Security
How we protect your data
Data Protection
HireIQ takes the security of your data seriously. We implement industry-standard measures to protect information at rest and in transit.
- All data transmitted to and from our platform is encrypted using TLS 1.3
- Resume files are stored with encryption at rest via UploadThing
- Database data is encrypted at rest in Google Cloud Firestore
- Access to production data is restricted to authorized personnel only
Authentication
We use Firebase Authentication for secure user management:
- Password-based authentication with industry-standard hashing
- Optional Google OAuth for social login
- Token-based session management with automatic expiration
- Server-side token verification for all API requests
Infrastructure
Our platform is built on trusted cloud infrastructure:
- Application hosting on Vercel with global CDN distribution
- Database and authentication via Firebase/Google Cloud Platform
- File storage via UploadThing with secure access controls
- AI processing through Google Gemini API (no data retention)
- Rate limiting via Upstash Redis to prevent abuse
Data Access Controls
Firestore security rules enforce strict access controls. Users can only access their own data and candidate records belonging to their organization. All API endpoints verify authentication tokens server-side before processing requests.
Reporting Vulnerabilities
If you discover a security vulnerability, please contact us at security@hireiq.app. We aim to acknowledge reports within 24 hours and resolve validated issues promptly.