Talecto

Security & Data Protection

Enterprise-grade security and GDPR compliance to protect your recruitment data

Certified & Compliant

We maintain the highest security and compliance standards

SOC 2 Type II

Audited controls for security, availability, processing integrity, confidentiality, and privacy

TLS 1.3

International standard for information security management systems

GDPR

Full compliance with EU General Data Protection Regulation

Security Measures

End-to-End Encryption

All data is encrypted both in transit and at rest to prevent unauthorized access:

  • TLS 1.3 encryption for all data transmission
  • AES-256 encryption for data stored in databases
  • Encrypted backups with separate key management

Secure Infrastructure

Our cloud infrastructure is built on industry-leading providers with enterprise security:

  • Tier IV data centers with 99.99% uptime SLA
  • Automatic failover and disaster recovery systems
  • DDoS protection and web application firewall (WAF)

Access Control & Authentication

Strict access controls ensure only authorized users can access data:

  • Multi-factor authentication (MFA) for all accounts
  • Role-based access control (RBAC) with granular permissions
  • Single Sign-On (SSO) support via SAML 2.0

Continuous Monitoring

24/7 security monitoring and incident response:

  • Real-time threat detection and alerting
  • Comprehensive audit logs for all system activity
  • Automated security scanning and vulnerability assessments

GDPR Compliance

Built with privacy by design and default

Data Controller vs. Processor

Talecto acts as a data processor on behalf of our customers (data controllers). You maintain full ownership and control of candidate data, while we process it according to your instructions and GDPR requirements.

Data Subject Rights

We provide tools to help you honor data subject rights:

  • Right to access: Export candidate data in machine-readable formats
  • Right to erasure: Permanent deletion with audit trails
  • Right to rectification: Update and correct personal data
  • Right to portability: Transfer data between systems

International Data Transfers

All data is stored within the EU/EEA. For customers requiring international transfers, we use Standard Contractual Clauses (SCCs) and ensure adequate safeguards are in place.

Breach Notification

In the unlikely event of a data breach, we will notify affected customers within 72 hours and provide detailed incident reports to support your GDPR notification obligations.

Regular Security Audits & Testing

Penetration Testing

Annual third-party penetration tests to identify and remediate vulnerabilities before they can be exploited.

Vulnerability Scanning

Continuous automated scanning of all systems and dependencies with immediate patching of critical issues.

Compliance Audits

Regular SOC 2 and ISO 27001 audits by independent auditors to verify our security controls and processes.

Security Questions?

For security inquiries, vulnerability reports, or to request our security documentation:

Email: security@talecto.com

Security & Data Protection | Talecto ATS | Talecto