Built for recruiters whose data is the business.
CreamyHire handles candidate PII at scale: emails, phone numbers, full resumes, hiring decisions. Below is exactly how we protect it, who else touches it, and the rights you can exercise without opening a support ticket.
Need our DPA, security questionnaire response, or a SOC 2 update? Email security@creamyhire.com.
Security
How we encrypt, isolate and monitor your data — recruiter PII, candidate resumes, and AI outputs.
Read morePrivacy Policy
What we collect, why, who sees it, and how long we keep it. Plain-English version of GDPR + DPDP commitments.
Read moreTerms of Service
Plan terms, acceptable use, IP, liability and termination. The contract you accept on signup.
Read moreSub-processors
Every third-party we share data with — vendor, purpose, region, and the security controls we vet them on.
Read moreData Processing Addendum
GDPR-grade DPA template ready for your legal team. Counter-signed copy on request.
Read moreSystem Status
Real-time uptime + recent incidents for the API, scoring queue, and web app.
Read moreHow we think about your data
Encrypted in transit and at rest
TLS 1.2+ everywhere; AES-256 at rest in the database. Third-party API keys (Greenhouse, OpenAI, etc.) are double-encrypted with a per-deployment Fernet key.
Zero data sale
We never sell your data. We never train AI models on your candidates' resumes. Your data is used only to deliver the Service to you.
Tenant isolation
Every query is scoped by user_id and org_id at the row level. Admin actions are logged in an immutable audit feed visible to admins.
Right to erasure, on tap
Settings → Privacy → Request deletion triggers a 30-day grace window, then a hard wipe across the database, ATS connectors and resume blobs.
Working with our security team
Found something? Want our security questionnaire response? Need to schedule a pen-test debrief?