Security

Our Security Commitment

At Hatch Beacon, security is not an afterthought—it's built into everything we do. We understand that you're entrusting us with sensitive candidate information and business data, and we take that responsibility seriously.

Our security program is designed to protect your data through multiple layers of defense, continuous monitoring, and adherence to industry best practices and compliance standards.

Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using industry-standard TLS 1.3 protocol. This ensures that your information cannot be intercepted or read by unauthorized parties during transmission.

Encryption at Rest

All data stored in our databases is encrypted using AES-256 encryption, the same standard used by banks and government agencies. This includes candidate resumes, personal information, and all other sensitive data.

Key Management

We use industry-leading key management services to securely generate, store, and rotate encryption keys. Keys are never stored alongside the data they protect.

Infrastructure Security

Cloud Infrastructure

Our services are hosted on enterprise-grade cloud infrastructure with multiple layers of physical and logical security controls. Our infrastructure providers maintain SOC 2 Type II and ISO 27001 certifications.

Network Security

• Firewalls and intrusion detection systems monitor all network traffic
• DDoS protection prevents service disruptions
• Network segmentation isolates sensitive systems
• Regular vulnerability scanning and penetration testing

Redundancy and Availability

Our infrastructure is designed for high availability with automatic failover, load balancing, and geographic redundancy. We maintain a 99.9% uptime SLA.

Access Controls

Authentication

• Strong password requirements with complexity rules
• Session management with automatic timeout
• Single Sign-On (SSO) support for enterprise customers

Authorization

Role-based access control (RBAC) ensures users can only access data and features appropriate to their role. Permissions are granted on a least-privilege basis.

Employee Access

Access to production systems is strictly limited and logged. All employees undergo background checks and security training. Access is reviewed quarterly and revoked immediately upon termination.

Application Security

Secure Development

• Security is integrated into our software development lifecycle
• Code reviews include security considerations
• Automated security testing in CI/CD pipeline
• Regular security training for developers

Vulnerability Management

We maintain a comprehensive vulnerability management program that includes regular security assessments, dependency scanning, and prompt patching of identified vulnerabilities.

Input Validation

All user input is validated and sanitized to prevent injection attacks, cross-site scripting (XSS), and other common vulnerabilities. We follow OWASP security guidelines.

Data Protection

Data Backup

All data is automatically backed up daily with encrypted backups stored in geographically separate locations. We maintain point-in-time recovery capabilities.

Data Retention

We retain data only as long as necessary for business purposes or as required by law. Data deletion requests are processed promptly and securely.

Data Isolation

Each customer's data is logically isolated to prevent unauthorized access between organizations. Multi-tenancy is implemented with strict separation controls.

Monitoring and Incident Response

24/7 Monitoring

Our security operations team monitors systems around the clock for suspicious activity, security events, and potential threats. Automated alerts enable rapid response to incidents.

Audit Logging

Comprehensive audit logs track all system access and data modifications. Logs are encrypted, tamper-proof, and retained for compliance purposes.

Incident Response Plan

We maintain a documented incident response plan that defines procedures for detecting, responding to, and recovering from security incidents. Our team conducts regular drills to ensure readiness.

Breach Notification

In the unlikely event of a data breach, we will notify affected parties promptly in accordance with applicable laws and regulations.

Compliance and Certifications

Regulatory Compliance

We maintain compliance with relevant data protection regulations, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• SOC 2 Type II (in progress)
• ISO 27001 (planned)

Third-Party Audits

We undergo regular third-party security audits and assessments to validate our security controls and identify areas for improvement.

Vendor Management

All third-party vendors are carefully vetted for security practices. We maintain data processing agreements and regularly review vendor security posture.

Security Best Practices for Users

Help us keep your account secure by following these best practices:

• Use a strong, unique password for your account
• Never share your login credentials
• Log out when using shared computers
• Keep your contact information up to date
• Report suspicious activity immediately
• Review account activity regularly
• Be cautious of phishing attempts

Responsible Disclosure

We welcome reports of potential security vulnerabilities from security researchers and the community. If you discover a security issue, please report it responsibly.

We commit to acknowledging reports within 48 hours and providing regular updates on remediation progress. We ask that you do not publicly disclose the vulnerability until we have had a chance to address it.

Continuous Improvement

Security is an ongoing process, not a destination. We continuously evaluate and improve our security posture through:

• Regular security assessments and audits
• Staying current with emerging threats and vulnerabilities
• Investing in security tools and technologies
• Employee security awareness training
• Participating in security communities and forums
• Learning from industry incidents and best practices

Contact Our Security Team

Have questions about our security practices? Want to request our security documentation? Contact our security team: