At Snapshot Security, safeguarding data is our top priority. Our platform is built with privacy, compliance, and trust at its core.
1. Infrastructure Security
- All data is hosted on AWS and protected by industry-standard encryption (AES-256).
- We enforce TLS 1.2+ for all data transmissions to prevent unauthorized interception.
- Our servers are located in SOC 2 Type II and ISO 27001–certified data centers.
2. Application & Access Controls
- Access to customer and candidate data is strictly role-based and logged for accountability.
- Multi-factor authentication (MFA) and principle of least privilege are enforced across internal systems.
- All API endpoints are secured via token-based authentication and rate-limited to prevent abuse.
3. Data Retention & Deletion
- Candidate data is retained only for the duration of service use or as required by law.
- Upon request, all associated data is permanently deleted from our servers within 30 days.
4. Monitoring & Threat Detection
- Continuous threat monitoring and automated alerts detect unusual access or system behavior.
- Regular penetration tests and vulnerability scans are performed by trusted security partners.
5. Compliance & Legal Standards
- Snapshot Security adheres to applicable U.S. federal and state privacy laws.
- We maintain compliance with FCRA, EEOC, and emerging AI usage guidelines for background checks.
- Clients processing candidate data are expected to comply with local and international privacy laws (including GDPR where applicable).
6. Responsible Disclosure
We encourage responsible disclosure of potential vulnerabilities. If you discover a security issue, please report it immediately at security@snapshotsecurity.co.