Security Overview

1Our Security Commitment

Security is foundational to ZeaHire. We design our infrastructure, processes, and policies with a security-first mindset to protect the sensitive candidate and organisational data that enterprises entrust to us. We align with SOC 2 Type II, ISO 27001, and GDPR standards.

2Data Encryption

• Data at rest: AES-256 encryption for all stored data including candidate records, interview recordings, and assessments.
• Data in transit: TLS 1.3 enforced for all communications between clients and our servers.
• Database encryption: Column-level encryption for PII fields including names, emails, and contact details.
• BYOK Support: Bring Your Own Key encryption available for enterprise customers requiring key ownership.

3Infrastructure Security

• Hosted on ISO 27001-certified cloud infrastructure with regional data residency options.
• Network segmentation with private VPCs, WAF, and DDoS protection.
• Automated vulnerability scanning and penetration testing conducted quarterly.
• Immutable audit logs for all data access and administrative actions.
• Zero-trust network architecture with least-privilege access controls.

4Access Controls

• Role-based access control (RBAC) with granular permission management.
• Multi-factor authentication (MFA) enforced for all platform accounts.
• Single Sign-On (SSO) integration via SAML 2.0 and OpenID Connect.
• Session management with automatic timeout after inactivity.
• IP allowlisting available for enterprise deployments.

5Application Security

• Secure software development lifecycle (SSDLC) with security reviews at every stage.
• OWASP Top 10 vulnerability assessments for all code releases.
• Dependency scanning and automated patch management.
• Input validation and parameterised queries to prevent injection attacks.
• Content Security Policy (CSP) headers and XSS protections.

6AI Model Security

• AI models are trained on curated, consent-cleared datasets.
• Regular bias audits to ensure fair and equitable scoring across demographic groups.
• Model outputs are explainable — every score comes with a human-readable rationale.
• Candidate data is never used to train models without explicit consent.
• Adversarial input testing to prevent prompt injection and model manipulation.

7Compliance Frameworks

• GDPR: EU/UK General Data Protection Regulation compliant with DPA agreements available.
• PDPA: Malaysia Personal Data Protection Act compliant.
• SOC 2 Type II: Annual audit against AICPA Trust Service Criteria.
• ISO 27001: Information security management system alignment.
• CCPA: California Consumer Privacy Act compliance for US customers.

8Incident Response

We maintain a 24/7 security operations capability. In the event of a data breach, we commit to notifying affected customers within 72 hours in line with GDPR requirements. We conduct post-incident reviews and publish remediation reports to impacted customers.

9Deployment Options

• Cloud SaaS: Multi-tenant hosted on our managed infrastructure with full security controls.
• Private Cloud: Dedicated single-tenant environment in your preferred cloud region.
• On-Premise: Full installation within your own data centre or private cloud environment.
• Hybrid: Flexible model combining cloud-hosted services with on-premise data storage.

10Security Reviews and Audits

Enterprise customers may request security documentation including our SOC 2 report, penetration test executive summaries, and Data Processing Agreements under NDA. Contact our security team at security@zealogics.com to initiate a security review.

11Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please report it to security@zealogics.com with details of the vulnerability. We commit to acknowledging reports within 48 hours and working with you to resolve confirmed issues.