Built on verification, consent, and control
Split-fee recruiting involves sensitive information on every side of a deal — client relationships, candidate identities, and money. Here's how Recruiters.co protects all three.
Network verification
Every participant is verified before they can transact
Organization verification
Recruiters, agencies, and employers verify their organization before they can post job orders, submit candidates, or engage with the network.
Access control
Confidential job orders and executive searches are invite-only. Access can be granted and revoked per role, per recruiter.
Full audit trail
Views, submissions, ownership claims, and access changes on sensitive records are logged and available for review.
Field-level redaction
Sensitive fields — like candidate identity in a blind profile — are permissioned separately from the rest of a record, not just hidden in the UI.
Candidate privacy
Candidate identity is protected until engagement
Blind profiles by default
Candidates shared between recruiters are represented as blind profiles. Identity is revealed only when an employer or recruiter chooses to engage.
Explicit, scoped consent
Candidate consent is captured with a defined scope and expiration — it does not carry forward indefinitely or apply beyond what was agreed.
Duplicate detection without exposure
When two recruiters may be working the same candidate, we compare keyed hashes of identifiers to flag the conflict without revealing the other recruiter's candidate identity.
Ownership disputes go to human review
Material candidate-ownership disputes are routed to structured human review rather than resolved automatically.
Data security
Practices we design toward, end to end
These are engineering practices and commitments, not a certification — see the note on independent audits below.
Encryption in transit
We encrypt data in transit with TLS between your browser, our application, and the services it depends on.
Encryption at rest
Data is stored at rest with encryption where supported by our database and object-storage providers.
Least-privilege access
Internal access to production data is scoped by role, and platform-level admin actions are treated as a distinct, permission-gated category — not just another query.
Audit logging of sensitive actions
Role grants, verification decisions, agreement changes, and every payment or payout state transition are written to an append-only audit log.
Tenant isolation
Every data-access path applies organization scoping from your verified session — never from a client-supplied ID — so one organization's data stays separated from another's.
Upload scanning workflow
Resumes, agreements, and other uploaded files are designed to move through a malware-scanning step before they're made available to another party.
Payments
Money moves through a reconciled ledger
Invoicing, split allocations, guarantee reserves, and payouts are recorded in an immutable financial ledger. Split allocations are locked to the signed agreement before funds move, and refunds or disputes follow the same recorded process.
Card data is handled entirely by Stripe, a PCI-DSS Level 1 service provider — Recruiters.co never stores full card numbers. Payouts to recruiters, agencies, and other marketplace participants move through Stripe Connect, with each recipient organization separately onboarded and subject to Stripe's own verification requirements.
Card data handled by Stripe
PCI-DSS Level 1 service provider
Payouts via Stripe Connect
Multi-party transfers, idempotent
Guarantee reserves held
Released per guarantee terms
Every transaction logged
Immutable financial ledger
Platform integrity
Guardrails around every transaction
Rate limiting
Automated abuse of marketplace endpoints — scraping, bulk submissions, credential stuffing — is throttled at the platform level.
Idempotent webhooks
Payment and third-party webhook events (Stripe and others) are deduplicated and processed idempotently, so a retried delivery can't double-charge or double-post a transaction.
Reconciliation, not silent correction
Ledger and payout state is checked against the payment provider on a recurring basis; discrepancies are surfaced for review rather than corrected silently.
Reliability
Infrastructure built to stay up and stay correct
Managed hosting
The application runs on managed infrastructure with a defined deployment process, rather than hand-maintained servers.
Backups
The production database is backed up on a recurring schedule as part of our operational baseline.
Monitoring & error tracking
Application errors and service health are tracked so issues can be identified and addressed quickly.
Responsible disclosure
Found a security issue? Tell us.
If you believe you've found a security vulnerability in Recruiters.co, please report it to [email protected] with enough detail to reproduce the issue. Please give us a reasonable opportunity to investigate and address a report before any public disclosure, avoid accessing or modifying data beyond what's necessary to demonstrate the issue, and avoid testing against real user or candidate data where a safe alternative exists. We will acknowledge good-faith reports and do not pursue legal action against researchers who follow these guidelines.
The practices on this page describe our engineering approach and commitments. Recruiters.co does not currently hold SOC 2, ISO 27001, PCI-DSS, HIPAA, or similar third-party certifications, and this page is not a compliance attestation. Card processing is handled by Stripe, which is independently PCI-DSS Level 1 certified as a payment service provider.
Read more
Our commitments in writing
These pages define our specific commitments to recruiters, employers, and candidates, including which categories of subprocessors we use to run the Service.
Questions about how we handle your data?
Reach out and we'll walk you through it directly.