Security and compliance

Findem’s approach to security, compliance, and privacy

The protection of Findem’s client and partner data is central to everything we do as an organization. Findem has built a talent data platform with reliability, privacy, and security at its core to ensure companies can thrive.
Why Findem?
Man looking at computer with security details

Findem complies with industry standards and maintains these certifications

A commitment to security, privacy and compliance

Compliance

Findem employs an in-house team dedicated to proactively monitoring data security and evolving research methods to ensure data compliance, protection, and privacy regulations are maintained. 

GDPR & CCPA

Findem’s platform implementation provides all customers with the ability to comply with the GDPR and CCPA. Findem supports its customers’ own compliance programs on an ongoing basis through product features, integration, and configuration options, as required by customers.

  • Findem’s Privacy Policy provides additional detail. 
  • A review of Findem’s GDPR compliant strategy is part of the sales process.

Data inventory

Findem has reviewed and identified all areas where customer data is collected and processed, validated and guided by Findem’s legal team. Findem ensures that the appropriate security and privacy safeguards are implemented and maintained across Findem’s infrastructure and software ecosystem. Findem’s Privacy Policy provides more detail about Findem’s data collection methods and data usage. 

SOC 2

As part of Findem’s commitment to protecting client data, Findem undergoes annual SOC 2 audits with a third-party evaluator certified by The American Institute of CPAs (AICPA). This audit uses the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of a service organization’s controls.

OFCCP

Findem supports record keeping standards established by the Office of Federal Contract Compliance Programs (OFCCP) as required by customers who are subject to OFCCP.

Data subjects/consumer rights

Both the GDPR and the CCPA give data subjects/consumers the right to request access to, correction of, or deletion of their personal data in certain circumstances. When using Findem, you can comply with deletion requests by deleting the candidates’ data from your Findem account, as well as designating the supplementary data Findem provides as excluded from future use by your team. For individuals who want to access their personal data, you can export all of the relevant data from your Findem account in a computer-readable CSV format. Findem can also help you with this process if required.

Campaigns and Personally Identifiable Information

By default, customers will not provide or receive any personally identifiable information (PII) via the Findem platform. Findem does not collect or share sensitive information such as browser history, health, or financial information, or any other information about a person in a family or household capacity.

If customers choose to use the campaign feature on Findem, Findem may provide individuals’ email contact information via the platform, surfaced through Findem partnerships with third-party integrations, which can be used in outreach to potential candidates.

As part of this feature, Findem has the proper privacy controls in place — any individual can opt out of interactions with any company through the Findem platform and enforce their privacy settings. For example, if an individual has been contacted by one of Findem’s customers utilizing the Findem platform as part of an outreach campaign, the individual has the option to opt-out via an unsubscribe link in the outreach (ie. email). This unsubscribe is enforced for the whole company domain attempting to send correspondence to an individual.

Responsible AI

Artificial intelligence (AI) has been core to Findem since its founding in 2019. Findem is committed to the responsible and ethical use of AI to assist talent decision makers.

Security

Findem seeks to protect data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of data and how Findem processes that data.

Organizational security

All Findem employees receive security, privacy, and compliance training during the onboarding process in their first employment week. In addition, Findem provides laptops to all employees which are fully encrypted, while the admin configurations are installed on laptops and workstations with firewalls.

Data security

Data encryption

Findem encrypts all data at rest and in transit using the AES256 standard. The encryption keys are rotated periodically. Findem classifies data as follows:

Confidential

Highly sensitive data requiring the highest levels of protection; access is restricted to specific employees, roles, and/or departments, and these records can only be passed to others with approval from the data owner, or a company executive. Confidential data is subject to the following protection and handling requirements:

  • Access is restricted to specific employees, roles, and/or departments.
  • Confidential systems shall not allow unauthenticated or anonymous access. 
  • Confidential Customer Data shall not be used or stored in non-production systems/environments.
Restricted

Findem proprietary information requiring thorough protection; access is restricted to employees on a need-to-know basis. This data can only be distributed outside the company with approval. This is the default for all company information unless stated otherwise. Restricted data is subject to the following protection and handling requirements:

  • Access is restricted to users on a need-to-know basis.
  • Restricted systems shall not allow unauthenticated or anonymous access.
  • Transfer of restricted data to people or entities outside the company or authorized users shall require management approval and shall only be done in accordance with a legal contract or arrangement, or the permission of the data owner.

Application security

Software development lifecycle

‍Findem has adopted secure coding practices and code reviews. In addition, Findem performs regular application testing. All developers are required to go through proper training that includes security principles, practices, and OWASP Top 10 Security Risks. Findem code review process ensures that all code is assessed and validated.

Penetration testing

Findem regularly performs application vulnerability testing to assess application security. A copy of Findem’s latest Penn Test can be obtained upon request.

Authentication

‍Findem supports login from single-sign-on initiated through third-party identity providers' compliant solutions. Findem uses security roles and configurations for Findem customers to easily manage user access and meet their organization’s security requirements.

Infrastructure security

Findem uses the major cloud platform providers to host its infrastructure, environments, and applications. Findem’s dedicated team deploys and maintains all applications within secure networks designed using industry best practices. In addition, Findem performs the following operations:

  • Constantly monitor infrastructure and applications to identify and address threats and vulnerabilities.
  • Regularly train engineers on secure coding practices and securely deploy application and infrastructure changes.
  • Perform regular assessments of Findem security controls.

Operational security

Findem uses the major cloud platform providers to host its infrastructure, environments, and applications, and ensure they have secure facilities and processes to host the management and processing of customer data. We periodically review the compliance requirements of these cloud providers to ensure their security controls are audited and meet industry standards and regulatory requirements.

Privacy

Findem is a matching platform, not a browsing platform. The information Findem indexes about an individual will only be accessible when that person’s attributes are a match for a specific role.

Privacy policy

Individuals contacted via the Findem platform always retain the ability to change or delete their information as well as unsubscribe from campaigns. 

Only consenting candidates are added to Findem’s customers’ Applicant Tracking Systems. Customers can add an unsubscribe link to any email/campaign sent out using the Findem platform. 

Findem's full privacy policy is available here.

Opt out

If at any point an individual wishes to have their information removed from Findem’s database or updated, they may do so via the do not sell page. To correctly process any opt out request, Findem requires individuals to provide their email address and any public profile URLs. This data will be removed from Findem’s system once the opt out has been processed. 

Trusted by innovative talent teams

Start with the warmest leads

Turn your talent acquisition strategy inside out with Findem
Request a demo