JobAdder Trust Centre
You own and control your data. We protect and defend it.
Our commitment to recruitment agencies, staffing firms and talent acquisition teams
To be transparent about our operations, policies and technologies
To ensure the security, compliance and privacy of your data
To support and empower the privacy decisions of every single user
Information security certifications
We’re proud that JobAdder has achieved internationally recognised ISO 27001:2013 certification. This standard demonstrates JobAdder’s commitment to global best practice, having implemented a robust approach to protect your data. JobAdder is audited regularly to maintain the certification status.
You can view our certification here.
We use Amazon Web Services (AWS) as our host operating system in the cloud. Security and compliance is therefore a shared responsibility between AWS and JobAdder. We’re responsible for securing your data, while AWS is responsible for securing the infrastructure that hosts it. Amazon’s data centre operations have been audited and certified under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- Federal Information Security Management Act – Moderate
- Sarbanes-Oxley (SOX)
Data centre locations
High technical and physical security
Resilience to disasters and data loss
Energy efficiency and sustainability
Security controls
Account security
JobAdder has a Multi-Factor Authentication (MFA) feature, which requires two proofs of identity (JobAdder password and authenticator app code on the user’s mobile) to grant access to your JobAdder account.
Single Sign-On (SSO) is available for increased security. JobAdder integrates with a third-party SaaS product, Auth0, which supports a range of enterprise authentication mechanisms, including OpenID Connect (OIDC) and Security Assertion Markup Language (SAML):
Other protocols offered by Auth0 are available if required, including:
- Google Workspace
- Microsoft Azure AD
- ADFS
- Active Directory/LDAP
- PingFederate
Platform compliance
GDPR and privacy compliance
General Data Protection Regulation (GDPR) plays a significant part in recruitment when it comes to collecting, handling and sharing candidate data.
With respect to candidate and client information that is stored in the JobAdder system:
You are the data controller and hold the direct relationship with your clients and candidates. You retain ownership of the client and candidate records that you store within your JobAdder account.
JobAdder, as the data processor, acts on your instructions when processing the candidate and client information stored in your JobAdder account.
GDPR compliance
JobAdder has a number of features to support your GDPR compliance:
- Data processing opt-in policy: GDPR-compliant opt-in functionality on Job Application forms, with customisable text and data processing policy link
- Pending candidates: Candidates are held in a ‘pending’ state until prerequisite requirements are met (eg. send privacy notice)
- Auto-delete pending candidates: Candidates that are still in a ‘pending’ state past the one-month grace period will be automatically deleted
- Export records: Manually respond to subject access requests by exporting the candidate record
- Candidate Portal: Automatically respond to subject access requests by sending candidates a link to their CareerUpdate profile
- Email and SMS templates: Email and SMS templates can be configured to fulfil the rectification and right to erasure notification obligations
Read JobAdder’s GDPR Terms
Read JobAdder’s Privacy Policy
Subprocessors
JobAdder uses third-party subprocessors to assist in the service we provide. Read the full list of subprocessors here.
GDPR FAQ
Performance
JobAdder is committed to providing high availability and is transparent with customers about this, which means you can visit our status page anytime to quickly see if the JobAdder platform, or any related services, are experiencing any degradation. You can also see our standard Service Level Agreement (SLA) here.
Vulnerability disclosure
JobAdder welcomes feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. This policy outlines steps for reporting vulnerabilities to us, what we expect, what you can expect from us.