Compliance,
not theatre.
Screeq holds sensitive data โ applicants, employees, compensation, EEO. Here's exactly what we do to protect it. Anything aspirational is labelled as such.
14-day free trial ยท No credit card ยท Cancel anytime
Defence in depth. Configured by default.
Encryption at rest and in transit
AES-256 at rest via our cloud provider's managed encryption. TLS 1.3 with strict HSTS for all client and inter-service traffic.
Row-level security in the database
Every tenant-scoped table enforces row-level security at the Postgres layer โ not just in the UI. A misconfigured client query cannot leak across tenants.
SSO & MFA
Google OAuth on every plan today. SAML 2.0 SSO (Okta, Azure AD / Entra ID, OneLogin) available as an Enterprise add-on on request. Microsoft OAuth on the roadmap. MFA is opt-in per user today; policy-level enforcement is on the roadmap.
Audit trails on sensitive actions
Sensitive staff actions (candidate views, stage changes, exports, role assignments, settings changes) are logged with actor, timestamp, and target. Full-coverage audit across every endpoint is on the roadmap.
GDPR-aligned by design
Candidate data export and erasure built into the product, configurable retention windows per data type, EEO data segregated from hiring decisions.
Backups via managed Postgres
Continuous backups with point-in-time recovery managed by our cloud database provider. Full backup-and-restore documentation available under NDA.
Responsible disclosure
Security reports go to our security inbox (use the form below or the contact link in the footer, subject 'Security disclosure'). Acknowledged within 24 hours, triaged within 72.
Cloud infrastructure
Hosted on managed cloud infrastructure (Supabase + Cloudflare). Regional pinning on enterprise plans for customers with strict data-locality requirements is on the roadmap.
SOC 2 Type II
Roadmap. Our internal controls map to the SOC 2 trust criteria; the formal audit window is targeted for 2026 with Type I expected first and Type II to follow. We do not currently hold a SOC 2 attestation and we won't claim one until we do. Customers under NDA can request our current security questionnaire today.
GDPR & data rights
Candidate erasure and export workflows live in the product today. Configurable retention windows let you align candidate data lifecycle to your obligations. See our Privacy Policy.
Security FAQs.
Can't find what you're looking for? Email us at .
Found a vulnerability?
Send the details via the form (preferred) or email . We acknowledge within 24 hours and triage within 72. Please don't publish details until we've shipped a fix.