Security you can audit.

We love when your IT team asks questions. Here are the most common answers.

Authenticator-app based. No SMS. Optionally enforced org-wide.

Every mutation on candidate, application, offer is logged with timestamp + actor. Export on request.

TLS 1.3 in transit. Encryption at rest on DB and backup volumes. Short-lived JWT.

Daily DB snapshotting. Point-in-time restore for any day in the last 30.

No third-country transfer. DPA on request. No US-cloud dependency for candidate data.

Report security issues to security@KI BMS. We respond within 24h and publish patches transparently.