- 4 Minutes to read
- 4 Minutes to read
Information security and compliance has always been at the center of Manatal’s drive for innovation. Therefore we are committed to building solutions that aim to safeguard your organization’s data all the while facilitating compliance with local and international regulations.
Your data’s security is our first priority. That is why we have worked very hard to equip Manatal with the best security measures that protect your data, ensure that access is only granted to authorized users and we go to considerable lengths to ensure all data sent through our software is handled securely. Keeping the platform and the information on it secure is fundamental to our business, and the foundation on which our customers’ trust is built upon.
As more and more sensitive data are transmitted online by businesses, cybersecurity has become a key consideration for companies. Manatal is SOC 2 Type II certified, verified by a top third-party auditor. SOC 2 Type II is one of the top security certifications for SaaS platforms, providing assurance that Manatal has an effective security program and that your data is always protected.
In an effort to promote and help align recruitment operations with international and national regulations, Manatal features a wide range of tools that support compliance with regulations such as the GDPR, CCPA, PDPA, and others. Some of these features include:
- Automate data processing consent gathering from candidates via emails
- Modify and track candidate consent status directly from a candidate’s profile
- Check the consent status of your whole candidate pool
- Modify, extract and permanently delete data when requested by candidates
- Gather data processing consent when candidates apply on your career page
- Out-of-the-box compliance reports and analytics
- Top-tier encryption and daily back-ups of system databases
- For more in-depth content on how Manatal supports compliance with specific regulations, please refer to our pages summarizing compliancies.
For any custom compliance requirements, please contact us.
Security Best Practices
We employ secure coding practices and ensure that we are at the very least protected against the OWASP Top 10 Security Risks.
Our staff is well trained and prepared to act quickly and efficiently in the case of a security incident.
When such an incident occurs, our prevention tools immediately warn our tech teams, who will, in turn, be able to solve the issue without delay.
After each incident, the protocol is updated, so that our response and intervention can be quicker next time.
Refer to our vulnerability disclosure program for more information and guidelines on how to disclose vulnerabilities.
All of Manatal’s services run in the cloud.
Manatal’s computing infrastructure is provided by Amazon Web Services, a secure cloud services platform.
Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
With the platform’s security in mind, we have architected a secure multi-tier network environment on top of our Amazon’s infrastructure to ensure that any applications or data contained within are protected and always accessible.
Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, Manatal ensures that the data it collects remains available through full daily backups, retained for 30 days and tested weekly. Manatal services have been built with disaster recovery in mind.
Manatal has an uptime of 99.9% or higher. You can check our past 90 days stats here.
All customer data is stored in the USA.
All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission.
The communication between your employees and our servers is encrypted with SSL encryption.
Only key authorized personnel in Manatal can access your data.
In order to protect your privacy, these individuals have signed a contract and agreed to never use or share the information. They access your data only when needed and strictly after receiving your authorization.
With the exception of specific demands made by yourself or your company, our staff will never sell, share or retain the data for themselves.
You will always be informed if your data is needed for specific tasks or activities, and permission to access it is yours to rescind.
You can ask us at any given time for a report of who accessed your data, when and why.
Manatal is served completely over https.
We have two-factor authentication (2FA) processes in place and strong password policies on GitHub, and AWS to ensure access to cloud services is protected.
All user passwords are securely hashed; passwords are never stored in plain text.
Permissions and Admin Controls
Manatal allows permission levels to be set for all users.
These permissions include a wide range of functions such as billing, settings, access to specific data and more.
All access to Manatal is logged and audited.
All of the Manatal applications undergo frequent white-box security assessments to catch any security bugs we may have missed.
Manatal does not store your payment details and has no access to your payment information.
All payment instrument processing is outsourced to Stripe.
Stripe has been audited by a PCI-certified auditor and is a certified Level 1 PCI Service Provider. This is the most stringent level of certification available in the payment industry. Your billing information will, therefore, be always secure.
Moreover, as our objective is to always improve our security, we periodically update our security measures. If you have a question, please do not hesitate to contact us.