Security & Protection

At ReechOut, security is fundamental to everything we do. We are committed to protecting your data and ensuring the confidentiality, integrity, and availability of all information processed through our platform. We implement industry-leading security measures and follow best practices to safeguard your sensitive data.

Our security framework is designed around widely recognized security and data-protection best practices, with a focus on strong encryption, strict access controls, and responsible data handling.

2.1 Encryption in Transit

All data transmitted between your devices and our servers is encrypted using Transport Layer Security (TLS). HTTPS is enforced across our web application and API, so your data cannot be read by unauthorized parties in transit.

• HTTPS is enforced for all web and API traffic
• Strict transport security is enabled to prevent protocol downgrade
• Connections to our data stores require encrypted channels

2.2 Encryption at Rest

Data we store in our managed databases and file storage is encrypted at rest by our cloud infrastructure providers, with encryption keys managed through their secure key-management services. This includes uploaded files such as resumes, which are stored in encrypted cloud object storage.

We implement multiple layers of access controls to ensure that only authorized personnel can access your data.

3.1 User Authentication

• Passwords are stored using a strong, salted one-way hashing function, never in plain text
• Short-lived access tokens with automatic expiry, stored using browser protections that block script access and cross-site misuse
• Session tokens are rotated on use, with automatic detection and revocation of reused tokens
• Email verification is required before account access
• Rate limiting on login, signup, and password-reset flows to slow brute-force attempts

3.2 Role-Based Access Control

Our platform uses role-based access control (RBAC) to ensure users only have access to the data and features necessary for their role. Access permissions are regularly reviewed and updated.

3.3 Employee Access

ReechOut limits access to customer data to personnel who need it to operate and support the service, and only to the extent required for their role.

4.1 Cloud Infrastructure

Our application is hosted on managed cloud infrastructure operated by established providers whose data centers maintain physical security, environmental controls, and their own compliance programs. We rely on these providers for encrypted storage, network protection, and infrastructure resilience.

4.2 Application Hardening

We apply defense-in-depth practices at the application layer, including:

• Hardened browser security response headers across our web and API surfaces
• Restrictive cross-origin request controls
• Per-client rate limiting on sensitive endpoints
• Automated bot and abuse protection on account signup

We are committed to protecting your privacy and handling your data responsibly.

5.1 Data Minimization

We only collect and process data that is necessary for providing our services. We do not sell your data to third parties.

5.2 Data Retention and Deletion

We retain data only for as long as necessary to provide our services and to meet legal obligations, as described in our Privacy Policy. When an account or its associated records are deleted, related data such as interviews, candidates, and reports is removed along with it. If you would like your data deleted, you can contact us at support@reechout.com.

We design our practices around established data-protection principles and align our controls with the requirements of applicable privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), depending on where you and your candidates are located.

As our security program matures, we continue to strengthen our controls and pursue independent assessments. We will update this page as additional attestations or certifications are completed. If you have specific compliance requirements, please contact us at support@reechout.com.

7.1 Application Logging

We log application and request activity to help us operate the service, diagnose issues, and investigate suspicious behavior. Sensitive personal identifiers are masked in our logs to limit exposure of personal data.

7.2 Incident Response

In the event of a security incident affecting your data, we will work to identify, contain, and remediate the issue, and we will notify affected users promptly in accordance with applicable laws and regulations.

While we implement comprehensive security measures, you also play an important role in keeping your account secure:

• Use a strong, unique password for your account
• Keep your devices and browsers updated
• Never share your login credentials with others
• Log out when using shared or public computers
• Be cautious of phishing attempts and suspicious emails

We take security vulnerabilities seriously. If you discover a security vulnerability in our platform, please report it to us responsibly. We will acknowledge your report and work with you to address the issue.

Please send security vulnerability reports to support@reechout.com. We appreciate your assistance in keeping our platform secure.

Security is an ongoing process. We review our code and infrastructure as part of our development practices, keep dependencies and systems updated, and continue to invest in strengthening our controls as the platform grows.

Our application runs on managed cloud infrastructure that provides automated database backups and infrastructure redundancy. We rely on these capabilities to help recover data and restore service in the event of an outage.

If you have any questions about our security practices or wish to report a security concern, please contact us: