Data Privacy & GDPR Compliance

GDPR Compliance: MapRecruit is GDPR Compliant and client data protection has already been considered as part of the core system through Network & data level encryption, AWS IP based privileged / Firewall connections, etc.

Consent : We continue to process customer and end-user data per customer instructions. We Inform all the candidates/ Users through email that they have an option to access, edit or delete any personal information.
Right to Erasure: Candidates/Users can mail us at with their request to access, edit or delete data specific to a job, to an organization or to a geography. As and when any request comes, we will process the request within reasonable time.
Breach Notification: MapRecruit shall notify Customer and Customer Affiliates immediately (but in any event within forty-eight (48) hours) if there is an actual or suspected security breach leading to any actual or suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or an unauthorized access to Customer Personal Data (“Security Breach”).
Employee Confidentiality: We have instituted policies informing and obligating our employees to maintain the confidentiality of our customer information.

Data Protection

Data is securely stored in the databases in AWS (Amazon Web Services) with VPC- Virtual Private Cloud environment.

Encryption : uses a secure and approved SSL & TLS cryptographic encryption mechanisms to prevent the unauthorised disclosure or tampering of information in transmission between endpoints. Both use X.509 certificates for authentication. AWS Key Management System (KMS) uses the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM with 256-bit secret keys.
IT Security Controls : follows a Cloud based Web Application Firewall (WAF) to protect against application layer attacks. It connects to the databases on AWS with restricted access based on combination of network, strong user authentication and firewalls. AWS ASN (Autonomous System Number) are used to identify networks that present a clearly defined external routing policy to the Internet, to avoid BGP attacks. Additionally, we patch information systems with Network level, OS level, Code level, Infra level patches to keep MapRecruit secure from vulnerabilities, along with quarterly VAPT (Vulnerability Assessment & Penetration Testing).
Client Data segregation : Multi-Tenant Database architecture is maintained to host multiple clients data in single application. Each client has their own separate application. Customers have the ability to customize their own UI, users and groups, etc
ISO 27001 Certification

MapRecruit is committed to security across the platform and various processes. This is demonstrated by certifying with Internationally recognized Standards such as ISO 27001:2013.
Click here
to verify the certificate.


MapRecruit is in full compliance with General Data Protection Regulation (GDPR) and similar Data Protection Regulations like California Consumer Privacy Act (CCPA) and Personal Data Protection Act (PDPA).


This is an independent assessment of our control environment, which reports on our controls system and its suitability. The SOC 2 report is based on the AICPAs Trust Services Criteria and is issued annually.