Encryption everywhere
Data encrypted at rest with AES-256. Data encrypted in transit with TLS 1.3. No plaintext recordings, no plaintext audit logs.
Trust
Security built into the foundation, not bolted on not bolted on
Most recruiting platforms retrofit compliance after a breach. Neuradesk Hire was built in India after DPDP came into force, so security is the foundation, not the afterthought. Here is the full picture, in plain language.
Multi-tenant Postgres RLS
Row-level security enforced at the database layer with FORCE RLS on every shared table. A bug in our application code cannot leak one organization's candidates to another. Verified with a runtime drift detector.
HMAC-signed audit chain
Every action, consent, recording, scorecard, decision, is HMAC-signed and chained to the previous entry's hash. Tampering breaks the chain forward and is mechanically detectable.
SAML SSO + MFA
Enterprise tier ships SAML 2.0 SSO with Okta, Microsoft Entra, Google Workspace, and SCIM provisioning. MFA required by default. Admins can enforce hardware-key-only on sensitive surfaces.
DPDP §8(8) safeguards
We meet India's Digital Personal Data Protection Act §8(8) reasonable security obligations: access control, encryption, audit, breach notification, retention controls, and DPO escalation paths.
Breach notification commitment
If we detect a breach affecting your data, we notify you within 72 hours per DPDP §11 with the impact scope, root cause analysis, and remediation plan. We test this drill quarterly.
Compliance roadmap
- DPDP 2023: compliant from day one. Not a roadmap item.
- SOC 2 Type II: in progress, audit window opens Q3 2026, expected report Q1 2027.
- ISO 27001: planned after SOC 2 closes, customer-driven (Enterprise customers can accelerate via CSM).
- CERT-In SBOM compliance: internal SBOM tracking active. External attestation aligned with Indian regulator timelines.
Reporting a vulnerability
We run a coordinated disclosure program. Send security findings to security@neuradeskai.com with reproduction steps. We acknowledge within 48 hours, triage within 5 business days, and disclose post-fix with credit to the researcher (per their preference).
We do not currently run a paid bounty program but offer Neuradesk Hire credits and public acknowledgment.
Enterprise security review packet
Enterprise prospects can request our full security review packet: architecture diagrams, sub-processor list, DPA template, breach notification SLA, encryption inventory, RLS verification logs, and recent pen-test scope. Email sales@neuradeskai.com and we ship it within 1 business day.
Built for India, ready for your audit
DPDP-compliant by default. Tamper-evident audit chain on every tier. Start free, scale to Enterprise.