Security & privacy

Your candidates' data encrypted, never sold, never shared — without hiring a privacy lawyer.

Q: Who can I email about a security concern?

hello@bkkstaff.com — we'll triage within 24 hours.

Candidate data is encrypted at rest and in transit, scoped per employer, and never shared with other employers. Bounce and unsubscribe handling is automatic. Compliance basics are built in so a complaint never lands on your desk.

01

Candidate data, scoped per employer.

Applicants belong to your account. We never share candidate data with other employers. Candidates can opt-in to platform-wide future-job notifications, but it's off by default.

02

Encrypted at rest and in transit.

TLS 1.2+ everywhere on the wire. Data encrypted at rest with AES-256. Hosted on cloud infrastructure with SOC 2 Type II foundations.

03

Email compliance, automatic.

RFC 8058 List-Unsubscribe headers. Opt-in tracking. Automatic suppression of bounces and complaints. Signed action tokens (30-day expiry, idempotent). Standard.

Data retention

What we keep, why, and for how long.

Active applicants

Kept indefinitely while you have an active employer account. Past applicants form your talent pool — quietly notify them when a relevant role opens.

Bounced or unsubscribed addresses

Suppression list is kept indefinitely so we don't accidentally email someone who opted out. We never re-mail a suppressed address.

Closed accounts

When you close your employer account, candidate data is anonymised within 90 days. Backups expire on standard cycles.

Candidate "delete me" requests

Candidates can request deletion via the unsubscribe link in any email. We honour the request within 30 days — across every employer that has ever held their record.

What we don't do

The things you don't have to ask about.

✕ We never sell candidate data — to recruiters, to advertisers, to anyone.
✕ We never let one employer see another employer's candidates.
✕ We never use protected characteristics (age, gender, ethnicity, religion, disability) as scoring criteria.
✕ We never share candidate scores with the candidate. They never see how they were rated.
✕ We never train models on your candidate data without explicit opt-in.

Questions

The hard ones.

Are you SOC 2 / GDPR / CCPA compliant? +

We follow SOC 2 Type II practices but are not yet certified — that's on the roadmap. GDPR and CCPA: candidates have the right to access, correct, and delete their data; built-in unsubscribe and suppression handle the operational side.

Where is candidate data stored? +

Primary infrastructure is in US/EU regions. We can discuss specific data residency requirements for regulated industries.

Can a candidate ask to be removed from my pool? +

Yes, and they often do. The unsubscribe link in any email handles it. Your dashboard reflects the change automatically.

Who can I email about a security concern? +

[email protected] — we'll triage within 24 hours.

Stop reading resumes. Start interviewing the right people.

Post your first job free. We'll have a vetted shortlist of 5 in your inbox tomorrow morning.

Post your first job free

ไม่ต้องใช้บัตรเครดิต
·
ระยะเวลาการโพสต์ 30 วัน
·
คืนเงินภายใน 7 วันหากไม่มีผู้สมัครเลย