Security

All traffic between your browser and RecruiterLess travels over an encrypted connection (the padlock in your browser). The information we store — in our database and our file storage — is encrypted while it sits at rest, so a copy of the underlying storage is not readable on its own.

Access is limited to the people and systems that genuinely need it:

• Hiring managers can only see their own organisation’s roles, candidates and records. The system enforces this at the database level, not just in the screens.
• Candidates and referees reach their pages through a unique private link, and only see what concerns them.
• Our own staff access is restricted, logged, and used only for support, troubleshooting or safety. Sensitive personal information is shown on a need-to-know basis with the reason recorded.

Significant actions inside the product are written to an internal activity log so we can trace who did what, and when.

RecruiterLess runs on established cloud infrastructure providers that maintain their own independently audited security programs. We do not run our own physical servers. For details of where personal information is stored and any overseas hosting, please see our Privacy Policy.

We keep personal information only for as long as there is a lawful reason to, then remove it. Some records — for example, employment records connected to a completed hire — must be kept for a set period under Australian and New Zealand law, and are protected from early deletion for that reason. You can ask us about the information we hold about you, and ask us to correct or delete it, as set out in our Privacy Policy.

Security is never finished. We continuously review and improve our protections — including stronger sign-in options, monitoring, and independent testing — as RecruiterLess grows. If a certification or formal assessment becomes relevant to your organisation, contact us and we will share where we are up to.

If you believe you have found a security vulnerability or a way for someone to see data they should not, please tell us right away at security@recruiterless.io. Include enough detail for us to reproduce the issue.

We welcome good-faith reports and will not pursue action against researchers who report a genuine issue responsibly, give us a reasonable chance to fix it before going public, and avoid accessing or changing other people’s data beyond what is needed to demonstrate the problem. Please do not run tests that could disrupt the service or affect real users’ data.

RecruiterLess is operated by Tapper Advisory Pty Ltd (ACN 698 426 612) trading as RecruiterLess. For security matters, email security@recruiterless.io. For privacy questions, see our Privacy Policy.