Flo Recruit is audited for SOC 2 Type II compliance annually and partners with Vanta for continuous monitoring
Hosted on AWS exclusively in the U.S. with SOC 1, SOC 2 and ISO 27001 certified data centers, monitored 24/7
Secure data encryption in-transit and at rest using AES 256-bit
Multi-factor authentication (MFA) can be enabled for admin users across your account. SSO can also be configured for admin users with industry leading connection providers (SAML, Microsoft Azure, ADFS, and Okta Workforce).
All users with a login must follow complex password requirements, and cryptographic keys are all encrypted in line with industry standards (Bcrypt and AES 256).
Admin users access the platform via their unique login credentials. Non-admin users access the platform via unique, one-time access links (verified using their email) and are not able to view or edit information about other users. Internal employees at Flo Recruit follow a Rules Based Access Control (RBAC) policy.
Historical and current uptime and status can be viewed on our status page, which provides the most up-to-date information.
Flo Recruit does not sell user data to third parties.
Our platform is hosted on AWS. All data is stored in the U.S. on AWS, and we utilize multiple availability zones for additional redundancies. Flo Recruit utilizes a multi-tenant environment.
Flo Recruit is entirely cloud-based and requires no on-premise hardware or installation. Our platform will not actively pull any data from your internal systems/databases unless configured to do so via custom integrations during implementation.
AWS provides security and system event and log data, as well as network data flow logs.
Flo Recruit uses AWS Guard Duty as well as conducts regular penetration testing via a verified third-party vendor.
All data sent to or from Flo Recruit is encrypted in transit using AES 256 bit encryption, as well as at rest using the same protection.
Flo Recruit is continuously monitored for compliance under our successful SOC 2 Type II Report across all Engineering and HR/Operations facets.
We conduct background checks on all new employees in accordance with local laws, including employment verification and criminal checks. Employment contracts include confidentiality provisions.
All employees undergo annual security and awareness training and are monitored for device compliance. Employees also review company-wide IT Security policies, which are updated annually.
Flo Recruit has separate Incident Response and Business Continuity procedures that are tested regularly.