Enterprise-Grade Security

Security at StudAI Hire

Your data security is our top priority. Here's how we protect your information with enterprise-grade security measures.

256-bit
AES Encryption
TLS 1.3
In-Transit Security
99.9%
Uptime SLA
SOC 2
Compliance Target

🔐 Data Encryption

Data at Rest

  • AES-256 encryption for all stored data
  • Encrypted database backups
  • Key management via AWS KMS
  • Resume and document files encrypted on disk

Data in Transit

  • TLS 1.3 for all web traffic
  • HTTPS enforced site-wide
  • Secure WebSocket connections
  • Certificate pinning on mobile apps

🛡️ Access Control

Multi-Factor Authentication

MFA required for all admin accounts and optional for users

Role-Based Access Control

Employees access only the minimum data needed for their role

Zero-Trust Architecture

Every request is verified regardless of network location

Session Management

Automatic session expiry with secure token rotation

IP Allowlisting

Administrative access restricted to approved IP ranges

☁️ Infrastructure Security

🌐

Cloud Provider

Hosted on Microsoft Azure with enterprise SLAs and physical security

🔄

Auto Backups

Daily encrypted backups with 30-day retention and point-in-time recovery

📡

DDoS Protection

Azure DDoS Standard protection with automatic attack mitigation

🔥

Web Application Firewall

WAF rules to block SQL injection, XSS, and OWASP Top 10 threats

📊

24/7 Monitoring

Continuous security monitoring with automated anomaly detection

🔁

Disaster Recovery

Multi-region failover with RTO < 4 hours and RPO < 1 hour

⚙️ Application Security

Development Practices

  • OWASP Top 10 compliance
  • Code reviews for all changes
  • Dependency vulnerability scanning
  • Automated security testing in CI/CD
  • Secrets management via Azure Key Vault

Regular Testing

  • Annual third-party penetration tests
  • Quarterly vulnerability assessments
  • Bug bounty program (contact security@studai.careers)
  • Security training for all engineers
  • Incident response drills

📋 Compliance & Certifications

GDPR

EU data protection regulation compliance

DPDP Act

India Digital Personal Data Protection Act 2023

ISO 27001

Information security management (in progress)

SOC 2 Type II

Security, availability & confidentiality (in progress)

PCI DSS

Payment card data security via Razorpay

VAPT

Vulnerability assessment & pen testing annually

🚨 Incident Response

In the event of a security incident, we follow a structured response process:

1
Detection & Triage (within 1 hour)
2
Containment & Investigation (within 4 hours)
3
User Notification (within 72 hours if required by law)
4
Remediation & Recovery
5
Post-Incident Review & Improvements

🔍 Responsible Disclosure

We take all security reports seriously. If you discover a security vulnerability, please report it responsibly:

How to Report

Email: security@studai.careers

PGP Key available on request

Include: description, reproduction steps, impact

Our Commitment

  • Acknowledge within 24 hours
  • Provide regular status updates
  • Credit researchers in our hall of fame
  • No legal action for good-faith reports

📧 Security Contact

Security Team

security@studai.careers

Response time: < 24 hours

General Privacy

privacy@studai.careers

+91-80-4567-8900