Data Privacy & GDPR Compliance
MapRecruit is GDPR Compliant and client data protection has
already been considered as part of
the core system through Network & data level encryption, AWS IP based privileged / Firewall
We continue to process customer and end-user data per customer instructions. We Inform all
the candidates/ Users through email that they have an option to access, edit or delete any
Right to Erasure:
Candidates/Users can mail us at firstname.lastname@example.org with their request to access, edit or
delete data specific to a job, to an organization or to a geography. As and when any request
comes, we will process the request within reasonable time.
MapRecruit shall notify Customer and Customer Affiliates immediately (but in any event
forty-eight (48) hours) if there is an actual or suspected security breach leading to any
actual or suspected accidental or unlawful destruction, loss, alteration, unauthorized
disclosure of, or an unauthorized access to Customer Personal Data (“Security Breach”).
We have instituted policies informing and obligating our employees to maintain the
confidentiality of our customer information.
Data is securely stored in the databases in AWS (Amazon Web Services) with VPC- Virtual Private
MapRecruit.ai uses a secure and approved SSL & TLS cryptographic encryption mechanisms to
prevent the unauthorised disclosure or tampering of information in transmission between
endpoints. Both use X.509 certificates for authentication. AWS Key Management System (KMS)
uses the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as
AES-GCM with 256-bit secret keys.
IT Security Controls :
MapRecruit.ai follows a Cloud based Web Application Firewall (WAF) to protect against
application layer attacks. It connects to the databases on AWS with restricted access based
on combination of network, strong user authentication and firewalls. AWS ASN (Autonomous
System Number) are used to identify networks that present a clearly defined external routing
policy to the Internet, to avoid BGP attacks. Additionally, we patch information systems
with Network level, OS level, Code level, Infra level patches to keep MapRecruit secure from
vulnerabilities, along with quarterly VAPT (Vulnerability Assessment & Penetration Testing).
Client Data segregation :
Multi-Tenant Database architecture is maintained to host multiple clients data in
application. Each client has their own separate application. Customers have the ability to
customize their own UI, users and groups, etc