Toppick.io
Security & Privacy

Security & Privacy

Enterprise-grade security designed to protect your most sensitive HR data.

🛡️ Infrastructure Security

Our platform is built on a "Security by Design" architecture, utilizing global leaders in cybersecurity to ensure resilience and uptime.

Cloudflare Protection

We operate behind Cloudflare's global network, neutralizing Layer 3, 4, and 7 DDoS attacks before they reach our servers.

Web Application Firewall (WAF)

Custom firewall rules actively block malicious traffic, including SQL Injection and XSS attempts.

Network Isolation

Critical databases and internal services are isolated within a private Docker network and protected by strict UFW firewalls, inaccessible to the public internet.

🔒 Data Encryption

Your data is protected by bank-grade encryption standards at every stage of its lifecycle.

Data in Transit

All data moving between your browser and our servers is encrypted via TLS 1.2+ (supporting TLS 1.3).

Data at Rest

Data stored in our cloud environment is automatically encrypted using the AES-256 standard.

🤖 AI Privacy & No-Training Guarantee

We leverage Artificial Intelligence to empower your hiring, not to exploit your data.

No-Training Policy

We utilize Google Vertex AI (Enterprise). Your video interviews and candidate data are NEVER used to train or improve our or Google's artificial intelligence models.

Transient Storage Architecture

Raw video files are processed in a stateless environment. Once the analysis is generated, the video data is automatically deleted from our processing servers. We do not retain raw video data longer than necessary.

Data Ownership

You retain 100% ownership of your candidate data, transcripts, and analysis reports.

✅ Compliance & Controls

Our infrastructure meets the highest international standards.

Certifications

Our infrastructure runs on Google Cloud Platform, which is compliant with ISO/IEC 27001, SOC 2 Type II, and GDPR standards.

Regular Audits

Our system undergoes rigorous security audits. All critical API endpoints are verified to prevent unauthorized access.

Access Control

We enforce strict Role-Based Access Control (RBAC). Sensitive modules like User Management and Subscriptions are restricted to Administrators only.

Certified & Verified

ISO 27001
ISO/IEC 27001
SOC 2 Type II
SOC 2 Type II
GDPR Compliant
GDPR Compliant
SSL/TLS 1.3
SSL/TLS 1.3

Our platform runs on Google Cloud Platform infrastructure

Your data is in safe hands

Contact us to learn more about our platform or to schedule a demo.

Return to Homepage