Your data, protected.

Paritas is built for sensitive employment data. Security is not an afterthought—it's architectural.

Data Encryption

  • ATS credentials: AES-256-GCM encryption at rest. Decrypted only during sync operations.
  • Data in transit: TLS 1.3 for all communications.
  • Database: Encryption at rest via Vercel Postgres.

Candidate PII Protection

  • All candidate personally identifiable information (names, emails, direct identifiers) is hashed with SHA-256 + organization-specific salt before storage.
  • Raw PII is never stored.
  • Published reports contain only aggregate statistics.

Data Isolation

  • Multi-tenant architecture with strict organization-level data isolation.
  • All database queries are scoped to the authenticated user's organization via middleware.
  • No cross-tenant data access is possible.

Access Control

  • Role-based access: Owner, Admin, Auditor (read-only), Billing.
  • Email-based invitation system with role assignment.
  • Organization switching for users with multiple memberships.

Infrastructure

  • Hosted on Vercel with enterprise-grade security.
  • PostgreSQL database on Vercel Postgres.
  • File storage on Vercel Blob.
  • All infrastructure runs in the US East (IAD1) region.

Audit Logging

  • All significant actions are logged: audit creation, data upload, analysis execution, report publication, team changes.
  • Logs retained for 36 months.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@paritas.ai.

We will acknowledge receipt within 24 hours and provide a timeline for resolution. We do not pursue legal action against good-faith security researchers.

Compliance

Paritas is designed to handle sensitive employment data in compliance with applicable privacy regulations.

We do not currently hold SOC 2 or ISO 27001 certification but are evaluating these certifications as the platform scales.

Questions about security?

We're happy to discuss our security practices in detail.

Contact Us