rejentoby resoftwaBook a demo
Security & trust

Built for procurement, not just demos.

Our current security posture, reviewed 27 jun 2026. We publish what’s true today and label what’s in progress — no overstated badges.

Multi-tenant isolation

Every request is scoped to your workspace server-side; resource ids are re-verified on each call.

PII & salary masking

Candidate PII and salary are masked server-side (not UI-only) — masked roles can’t export or download raw CVs.

SSO & access control

Google, Microsoft, or enterprise SSO. No open signup; company-email access only. SCIM on the enterprise tier.

Authenticated webhooks

Inbound webhooks are signature-verified (HMAC) and fail closed in production.

Independent code audit

A static security review (27 Jun 2026) found 0 Critical and 0 High findings. Source review, not a penetration test.

Data residency on request

Region placement available on request for qualifying plans.

Compliance
SOC 2 Type II · in progressISO 27001 · on roadmapGDPR alignment · in progress

These are targets we’re working toward — not current certifications.

How we handle your data

We process candidate and recruiter data only to run your recruiting workflow, encrypt secrets at rest, and never sell data. Full detail is in our Privacy Policy. Security questions? rejento@resoftwa.com.