Data security, compliance, and trust

A commitment to security, privacy, and compliance

The protection of your data is central to everything we do. We’ve built our platform with reliability and security at its core to set up your business to thrive.

Request a demo

A commitment to security, privacy and compliance

Every action we take is designed to minimize data risk, maximize data availability and maintain data integrity.

Compliance

Security

Privacy

Compliance

Compliance is at the heart of what we do. We employ an internal team dedicated to proactively monitoring our data and our research methods align with all relevant data protection laws and best practices.

SOC 2

Findem has successfully completed a SOC 2 audit with a third-party evaluator certified by The American Institute of CPAs (AICPA). This audit uses the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of a service organization’s controls.

GDPR & CCPA

Our platform implementation provides all customers with the ability to comply with the GDPR and CCPA. We support our customers’ own compliance programs on an ongoing basis through product features, integration, and configuration options, as required by our customers.

Data inventory

We have reviewed and identified all the areas where we collect and process customer data, validating with our own legal team our basis for collecting and processing personal data. We ensured that we apply the appropriate security and privacy safeguards across our infrastructure and software ecosystem. Our Privacy Policy identifies what we do with the data we collect and how we manage consent.

Campaigns and Personally Identifiable Information

By default our customers will not provide or receive any personally identifiable information via the Findem platform. We do not collect or share sensitive information such as browser history, health or financial information, or any other information about a person in a family or household capacity.

If our customers choose to use the campaign feature on Findem, we may provide individuals’ email contact information via the platform, surfaced through Findem partnerships with third-party integrations, which can be used in outreach to potential candidates.

As part of this feature, we have the proper privacy controls in place — any individual can opt out of interactions with any company through the Findem platform and enforce their privacy settings. For example, if an individual has been contacted by one of our customers utilizing the Findem platform as part of an outreach campaign, the individual has the option to opt-out via an unsubscribe link in the outreach (ie. email). This unsubscribe is enforced for the whole company domain attempting to send correspondence to an individual.

Data subjects/consumers rights

Both the GDPR and the CCPA give data subjects/consumers the right to request access to, correction of, or deletion of their personal data in certain circumstances. When using Findem you can comply with deletion requests by deleting the candidates’ data from your Findem account, as well as designating the supplementary data Findem provides as excluded from future use by your team. For individuals who want to access their personal data, you can export all of the relevant data from your Findem account in a computer-readable CSV format. We can also help you with this process if required.

OFCCP

Findem supports record keeping standards established by the Office of Federal Contract Compliance Programs (OFCCP) as required by our customers who are subject to OFCCP.

Security

At Findem, the protection and security of our customers’ data is our highest priority. We pride ourselves on upholding the most robust security safeguards and being responsive to our customers’ special security needs.

Organizational Security

All Findem employees receive security, privacy, and compliance training during the onboarding process in their first employment week. We have made it every employee's responsibility. The Findem Security Committee includes our CTO, VP of Engineering, and Lead Architect. Their responsibilities of this committee include defining, specifying, and implementing security policies and procedures, and ensuring all employees are aware of all security policies and that they apply them in their daily operations.

Data Security

Data encryption
‍Findem encrypts all data at rest and in transit. The encryption keys are rotated periodically. Findem classifies data as follows:

Confidential
‍‍Highly sensitive data requiring the highest levels of protection; access is restricted to specific employees, roles and/or departments, and these records can only be passed to others with approval from the data owner, or a company executive.

Confidential data is subject to the following protection and handling requirements: Access is restricted to specific employees, roles and/or departments. Confidential systems shall not allow unauthenticated or anonymous access. Confidential Customer Data shall not be used or stored in non-production systems/environments.

Restricted
‍‍Findem proprietary information requiring thorough protection; access is restricted to employees on a need-to-know basis. This data can only be distributed outside the company with approval. This is the default for all company information unless stated otherwise.

Restricted data is subject to the following protection and handling requirements: Access is restricted to users on a need-to-know basis. Restricted systems shall not allow unauthenticated or anonymous access. Transfer of restricted data to people or entities outside the company or authorized users shall require management approval and shall only be done in accordance with a legal contract or arrangement, or the permission of the data owner.

Application Security

Software development lifecycle
‍Findem has adopted secure coding practices and code reviews. In addition, we perform regular application testing. All developers are required to go through proper training that includes security principles, practices, and OWASP Top 10 Security Risks. Our code review process ensures that all code is assessed and validated.
‍
Penetration testing
We regularly perform application vulnerability testing to assess application security.

Authentication
‍Findem supports login from single-sign-on initiated through third-party identity providers' compliant solutions. We use security roles and configurations for our customers to easily manage user access and meet their organization’s security requirements.

Infrastructure Security

Findem uses the major cloud platform providers to host its infrastructure, environments, and applications. We deploy and maintain our applications within secure networks designed using industry best practices. In addition, we perform the following operations.

We constantly monitor our infrastructure and applications to identify and address threats and vulnerabilities.

We regularly train our engineers on secure coding practices and securely deploying application and infrastructure changes.

We perform regular assessments of our security controls.

Operational Security

Findem uses the major cloud platform providers to host its infrastructure, environments, and applications, and ensure they have secure facilities and processes to host the management and processing of customer data. We periodically review the compliance requirements of these cloud providers to ensure their security controls are audited and meet industry standards and regulatory requirements.

Privacy

We’re committed to putting data privacy in the hands of its owners. Findem is a matching platform, not a browsing platform. The information we index about an individual will only be accessible when that person’s attributes are a match for a specific role.

Privacy policy

Individuals contacted via the Findem platform always retain the ability to change or delete their information as well as unsubscribe from campaigns.
‍
Only consenting candidates are added to our customers’ Applicant Tracking Systems. Customers can add an unsubscribe link to any email/campaign sent out using the Findem platform.
‍
Our full privacy policy is available here.

Opt out

If at any point an individual wishes to have their information removed from Findem’s database or updated, they may do so via our do not sell page. To correctly process any opt out request, Findem requires individuals to provide their email address and any public profile URLs. This data will be removed from our system once the opt out has been processed.