Hiring data, handled correctly
The boring infrastructure that keeps you out of trouble. Encryption, access control, audit logs, compliance — built in, not bolted on.
Encryption
AES-256 at rest. TLS 1.3 in transit. Tenant data isolated at the row level.
Access control
Row-level security on every table. Service-role bypass scoped to specific server endpoints. 2FA available on all accounts.
Audit logging
Every sensitive action logged: role changes, data exports, AI runs, fraud-review decisions.
Compliance reporting
EEO-1 and OFCCP-aligned reporting built in. Configurable data-retention windows and per-org export so you stay audit-ready.
Infrastructure
Hosted on Supabase (AWS, US-East). Daily backups with 30-day retention. Disaster recovery tested quarterly.
Subprocessors
Supabase, Anthropic, Resend, SAM.gov. All under DPA. Customer data never used to train external models.
Reporting a vulnerability
If you've discovered a security issue, please email security@hitthosting.com with reproduction steps. We'll acknowledge within 24 hours and remediate critical issues within 72.