How Hirefathom Handles Your Data
We're a security product — which means security teams will scrutinize our own data handling before they deploy us. Here's a direct answer: request payloads never leave your infrastructure, behavioral metadata travels over TLS 1.3, and you can verify the architecture yourself.
What We See vs. What We Store
The Hirefathom agent observes API traffic metadata in memory. Understanding exactly what leaves your infrastructure is critical for security teams evaluating us.
Processed on Your Infrastructure
- Full API request and response bodies
- Header values and cookie content
- Authentication tokens and credentials
- Query parameter values
These are analyzed in-memory only. Nothing leaves your environment.
Transmitted to Analysis Layer
- Endpoint path and HTTP method
- Response status codes and timing
- Statistical parameter shape metadata (not values)
- Behavioral anomaly signals and confidence scores
- Aggregate request counts per time window
Encrypted in transit. No payload content. No PII.
Encryption and Infrastructure Security
Hirefathom is designed with SOC 2 Type II controls in mind. We are working toward formal certification as we scale. In the meantime, the specific controls below are active and auditable.
TLS 1.3 in Transit
All data transmitted between the agent and the Hirefathom analysis layer uses TLS 1.3 with certificate pinning. Connections failing certificate validation are rejected — no fallback to cleartext.
AES-256 at Rest
Threat history, behavioral models, and anomaly signals are stored with AES-256 encryption at rest. Encryption keys are managed through an HSM-backed key management service with automated rotation.
Zero Standing Access
Hirefathom employees have no standing access to customer analysis data. Customer environment access for support requires explicit time-bounded approval with full audit logging. Access expires automatically.
Isolated Tenancy
Customer behavioral models and threat history are isolated at the database and service layer. Cross-customer data access is architecturally prevented, not just policy-controlled.
Audit Logging
Every access to customer data, every configuration change, and every alert action generates immutable audit log entries. Logs are retained for 12 months and are available to customers via the dashboard.
SSO + MFA
Hirefathom's dashboard supports SAML 2.0 SSO on Enterprise plans. MFA enforcement is available for all plans. API access uses short-lived, scoped tokens with configurable expiration.
Report a Security Vulnerability
If you've discovered a security vulnerability in Hirefathom's products or infrastructure, we want to hear about it. We're committed to working with security researchers in good faith and appreciate responsible disclosure.
To report a vulnerability:
- Email [email protected] with details
- Include steps to reproduce, impact assessment, and any proof-of-concept
- We acknowledge reports within 48 hours
- We aim to resolve critical issues within 14 days and notify you upon patch deployment
We request that you avoid testing on production customer environments, and that you do not disclose the vulnerability publicly until we've had a chance to address it.