Security

we take security here at pin very seriously here's an overview of what we do to ensure that your data is safe encryption all requests to pin including interim connections within pin's internal infrastructure is encrypted https, tls, and/or ssl any connection or request using unsecured protocols, like http, are redirected to its counterpart or terminated pin uses hsts to let well known browsers like google chrome know and enforce that our website uses https and that http should be ignored all customer data is encrypted at rest and encrypted in transit all secret keys and customer keys (e g integrations) are encrypted with hardware security modules (hsm) for extra protection credit cards are stored and processed security with stripe, which is pci level 1 compliant infrastructure all data is hosted in a private environment using amazon web services all public facing endpoints and ip addresses are monitored and firewalled access to our private environment requires two factor authentcation and is allowed only by well known, company issued devices all access attempts are logged and audited in real time we utilize denial of service (dos) protection and web application firewalls (waf) to sensure our services are protected from attacks our infrastructure is audited automatically and patched automatically where possible our team follows a strict 30 day sla policy to patch all known vulnerabilities inbox access pin uses your inbox to send and receive emails to candidates you choose to get in contact with we require this access to know when candidates respond back to you and stop email automation pin only stores copies of emails with candidates that were first initiated with pin pin filters emails by matching ids in the email headers all other emails are discarded pin uses your calendar to know when you are available and display your calendar in pin's app we also use your calendar to automatically schedule interviews with candidates when pin's scheduling automation feature is turned on ats access when enabled, pin uses https //merge dev to facilitate communicating with your ats merge is highly regarded in the industry and has all the necessary certifications to keep your data safe for some ats integrations (greenhouse, ashby, jobadder, recruiterflow, bullhorn), we connect directly we use the same hsm encryption methods to encrypt credentials as earlier pin uses your ats to know if you've reached out to a candidate in the past and also sync candidates sourced with pin back to your ats internal policies all employee accounts are protected using 2fa we utilize a password manager to secure online accounts and share across team members we go through annual security testing with our partners including an annual review with google's restricted scopes to use the gmail api we are soc 2 type 2 compliant all employees and contracts sign a non disclosure agreement to obtain a copy of our reports, please email help\@pin com or email your pin representative bounty program we ask that all security researches report security exploits to engineering\@pin com reports will be answered within 5 business days we currently do not issue rewards at this time but we'll be more than happy to advertise your name on this page we ask that you do not send reports for the following dos; automated scripts; mix content scripts; social engineering; regular bugs; email flooding; input; or not adhering to "best practices" when submitting a report, reproducable step by step instructions and/or video would be greatly appreciated