Vitae handles candidate data, personal information, and sometimes salary and right-to-work documents. We treat security as a first-class product surface, not a checkbox.
The controls behind the certifications. Plain language, no marketing hand-waving.
All data encrypted at rest with AES-256 and in transit with TLS 1.3. Key rotation policies aligned with industry best practice.
EU and US regions available. Pinned to your chosen region for the lifetime of your workspace. Enterprise customers can request specific zones.
Every read and write is logged with actor, timestamp, and payload. Retention is 12 months by default, longer on request.
SSO via Okta, Google Workspace, Microsoft Entra ID, and any SAML 2.0 provider. Available on Scale tier and above.
Per-workspace, per-pipeline, per-record access control. Define what each role can see and change. Admin override on every action.
Complete candidate data deletion on request, with verifiable proof. GDPR Article 17 compliant by default.
We run a private bug bounty program. Email hello@vitae.ai with a description and reproduction steps. Acknowledged within 24 hours, triaged within 72.
Answers to the questions buyers, infosec, and procurement teams ask before signing.
GDPR by default. SOC 2 in progress. Encryption, audit logs, and data residency on every plan.