Security
Enterprise-grade security built into every layer of Aram. Because recruitment data is sensitive data.
All data stored in our databases is encrypted using AES-256. Encryption keys are managed via cloud KMS with automatic rotation.
All connections use TLS 1.3. HTTP Strict Transport Security (HSTS) is enforced across all endpoints.
Each organization's data is logically isolated at the database level. Row-level security policies prevent cross-tenant data access.
Passwords are hashed with bcrypt. Enterprise plans support SAML 2.0 SSO with Okta, Azure AD, and Google Workspace.
Fine-grained RBAC with predefined roles (Admin, HR Manager, Interviewer, Viewer) and custom role support on Enterprise plans.
Comprehensive audit trail for all user actions: logins, data access, configuration changes, and API calls. Retained for 1 year.
Hosted on AWS/Azure with VPC isolation, private subnets, and WAF protection. Regular penetration testing by third-party firms.
Automated daily backups with point-in-time recovery. Backups are encrypted and stored in a separate geographic region.
Working toward SOC 2 Type II certification. GDPR compliant. Follows India's Digital Personal Data Protection (DPDP) Act guidelines.
If you discover a security vulnerability, please report it responsibly to [email protected]. We take all reports seriously and will respond within 24 hours.
Resume Scan should do one thing well: accept the resume and JD, run the scan properly, and return the scoring result without forcing a broader product story.