Request a Demo

Security and Compliance

Ensure information and data security from the ground up

Protecting and defending user privacy is at the heart of our work. We work closely with all of our customers to understand and meet all compliance requirements and security needs.

Data Migration & Security

Rakuna is committed to protecting the security and privacy of all information entrusted to it. Our services and internal operating processes and procedures will be in compliance with applicable laws and regulations, as well as established industry practices.

On Data Security:
Rakuna has always valued personal data and the rights of the owners ever since day one:

  • Our Privacy Policy thoroughly states the types of information being collected, how we handle and protect them. This document also covers the positive consent from users that they can actively opt-in and out of promotional & email campaigns.
  • Our Terms of Service defines the user content that was being delivered to our system, as well as the limitations of Rakuna's rights over such information.
  • Our development and security practices strictly follow OWASP security principles.
  • We have an official Information Security Plan to protect the security and privacy of all information.
  • Any user (recruiter/candidate) can always make inquiries and email us to recollect the information that they have forgotten.

On Data Migration:
Data migration will depend on the type and volume of data needed to be migrated, per the customer’s request.

Data Retention

Rakuna will retain all data in its possession until the customer requests that such data be erased. “Erase” means the process by which Rakuna permanently deletes and destroys customer data and there is no way to restore it. Customers may request project data to be erased after a certain period of inactivity or conditions in order to comply with its own data policy. Set-up & maintenance cost may be applied and vary depending on the company's requirements.

Single Sign-on (SSO)

Rakuna integrates with Azure Active Directory and/or Google SSO.

General Data Protection Regulation (GDPR) Compliance

Rakuna is committed to the following foundational principles built into the DNA of our company:

  1. Transparency
    We inform and educate our users and customers of our data policies. We do this through in-product notifications, campaigns, and direct conversations with our customers to ensure people understand how their data is being used.
  2. User Control
    We provide people with the ability to control how their data is used.
  3. Accountability
    We are committed to sticking to our practices of protecting data, getting frequent feedback from regulators, policymakers, privacy experts, and improving how we protect personal information.

In order to fully meet key requirements from GDPR, we have added new processes and features that further empowers our users to do more about their personal data:

  • Although candidate applications' proof of consent is not compulsory under GDPR, candidates are now given notice of consent by Terms of Service within their survey emails where they are asked to upload digital versions of their resumés.
  • Recruiters can now select candidates within the prospect list to send emails as confirmations of consent if needed to.
  • Any user now can email us not only to request and re-collect provided information but also to request a complete deletion of the information on our platform.
  • All users are emailed with updates on changes to the Privacy Policy, Terms of Service, and GDPR compliance policy.

Read more about Rakuna GDPR readiness here.

Federal Compliance

Rakuna supports federal hiring regulations (EEOC and OFCCP) with private question fields and reports to protect workers, promote diversity, and enforce the law.

Incident Response & Management

Data is securely backed up on a scheduled basis and is available for disaster recovery purposes.

Frequently Asked Questions

Do you offer role-based security?

Yes, Rakuna provides three different roles for recruiter users: (1) Admin, (2) Reviewer, and (3) Mobile.

  • Admin: This permission level grants full access to both the Rakuna Web Dashboard and Recruit Mobile App.
  • Reviewer: This permission level grants full access to the Rakuna Web Dashboard and Recruit Mobile App.
  • Mobile: This permission level grants full access to the Rakuna Recruit mobile app only. A Mobile user only has access to “Settings” on the Rakuna Web Dashboard.
Do you allow multi-factor authentication?

Rakuna provides credential-based authentication using email and password, but we can enable multi-factor authentication if needed.

How does Rakuna handle testing for product security?

To maintain the optimal quality level and security standards, Rakuna conducts testing from both internal and external perspectives:

1. Internal: Multi-level testing in the development process with the involvement of both human and automation tests:

  • Unit testing: since the Rakuna development team adopts the Test-driven Development (TDD) process, each mini-feature (or unit) has its own set of RSpec test cases defined before they are built. Unit testing is usually carried out automatically on local and development environments and is already implemented as a part of the development tools to make sure that each mini-feature function was designed in the first place.
  • Integration testing: a collection of unit tests from individual mini-features makes up integration testing. Similar to unit testing, these cases are also defined pre-development and are done by automation on the development environment, but with additional test cases to cover the compatibility of different groups of individual units.
  • System testing: once groups of individual unit tests are verified with integration testing, system testing is done to make sure the whole feature works as a whole completed feature. The system testing cases are both performed by both automation and human with a white-box testing method on the development environment.
  • Acceptance testing: upon being verified by system testing that the completed feature is ready to roll out, acceptance testing is conducted on staging and production environments by both internal human testers and all external human stakeholders through Rakuna limited pilot programs.

2. External: Done by third party services and external users:

  • Security testing: consisted of automated services provided by integrated third party providers (Amazon Web Services, Heroku, Sqreen). These scheduled security services are scheduled and performed monthly to scan the production environment for application security vulnerabilities.
  • Penetration testing: a set of application security procedures performed by classified external security providers/contractors as an annual security requirement. These are usually done during the year-end low-traffic season in the production environment.
  • Pilot program participants: users from organizations that are registered with Rakuna limited pilot programs for early product usage.
What is GDPR?

The General Data Protection Regulations, or GDPR, is a set of laws issued by the European Union that came into effect in May 2018 to protect people from breaches and misuse of personal data. This includes personal identification, user activities within the system and any other piece of information that any user may or may not have remembered providing.

I am not based in the EU, does GDPR affect me?

Chances are you might be processing data of someone who is from the EU's countries, plus Rakuna's system is open for everyone to sign up - yes you are very likely to be affected by GDPR.

The Must-Have Solutions for Modern Recruiters