Security
GetSmartHire is designed around strict role separation, company-level data boundaries, and operational visibility for recruitment workflows.
Last updated: May 1, 2026
Access controls
Platform admins, company admin recruiters, and recruiters have separate permissions. Recruiters can only access data allowed by company and ownership rules. Platform admins do not belong to a company.
Company isolation
Recruiter endpoints enforce company scoping. Admin recruiters can manage company-wide recruitment data, while recruiters are limited to jobs and candidates they own.
Sensitive data protection
SMTP passwords, AI API keys, Stripe keys, quiz tokens, and authentication secrets must not be exposed in API responses, frontend code, or logs.
Resume and candidate data
Resumes are accessed through permission-checked endpoints. Candidate profiles, raw resume text, quiz answers, interview details, and logs should be handled according to customer retention and privacy obligations.
Third-party providers
Stripe may process payment data, SMTP or Brevo-style providers may deliver emails, and Gemini or OpenAI may process selected resume or job text when AI features are configured.
Monitoring and logs
Application logs and activity logs help platform admins monitor system events, settings updates, email failures, AI service issues, recruiter actions, and subscription changes.
Reporting security concerns
Report suspected vulnerabilities, unauthorized access, or data exposure concerns to contact@getsmarthire.com. Include enough detail for the team to investigate safely.
Need help from the GetSmartHire team?
Tell us about your hiring workflow, team size, and questions. We will help you find the right setup.