Is SeekOut SOC 2 certified?

Yes. SeekOut maintains SOC 2 Type II certification, demonstrating our commitment to enterprise-grade security controls for data protection, availability, and confidentiality.

Is SeekOut GDPR compliant?

Yes. SeekOut complies with GDPR, CCPA, and other privacy regulations. We provide data processing agreements, support data subject rights requests, and maintain transparent data handling practices.

How does SeekOut protect candidate data?

SeekOut uses encryption at rest and in transit, role-based access controls, regular security audits, and continuous monitoring. Our Trust Center at trust.seekout.com provides detailed information about our security practices and certifications.

Does SeekOut support single sign-on (SSO)?

Yes. SeekOut supports enterprise SSO through SAML 2.0, integrating with identity providers like Okta, Azure AD, and OneLogin. This ensures secure, centralized authentication for your recruiting team.

Where is SeekOut data hosted?

SeekOut's infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 certified data centers in the United States. Data is encrypted at rest and in transit, with strict access controls and continuous security monitoring.

Security at SeekOut

At SeekOut, the security of our customers’ data and compliance with legal requirements are our top priorities. SeekOut is committed to earning and maintaining the trust of our customers. We design our software and business practices to protect customer data. SeekOut’s software platform and corporate policies and procedures are compliant with global standards and trusted by many Fortune 500 enterprises.

SOC 2

SeekOut is SOC 2 Type 2 certified as of June 8, 2023.

Responsible Disclosure

If you are a security researcher who has found a vulnerability on our site, please let us know by joining our HackerOne program.

Cloud Security

SeekOut’s services run on Microsoft Azure, which has more certifications than any other cloud provider including SOC 2, ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA and IRS 1075. MFA is enforced for all employee access.

Data Access

Access to customer data is provided to SeekOut employees on a need-to-know basis. For example, SeekOut Customer Success Team can only access customer data when necessary to investigate and resolve a customer issue and only after receiving approval from the customer to do so. We review our access policies and access rights to our systems at least quarterly.

Client Data Usage

Client data is only used to deliver the service to the client. SeekOut does not test its software with customer data. It does not use client data to enhance its own data to offer to other clients. It does not sell client data to other third parties. SeekOut uses Azure AI Services for our platform. SeekOut is compliant with ISO/IEC: 42001:2023 and ISO/IEC: 23894:2023. SeekOut does not use any client data to train our AI models.

Confidentiality

All SeekOut team members are required to sign an agreement that protects the security and privacy of our customers.

Data Encryption

All customer data is encrypted in transit and at rest. The SeekOut service can only be accessed by secure HTTPS connection and all customer data is encrypted using AES-256. The encryption keys are managed by Microsoft Azure.

Customer Access Control

SeekOut never stores or transmits user passwords as plain text. We utilize Bcrypt, an industry standard for password hashing. For customers who want unified access control, SeekOut supports SAML-based Single Sign-On provisioning systems.

Backup

All SeekOut data is backed up daily. Those backups are geographically distributed and can be recovered quickly. SeekOut has never lost any customer data.

Physical Security

SeekOut is entirely hosted on Microsoft Azure servers which are architected to the highest security standards and SOC 2 Type 2 Certified. No customer data is stored at SeekOut offices.

Team Access Control

SeekOut has a formal Access Control policy which includes role-based access to all resources and unique ID for all team members. In addition, we have standards for role-based security, password strength and change frequency enforcement, and protections against brute force login attempts.

Incident Response and Notification

We have never had a security breach. If we were to suffer a security breach or other event that compromises the integrity of customer data, we would notify all affected customers within 24 hours.

Security Awareness Training

All employees receive comprehensive Security Awareness Training annually and at hire.

Network Monitoring and Protection

SeekOut monitors and responds to all security events, reviews firewall rules and monitors for attacks. We monitor service availability and performance.

Penetration Testing

At least annually, a third party performs penetration testing of SeekOut’s cloud environment, web applications, and network configuration. We run monthly vulnerability scans against our webapps and networks. We have an active HackerOne program.

Disaster Recovery and Business Continuity

SeekOut has a business continuity and disaster recovery plan and tests the plan annually. Most data is geographically replicated to enhance webapp performance and recovery during a disaster.

Integration with Your Systems

We protect your information as it is transmitted between systems. SeekOut integrates seamlessly with your applicant tracking system (ATS) without compromising the security of your data. Communication through ATS partner APIs is HTTPS encrypted using TLS 1.2+. The connection is encrypted and authenticated using AES-256 encryption.

Privacy Compliance

SeekOut has a robust compliance function that is focused on privacy laws both in the United States and internationally. To learn more about our privacy practices please visit our Privacy Policy. To request removal of your public data from SeekOut, please submit a request via our Privacy Choices Portal.

Data Protection Officer

SeekOut has an appointed Data Protection Officer who is responsible for documentation and implementation of our Data Protection policies and procedures.

EEOC and OFCCP Compliance

For customers who require Office of Federal Contract Compliance Programs (OFCCP) compliance monitoring, SeekOut can meet standards for OFCCP record keeping and reporting. SeekOut has many customers who are federal contractors.

Visit our Trust Center