Hiring data, handled correctly
The boring infrastructure that keeps you out of trouble. Encryption, access control, audit logs, compliance — built in, not bolted on.
Encryption
AES-256 at rest. TLS 1.3 in transit. Tenant data isolated at the row level.
Access control
Row-level security on every table. Service-role bypass scoped to specific server endpoints. 2FA available on all accounts.
Audit logging
Every sensitive action logged: role changes, data exports, AI runs, fraud-review decisions.
Compliance
SOC 2 Type II in progress. EEO/OFCCP-aligned reporting built in. Annual third-party penetration testing.
Infrastructure
Hosted on Supabase (AWS, US-East). Daily backups with 30-day retention. Disaster recovery tested quarterly.
Subprocessors
Supabase, Anthropic, Resend, SAM.gov. All under DPA. Customer data never used to train external models.
Reporting a vulnerability
If you've discovered a security issue, please email security@hitthosting.com with reproduction steps. We'll acknowledge within 24 hours and remediate critical issues within 72.