Enterprise-grade protection
for your recruitment data
Built on EU Poland and US Central infrastructure. Engineered for compliance. Designed to meet the rigorous standards of regulated industries — from healthcare to finance.
Transparent practices, honest commitments, and a clear roadmap. Here is exactly how we protect your data.
Encryption at Every Layer
All data is encrypted both in transit and at rest. There are no unencrypted pathways in Treegarden's production environment.
In Transit
- All connections secured with TLS 1.2 and TLS 1.3. Legacy protocols (SSL 3.0, TLS 1.0/1.1) are permanently disabled.
- HTTPS enforced across all endpoints. HTTP Strict Transport Security (HSTS) headers prevent protocol downgrade attacks.
- Certificates issued with automated renewal and short certificate lifetimes.
At Rest
- All stored data — candidate records, CVs, attachments, database dumps — encrypted using AES-256.
- Sensitive fields receive additional encryption at the database layer, in addition to full-disk encryption on underlying storage volumes.
- File uploads (CVs, documents) validated, sanitised, and stored on encrypted volumes with strict access controls.
Key Management
- Encryption keys are managed separately from the data they protect, with restricted access and documented rotation policies.
- Application-level secrets (API credentials, database keys, service tokens) are stored in environment-specific configuration with restricted permissions. Secrets are never committed to version control or exposed in logs.
Granular Access Control & Secure Authentication
Role-Based Access Control (RBAC)
Treegarden enforces five distinct user roles, each scoped to the minimum permissions required for its function. Users can only access data belonging to their own organisation — cross-tenant access is prevented by design and validated on every request.
| Role | Access Scope |
|---|---|
| HR Manager | Full recruitment and HR module access; user management within the organisation |
| Recruiter | Job management, candidate pipeline, interview scheduling for assigned roles |
| Hiring Manager | View and evaluate candidates for assigned jobs; provide interview feedback |
| External Collaborator | Limited view of specific candidates or jobs explicitly shared by the organisation |
Authentication
- Multi-Factor Authentication (MFA): MFA is supported to add a second layer of protection beyond passwords.
- Current SSO: Federated login available today via Google OAuth and LinkedIn OAuth.
- Credential security: Passwords hashed using an industry-standard adaptive algorithm. Plaintext passwords are never stored or logged.
- Session management: Secure, HTTP-only cookies with SameSite protections. Sessions expire on inactivity. Server-side invalidation on logout.
Enterprise SSO — On Roadmap: SAML 2.0 and Azure Entra ID (formerly Azure AD) integration is in active development, enabling centralised identity management, provisioning, and enforcement of your organisation's existing authentication policies. We are happy to discuss your specific Entra/SAML requirements as part of an enterprise engagement. Contact [email protected].
GDPR Compliance & Data Privacy
Treegarden is fully GDPR-compliant, built from the ground up to meet EU data protection obligations as both a data processor and controller where applicable.
- Data Processing Agreement (DPA): A DPA is available on request to support your compliance and procurement processes. It includes detailed Technical and Organisational Measures (Annex B) and a complete sub-processor list (Annex C).
- Right to erasure: Candidates and customers can exercise their right to be forgotten. Data is permanently deleted upon validated request in line with GDPR Article 17, within 30 days.
- Data minimisation: We collect and retain only the data necessary to deliver the service. Defined data retention policies apply automated cleanup of records beyond their retention window.
- Configurable retention periods: You can align Treegarden's retention settings with your own internal data governance and regulatory requirements.
- Data export: Customers may request a full machine-readable export of their data at any time during their subscription or post-termination retention period.
- DPIAs: Data Protection Impact Assessments are conducted for high-risk processing activities. Records of processing activities are maintained per GDPR Article 30.
- International transfers: Where data is processed by US-based sub-processors, EU Standard Contractual Clauses with the UK Approved Addendum apply. Full transfer mechanisms are documented in the DPA.
Incident Response & Breach Notification
Treegarden maintains a documented incident response plan covering identification, containment, eradication, recovery, and post-incident review. Key commitments:
- 72-hour breach notification: In the event of a personal data breach, Treegarden will notify affected customers without undue delay and within 72 hours, in accordance with GDPR Article 33.
- Supervisory authority reporting: Where required, breaches are reported to the Information Commissioner's Office (ICO) within the 72-hour window.
- Root cause analysis: Every security incident is followed by a root cause analysis and remediation plan to prevent recurrence.
- Post-incident review: Lessons learned are documented and incorporated into security controls, training materials, and operational procedures.
Severity Levels
| Priority | Condition | Response |
|---|---|---|
| P0 Critical | Active breach or full service outage | Immediate all-hands response; customer notification within 24 hours |
| P1 High | Significant security or availability impact | Urgent remediation; customer notification within 72 hours |
| P2 Medium | Limited-scope issue with a workaround | Scheduled remediation within current sprint |
| P3 Low | Minor issue, no material security or availability impact | Triaged and addressed in standard release cycle |
Proactive Vulnerability Management
Dependency Scanning
- Server-side and client-side dependencies are scanned regularly for known vulnerabilities.
- We track upstream security advisories for our framework and third-party libraries, applying security patches promptly.
- Critical and high-severity vulnerabilities are addressed within the current development cycle. Emergency patches for actively exploited vulnerabilities are applied within 24 hours.
Application Security
- Code review: All changes affecting authentication, authorisation, data access, or file handling undergo security-focused peer review.
- Automated scanning: Security scanning integrated into the development pipeline to catch known issues before production.
- Input validation: Parameterised queries throughout the data-access layer. All user input validated server-side. Strict type and format checks on every endpoint.
- File upload controls: Uploaded files validated against an allowlist of permitted types. Archive formats that may conceal malicious payloads are rejected. Files stored outside the web-accessible directory.
- Hardening: Path traversal protection, strict file-type validation, and command execution timeout controls on all processing operations.
Responsible Disclosure
We welcome reports from security researchers. Vulnerabilities can be disclosed responsibly via [email protected]. Include steps to reproduce and allow reasonable time for investigation before public disclosure. Treegarden will not pursue legal action against researchers acting in good faith. Our machine-readable security contact is published at /.well-known/security.txt.
Backups & Disaster Recovery
- Daily automated backups of all production databases and customer data, performed on a scheduled cadence with no manual intervention required.
- 30-day retention of backups, enabling point-in-time recovery within the full retention window.
- Backups are stored on geo-redundant EU infrastructure, isolated from the primary production environment, and encrypted before transfer.
- Recovery testing: Backup restoration procedures are periodically validated to confirm data recoverability and measure recovery time.
- Redundancy: Critical components are designed with redundancy to minimise single points of failure. Uptime targets are published in the Service Level Policy.
Recovery targets (RTO/RPO): We maintain defined Recovery Time Objective and Recovery Point Objective targets to bound data loss and downtime in a recovery scenario. Specific RTO/RPO commitments can be detailed under an enterprise agreement — contact [email protected] to discuss your requirements.
Compliance & Certifications
We commit to honesty about our certification status: where a standard is in progress, we say so explicitly. We do not claim certifications we have not earned.
| Framework | Status | Notes |
|---|---|---|
| GDPR (EU Regulation 2016/679) | Confirmed | Architecture, hosting, and processes fully aligned. DPA available. |
| UK GDPR & Data Protection Act 2018 | Confirmed | Treegarden acts as data processor. SCCs + UK Approved Addendum applied. |
| Responsible Disclosure Policy | Live | Published and machine-readable at /.well-known/security.txt. |
| ISO 27001 | Aligned | Security programme follows ISO 27001 controls. Treegarden-level certification under evaluation. Data centres in EU Poland and US Central are ISO 27001-certified facilities. |
| SOC 2 Type II | In Progress | Planned as part of enterprise readiness roadmap. Not currently attested — we will not represent it as complete until independently verified. |
Request Our Security Documentation
Evaluating Treegarden for your organisation? Our security team is ready to support your review. We work directly with your IT and security stakeholders.
- Data Processing Agreement (DPA) with full technical and organisational measures
- Architecture overview and infrastructure documentation
- Custom security questionnaire responses (vendor risk assessments)
- Enterprise SSO (SAML 2.0 / Azure Entra ID) implementation discussion
We typically respond to security inquiries within two business days. For incident reporting, mark your email URGENT in the subject line.