Security

Security built into the foundation, not bolted on.

Most recruiting platforms retrofit compliance after a breach. Neuradesk Hire was built in India after DPDP came into force, so security is the foundation, not the afterthought. Here is the full picture, in plain language.

Encryption everywhere

Data encrypted at rest with AES-256. Data encrypted in transit with TLS 1.3. No plaintext recordings, no plaintext audit logs.

Multi-tenant Postgres RLS

Row-level security enforced at the database layer with FORCE RLS on every shared table. A bug in our application code cannot leak one organization's candidates to another. Verified with a runtime drift detector.

HMAC-signed audit chain

Every action (consent, recording, scorecard, decision) is HMAC-signed and chained to the previous entry's hash. Tampering breaks the chain forward and is mechanically detectable.

SAML SSO + MFA

Enterprise tier ships SAML 2.0 SSO with Okta, Microsoft Entra, Google Workspace, and SCIM provisioning. MFA required by default; admin can enforce hardware-key-only on sensitive surfaces.

DPDP §8(8) safeguards

We meet India's Digital Personal Data Protection Act §8(8) reasonable security obligations: access control, encryption, audit, breach notification, retention controls, and DPO escalation paths.

Breach notification commitment

If we detect a breach affecting your data, we notify you within 72 hours per DPDP §11 with the impact scope, root cause analysis, and remediation plan. We test this drill quarterly.

Compliance roadmap

DPDP 2023: compliant from day one. Not a roadmap item.
SOC 2 Type II: in progress, audit window opens Q3 2026, expected report Q1 2027.
ISO 27001: planned after SOC 2 closes, customer-driven (Enterprise customers can accelerate via CSM).
CERT-In SBOM compliance: internal SBOM tracking active; external attestation aligned with Indian regulator timelines.

Reporting a vulnerability

We run a coordinated disclosure program. Send security findings to security@neuradeskai.com with reproduction steps. We acknowledge within 48 hours, triage within 5 business days, and disclose post-fix with credit to the researcher (per their preference).

We do not currently run a paid bounty program but offer Neuradesk Hire credits and public acknowledgment.

Enterprise security review packet

Enterprise prospects can request our full security review packet: architecture diagrams, sub-processor list, DPA template, breach notification SLA, encryption inventory, RLS verification logs, and recent pen-test scope. Email sales@neuradeskai.com and we ship it within 1 business day.

Built for India, ready for your audit

DPDP-compliant by default. Tamper-evident audit chain on every tier. Start free, scale to Enterprise.

Start hiring free