Security

Rest easy knowing only authorized users can access certain info.

We know how critical it is to keep certain information private. Our robust permissions system was designed around all roles and responsibilities, giving you flexible access control that is easy to configure. We also allow for you to stay data compliant while maintaining stable access to the tools you need.

Our Security

Platform Hosting

  • Staffer servers are hosted on Amazon Web Services (AWS), Google Cloud Platform (GCP), Compose, and Meteor Galaxy. Compose and Meteor Galaxy are also deployed on AWS. AWS is accredited under these certifications. GCP is accredited under these certifications.
  • Access to Staffer servers and databases are firewalled from the internet using AWS Security Groups.

Credit Card Data

  • The Staffer Platform does not store credit card information. All credit card data is handled by our payment processor, Stripe, which is certified to PCI Service Provider Level 1.

Encrypted Data Transmission

  • The connections between Staffer servers and website and mobile apps are encrypted using HTTPS and TLS with only secure, modern cipher suites allowed. The Staffer HTTPS setup receives a grade of “A” from Qualsys SSL Labs test.
  • Connections between services internal to the Staffer Platform are also encrypted using HTTPS.

Encrypted Data Storage

  • Sensitive user personally identifiable information is encrypted at rest within a Staffer database. Each user’s data is encrypted using a separate, user-specific AES 256-bit key managed by AWS Key Management Service.
  • Completed HR documents are stored in an access-controlled AWS S3 bucket. Documents within S3 are encrypted at rest using AWS S3’s Server Side Encryption (AES-256) Access to documents is granted to authenticated and authorized Workpop users via a signed, limited-duration URL.

Internal Access Control

  • Staffer follows least-privilege principles and restricts staff access to internal systems and user data as required by their role and duties.

Disaster Recovery

  • Staffer maintains automatic backups for four weeks.
  • Staffer servers are distributed across multiple AWS Availability Zones (AZs) to boost resilience against faults in any one data center.

3rd Party Access to Data

  • Staffer takes privacy and data security very seriously. Your information is never sold to any third-party and is inaccessible to any user unless you have explicitly given permission (ie: applied to an employer's job). When you apply for a job, you give the employer access to your Staffer application, phone number and email address, as well as your resume, if you chose to upload one.