Security and Privacy Controls

Companies around the world are using Brainner to find their top applicants, while covering all their privacy and security needs.

Build custom AI applications with Brainner

GDPR Compliant

We ensure all personal data is processed in accordance with GDPR regulations, guaranteeing lawful and transparent data handling.

CCPA Compliant

Our platform is fully compliant with CCPA, protecting consumer rights and privacy with transparent data practices.

EU AI Compliant

Brainner adheres to EU AI regulations, ensuring our AI systems are safe, transparent, and respect fundamental rights.

Customizable Data Retention

Set your preferred data retention policies and delete personal data at any point to comply with various regulations.

On-Demand Deletion

Easily delete one or many candidates’ data with a single click, ensuring prompt and secure data management.

Granular Access Controls

Define user roles and permissions to control access to sensitive data and actions, enhancing security and compliance.

Your Security Questions, Answered

Feel free to ask any other questions you have about our security practices.

Where is your data centre located?

All our services and databases are in the us-east-1 region in AWS. AWS has been certified with multiple security certifications like ISO, HiTrust, PCI, SOC (1 and 2) and carries out penetration tests and other vulnerability assessments against their infrastructure. Certificates are available to download here.

Customers on an enterprise plan can request their data to be stored in the EU region.

How is data protected?

Web connections to Brainner services are via TLS 1.2. We support forward secrecy and AES-GCM, prohibiting insecure connections using TLS 1.0 and below or RC4.

At rest, our database and files (resumes) are encrypted via AWS Key Management Service (AWS KMS). AWS KMS provides robust security features, including hardware security modules (HSMs) that are certified under various security standards and seamless integration with other AWS services.

Access tokens and API keys provided by users to connect to third-party systems, like ATS, are encrypted via Evervault, a PCI Level 1 Compliance vendor, ensuring that Brainner cannot access the encrypted tokens, even in the worst-case scenario.

About logins and passwords

Brainner doesn’t store any user-generated passwords. To authenticate users, we send a one-time unique and time-limited code to their email address for validation. The temporary code is stored in the user session and encrypted, ensuring a secure and passwordless authentication process.