Trust Center

We regularly conduct information security and data privacy training for all employees to maintain compliance and reinforce a culture of security awareness.

We maintain documented incident response policies and procedures to guide timely identification, reporting, investigation, and resolution of security incidents.

We perform regular internal audits and risk assessments to evaluate the effectiveness of our security controls and align with recognized industry standards.

Password settings are made available in accordance with Jobma's password policy, including complexity, rotation, and reuse restrictions.

Access to Jobma systems and customer data is provisioned based on the principle of least privilege and requires prior authorization. Role-based access controls are used to segregate access levels, with database access restricted to authorized admin users via MFA.

System logs are generated for user access and platform activity to support monitoring and accountability. Logs are securely stored, regularly reviewed, and protected by strict access controls.

Jobma uses controls to monitor and prevent unauthorized data transfer across its network, helping protect sensitive information from unintended exposure.

Jobma's infrastructure is hosted on Google Cloud Platform. Access controls, storage, and compute resources are managed in alignment with industry security best practices.

Business continuity and disaster recovery plans are documented, maintained, and reviewed on a regular basis to ensure operational resilience. Recovery procedures are tested periodically to validate defined recovery objectives and minimize service disruption in the event of an incident.

Jobma conducts regular vulnerability assessments and testing to identify common web application risks, with high-priority issues resolved promptly.

Access credentials and sensitive secrets are securely stored and managed using approved secret management solutions. Access to credentials is restricted based on role and monitored to prevent unauthorized use or exposure.

We implement a Software Development Lifecycle Policy as per standard controls.

Periodic backups in place to ensure data availability and resilience. Cross-region backups are maintained to support recovery within defined recovery time objectives in the event of a system failure.

Customer data is retained in accordance with defined data retention policies and contractual obligations. Data deletion can be made on request.

User access to systems and critical applications is regularly reviewed to ensure alignment with the least privilege principle and prevent unauthorized use.

Data transmitted over public and private networks is encrypted using SSL/TLS protocols.

Databases and storage systems are configured to enable encryption at rest to protect all video interviews, candidate information, and recruiter communications from interception or tampering.

Access permissions can be defined for every user, ensuring individuals only view and manage specific data. This enforces least-privilege access and reduces the risk of unauthorized exposure.

Jobma supports Single Sign-On through Microsoft and Google as a login mechanism for seamless account access.

Logs are securely maintained to support monitoring, investigations, and compliance requirements.

We support time-based one-time passwords through authenticator applications such as Google Authenticator and Microsoft Authenticator, as well as MFA enforced through supported identity providers to prevent unauthorized access.

Users can manage teams and control access at a granular level from a centralized dashboard. This ensures structured collaboration while maintaining security controls.

Jobma's AI Management System establishes governance, risk, and compliance controls across all AI-driven hiring features. It ensures transparency, fairness, data protection, and continuous monitoring to align with evolving regulatory and ethical standards.