logo

Our Security Commitment

Scrini AI is built for enterprise recruitment where confidentiality and integrity of data are paramount. We adhere to industry-leading standards (SOC 2 Type II, ISO 27001 alignment) to ensure every layer—application, infrastructure, people, and process—meets rigorous security requirements.

Technical Safeguards

  • Encryption – TLS 1.3 in transit, AES-256 at rest (AWS KMS).
  • Network isolation – private VPCs, security groups, WAF, zero-trust ingress.
  • Role-based access – SSO/SAML 2.0, SCIM provisioning, least-privilege policies.
  • Secrets management – Hardware-backed vault; no plaintext keys in code.
  • Daily backups – geo-replicated, 35-day retention, point-in-time restore.

Organisational Controls

  • • Mandatory security & privacy training for all employees.
  • • Background checks for staff with production access.
  • • Signed confidentiality agreements and clear off-boarding revocation.

Monitoring & Testing

  • • Continuous log aggregation & anomaly detection (SIEM).
  • • Automated vulnerability scans on every build & weekly dependency checks.
  • • Annual third-party penetration tests—executive summary available under NDA.

Approved Sub-Processors

We only engage vendors that meet or exceed our security requirements. Key providers:

  • • Amazon Web Services (AWS) – primary hosting.
  • • Google Cloud – analytics.
  • • Twilio & ElevenLabs – voice/video services.

Incident Response

We maintain a 24 × 7 on-call rotation and follow a documented incident-response plan: detect → contain → eradicate → recover → post-mortem. Clients are notified of any data breach within 72 hours, including scope, impact, and remediation steps.

Customer-Configurable Controls

  • • IP allow-listing & session timeout settings.
  • • Field-level access control for candidate data.
  • • Webhook signing & audit-log exports.

Questions & Reports

Security questions or vulnerability reports? Contact our Security team at support@scrini.ai.