We take security seriously at Resource. Here are some of the enterprise-grade security and privacy controls we use to protect our customers’ data.
Resource provides a suite of candidate communications tools that simplify and enhance outbound recruiting efforts. Features include: automated candidate email finding, email drip campaigns & insights into click-through and open rates of recipients.
When a user signs in to the Resource application (via our website or the Resource chrome extension), we create a Resource account for the user and link it with the user’s Google account. We ask the user for permission to connect to his or her Google account and authenticate that connection via Google Apps OAuth. This means that each users’ Resource account has the same industry-leading login security as their Google account. Users can add 2-factor authentication via Google if they choose.
Resource requests access to the following Google information so that our features can work:
Resource requests these permissions so we can automatically send multi-stage email campaigns on your behalf. It’s important that the emails are sent through your account so that sent messages don’t end up in the Promotions or Updates folder of a recipient’s inbox.
Additionally, Resource tracks replies to email threads that we create to prevent further outreach on an email campaign once a reply is received.
Resource is careful to store the least amount of Gmail data necessary to perform the above actions. Specifically, we store:
The only exception to this rule is if a response is received from an unexpected email address, and therefore is received on a separate email thread
These tokens are encrypted at rest (using AES-256 encryption).
Resource users have the option to connect their Greenhouse account to enable features like visibility into which candidates other people in their organization have already contacted & enriched candidate data.
When a user connects the Resource application to his or her Greenhouse account via the Greenhouse Apps OAuth, we store the user’s OAuth access token. Customers may also choose to provide Resource with a Greenhouse Harvest API key (encrypted at rest).
Resource requests access to the following Greenhouse information so that our features can work:
Resource requests these permissions so we can create Prospect applications in Greenhouse for candidates sourced in the Resource chrome extension. When creating a new Prospect application, we avoid creating duplicates by:
Resource requests these webhooks so we can provide the most up-to-date information for candidates sourced in Resource, including additional emails that our customers may add to Greenhouse candidate profiles.
We work with industry-leading PaaS and IaaS providers. Our data is stored in GCP Compute Engine virtual machines and we use GCP PubSub and Cloud Functions to manage data flow from Gmail accounts to our data storage. We serve our NodeJS web applications in a hosted, containerized environment called Galaxy, which runs on top of Amazon’s Elastic Container Service on AWS (security features listed here: http://galaxy-guide.meteor.com/security.html)
These infrastructure providers maintain industry-standard security certifications, including ISO 27001, SSAE-16, SOC 1 and SOC 2 certifications.