Information Security and Compliance

Our customers trust us with their data, and we’re committed to enforcing all safeguards needed to protect your information.

A High Bar for Privacy and Security

We’re dedicated to protecting the security of your data with robust safeguards in place governing the infrastructure, data encryption and partners with independent security consulting firms for penetration testing and vulnerability assessments.

CCPA Compliant

Under the California Consumer Privacy Act (CCPA), any California consumer can request to view all information a company has saved on them along with a full list of all third parties that data is shared with. If privacy guidelines are violated, even if there is no breach, consumers have the right to sue the company. hireEZ values consumer trust and is CCPA compliant.

Learn more about CCPA--->

GDPR compliant

The GDPR is the latest data protection directive for businesses to protect the privacy of EU citizens with enhanced security provisions. hireEZ is GDPR compliant.

Learn more about GDPR--->
icon for SOC 2 Type 2

SOC 2 Type 2 certified

The SOC 2 Type 2 reports concern policies and procedures over a specified time period. For this more rigorous designation, systems must be evaluated for a minimum of six months. hireEZ’s procedures and controls have been third-party audited to validate our success in ensuring the security, availability, processing integrity and confidentiality of our customer’s information.

Learn more about SOC 2 Type 2 certified--->
icon for SOC 2 Type 2


Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.

Learn more about SOC 3--->
icon for EU-US Privacy  Shield

EU-US Privacy Shield Certified

The Privacy Shield Framework, approved by the European Union (EU) and US Government, is a recognized mechanism for complying with EU data protection requirements when transferring personal data from the European Economic Area (EEA) to the United States. Organizations participating in the Framework are deemed to provide “adequate” privacy protection of data, as required under the EU Data Protection Directive and the General Data Protection Regulation (GDPR). hireEZ is aware of the Schrems II decision. In lieu of the Schrems II decision, hireEZ relies on the Standard Contractual Clauses (SCCs) from the GDPR incorporated into its Data Processing Addendums for any data transfers from the EEA to the U.S.

Learn more about EU-US Privacy Shield certified--->
icon for OFCCP


The Office of Federal Contract Compliance (OFCCP) is a federal government organization that is responsible for ensuring that the companies working with the government are in compliance with fair employment practices. hireEZ supports record keeping standards established by OFCCP as required by our customers who are subject to this compliance. hireEZ helps the customers with their OFCCP audit by providing diversity reports that allows recruiters to gain analytical insights to their candidate pipelines. These reports provide a breakdown on the search by gender and ethnicity for candidates that they've taken an action on or engaged with on hireEZ's platform. These diversity reports from hireEZ can help a team's good faith diversity efforts in the case of an OFCCP audit, by allowing them to track and demonstrate the number of diversity searches performed and the ratio of underrepresented candidates in their pipeline.

Learn more about OFCCP--->
TRUSTe Certified Privacy Logo

TRUSTe Certified Privacy

TRUSTe Certified Privacy Logo

TrustArc GDPR Validation Letter

To the Management of HireTeamMate, Inc. dba hireEZ, formerly known as Hiretual:

TRUSTe LLC (“TRUSTe”), an independent subsidiary of TrustArc Inc (“TrustArc”) has reviewed the hireEZ platform of HireTeamMate, Inc. dba hireEZ, formerly known as Hiretual (“Organization”) as of November 4, 2022 against the 44 GDPR Privacy Practices Compliance Validation Requirements (the “Validation Requirements”) comprising the TrustArc GDPR Privacy Practices Compliance Validation. These Validation Requirements focus on practices-level measures for demonstrating that the processing of personal information conducted by HireTeamMate, Inc. dba hireEZ, formerly known as Hiretual is performed in compliance with the EU General Data Protection Regulation (GDPR). The Validation Requirements cover the following 9 areas aligned with the IMPLEMENT and DEMONSTRATE Standards set forth in the TrustArc Privacy & Data Governance (“P&DG”) Framework, for establishing, maintaining, and continually improving a GDPR-compliant privacy practices aligned with the ISO 27001 International Standard for Information Security ...

See more

Designed to Protect You

Data Center Security

hireEZ’s physical infrastructure is hosted and managed within Amazon’s secure data centers, as we utilize Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
Learn more about Amazon security:

SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)

AICPA SOC 1 icon SSAE16 Certified icon ISAE 3402 icon


AICPA SOC 2 icon


AICPA SOC 3 icon


FISMA icon DIACAP icon FedRAMP icon

DOD CSM Levels 1-5

PCI DSS Level 1

PCI DSS Compliant icon

ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018

ISO Icon 9001
ISO Icon 27001
ISO Icon 27017
ISO Icon 27018


ITAR icon

FIPS 140-2


MTCS Level 3



HITRUST Authorized CSF Assessor
Arrow pointing up

Penetration Testing and Vulnerability Assessments

Third-party security testing of hireEZ's platform is performed by independent and reputable security consulting firms including and not limited to Leviathan and BishopFox. Findings from each assessment are reviewed by the assessors, risk ranked, and assigned to the responsible team.
Arrow pointing up

Encrypted Data at Rest

The data is stored encrypted in AWS EBS volumes with snapshots backed by Amazon S3. All data at rest is encrypted using Advanced Encryption Standard (AES) 256, a symmetric-key encryption standard using 256-bit encryption keys.
Arrow pointing up

Encrypt Data in Transit

hireEZ enables HTTPS for its customer facing web-services and internal services including SSL database connections to protect sensitive data transmitted to and from applications. To access hireEZ web services, a user requires a more secure network connection using the web browser. It is mandatory to use TLS 1.2 with strict cipher suites for secure network communication and data exchange between users systems and hireEZ web services.
Arrow pointing up

Customer Data Retention and Destruction

A customer has the freedom to request for removal of their data to comply with their data retention requirements. If they do not request explicitly for data removal, then hireEZ retains the database’s storage for a period of three years, after which time it is automatically destroyed, rendering the data unrecoverable. Decommissioning hardware is managed by our infrastructure provider using a process designed to prevent customer data exposure. AWS uses the techniques detailed in NIST 800-88 (“Guidelines for Media Sanitization”) as part of the decommissioning.
Arrow pointing up

Data Backups

Application database backups for our products occur on the following frequencies: On site backups are performed daily and retained for two days in AWS us-west regions; Additional backups are taken bi-weekly, which are then stored and retained for four weeks in AWS us-east region. All backup data is encrypted using AES-256 encryption.
Arrow pointing up

Physical Security

hireEZ utilizes ISO 27001 and FISMA certified data centers managed by Amazon. AWS data centers are housed in nondescript facilities branded as AWS facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited. For additional information see:
Arrow pointing up

Data Access Control Access

At hireEZ, data access controls all infrastructure and customer’s data is granted based on principles of the least privilege and need-to-know governed by role and individual user profiles. Access Authentication at hireEZ supports SAML 2.0 and SSO integration. hireEZ utilizes MFA, AWS SSO and Okta IdP to prevent unauthorized access to the systems and application.
Arrow pointing up

Secure Development Practices

Audited and governed through SOC2 compliance, hireEZ actively monitors and applies development best practices to mitigate known vulnerability types such as those on the OWASP Top 10 Web Application Security Risks and actively monitors vulnerabilities using Lacework.
Arrow pointing up

Disaster Recovery and High Availability

hireEZ web services using AWS CloudFormation automates disaster recovery and automatically restores web applications and databases in the case of a disaster. hireEZ’s platform is designed to dynamically deploy the web-services within AWS US cloud regions, actively monitor for service failures, and recover any failed platform components including the web-services, application and database.
Arrow pointing up
Ready to make Outbound Recruiting EZ ?