every email sent to them without going to their spam folder.

Scheduling

We can send calendar invitations directly via Google's Calendar API's to help you schedule candidate interviews.

Our Team

Training

Following best practices for technical infrastructure, authentication, and integrations is not enough these days to keep your data safe.

Our team follows best-in-class training programs to ensure that everybody at Staffparty with access to customer data is well-versed in early signs of phishing attacks, social hacking, and other attempts to access internal systems and customer data.

Data Access

Only authorized employees have access to our production infrastructure and require strong authentication. We limit access to customer data to the employees who need it to provide support and troubleshooting on the customer’s behalf. Accessing customer data is done solely on an as-needed basis, and only when approved by the customer (e.g. as part of a support request), or to provide proactive support and maintenance.

Procedural Trust

Our compliance programs include a list of policies and procedures that cover core areas of security and privacy:

● Access Control Policy

● Business Continuity Plan

● Incident Response Plan

● User Privacy Policy & Terms of Service

Security Concerns

If you believe you have found a security issue, you can submit a report to security@staffparty.com