How we protect your data

All OAuth tokens, API keys, and integration credentials are encrypted using AES-256-GCM before being written to disk. The encryption key is stored separately in environment secrets — never in the database or source code.

Our database runs on Supabase (PostgreSQL), which encrypts all data at rest using AES-256 at the storage layer. Data in transit is protected by TLS 1.2 or higher on all connections.

RecruiterHQ never asks for your Google password. Email and calendar access is handled through Nylas, a Google-verified OAuth proxy. When you connect Gmail, you are redirected to Google's own sign-in screen and grant consent directly to Google. Nylas acts as an intermediary that holds an OAuth token on our behalf — we never see your credentials.

The OAuth scopes requested are limited to what is strictly necessary: reading emails, sending replies, and modifying labels. We do not request access to Drive, Contacts, or any Google service beyond Mail and Calendar.

You can revoke RecruiterHQ's access at any time from Google Account → Security → Third-party apps with account access. Revoking access immediately invalidates the OAuth token.

Nylas is certified under SOC 2 Type II and participates in Google's Partner Program. Using Nylas avoids the need for RecruiterHQ to undergo Google's CASA (Cloud Application Security Assessment) — a £12,000–£60,000 annual audit — which would otherwise be required for direct restricted-scope Gmail access.

RecruiterHQ receives real-time events from Nylas (email arrivals) and Greenhouse (pipeline changes) via webhooks. Every incoming webhook request is authenticated using HMAC signature verification. Requests without a valid signature are rejected with HTTP 401 before any payload is processed. Shared secrets are stored in environment variables and are never exposed in logs or error messages.

Email subjects and a short body snippet (up to 500 characters) are sent to the Anthropic API for classification into one of six categories: Candidate, Hiring Manager, Interview, Agency, System, or Noise. This classification runs asynchronously after email sync.

Anthropic does not retain input data for model training. Inputs sent to the API are processed and discarded. This is governed by Anthropic's API Data Usage Policy.

We use Claude Haiku — the smallest, fastest model — for classification. Full email bodies are never sent; only the minimum context needed to categorise the message.

RecruiterHQ is a data processor. You (the recruiter) are the data controller. Candidates whose information appears in the dashboard are data subjects. We process personal data on your behalf and in accordance with your instructions.

RecruiterHQ uses the following third-party sub-processors to deliver the service. Each is bound by a data processing agreement.

If you discover a security vulnerability in RecruiterHQ, please report it responsibly by emailing security@recruiterhq.io. We aim to respond to all security reports within 48 hours. Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and remediate.