Security and Trust

Last Updated: February 10th, 2026

1. Introduction

At TalentRewire, we are committed to maintaining the trust and confidence of our customers. This document outlines the specific data we collect, why we process it, the third-party partners we utilize, and the robust security controls we are implementing to ensure your information remains safe.

2. Data Processing: What & Why

We process data for two distinct purposes: to manage our business relationships and to operate our platform effectively.

Business Operations & CRM

For our internal business purposes, we process the following contact information:

  • Data Points: Names, email addresses, and general contact information.

  • Purpose: To manage communications, facilitate sales, and provide support.

  • Controls: You may receive automated emails from our system; however, every automated communication includes a direct link to opt-out.

Website Monitoring

Purpose: We monitor visits to our website to analyze user behavior for site improvements and to identify potential interest for sales follow-up.

Platform Data

Within the Talent Rewire application, the data processing is focused on organizational metrics rather than individual personal data.

  • Data Points: Roles within your organization, headcounts, and typical salary bands.

  • Privacy Note: We do not process detailed Personally Identifiable Information (PII) within the core platform analytics logic.

3. Sub-Processors & Infrastructure

We utilize best-in-class infrastructure providers and software tools to deliver our service. Below is a list of third-party processors we use, where they are located, and their compliance standards.

Below is a list of third-party processors we use, where they are located, and their compliance standards.

4. Security Practices & Compliance Roadmap

We are committed to enterprise-grade security. We are currently in the implementation phase of our SOC 2 Type II compliance journey.

  • Security Management: We are implementing an Information Security Management System (ISMS) to ensure the continuous safety of information.

  • Audit Partner: We have partnered with Vanta to automate our security monitoring.

  • Timeline: We are actively working towards attestation with a target completion window of 9–12 months.

  • Current Status: In the interim, we rely on the certified security protections inherited from our infrastructure providers (GCP and Neo4j), both of which are fully ISO 27001 and SOC 2 compliant.

5. Security & Privacy FAQ

AI Model Training & Data Isolation

Will my organization’s data be used to train your general AI models?

No. We strictly isolate customer data. The information you upload (roles, salaries, headcount) and the recommendations we generate are specific to your organization. Your data is never used to train our foundational models, nor is it ever shared with or used to improve recommendations for other customers.

Is my data separated from other customers?

Yes. We employ strict logical separation of data. Your organization's data is isolated within our database architecture, ensuring that no other tenant can access your information.

Infrastructure & Encryption

How is my data secured in transit and at rest?

We utilize industry-standard encryption protocols for all data:

  • At Rest: Data is stored in Neo4j Aura (hosted on Google Cloud Platform) and is encrypted using AES-256.

  • In Transit: All data moving between your browser and our servers is encrypted via HTTPS using TLS 1.2+ (256-bit encryption).

Where is my data hosted?

Our infrastructure is built on Google Cloud Platform (GCP) and Neo4j Aura, utilising US data centres. Both providers are industry leaders in security and compliance.

Access Control & Authentication

Who at your company can see my salary and headcount data?

We follow the Principle of Least Privilege. General staff do not have access to customer data. Access to the production database is restricted to a limited number of senior engineering personnel and is granted only when strictly necessary for maintenance or support purposes.

How do users log in? Do you support SSO?

We support Single Sign-On (SSO) via Google and Microsoft (OAuth). We strongly recommend using these SSO options to leverage your organization’s existing security policies, such as Multi-Factor Authentication (MFA). We also offer standard email/password login.

Data Retention & Deletion

What happens to my data if we cancel our subscription?

Upon cancellation, your active data is permanently deleted from our production systems after 30 days. Secure encrypted backups are retained for disaster recovery purposes and undergo a deletion cycle of 6 months.

Can we request immediate deletion?

Yes. We honor "Right to be Forgotten" requests. Upon request, we will immediately remove your active data from our production environment. (Note: Data contained in immutable system backups will age out naturally within our 6-month retention cycle).