Security & trust

We treat your candidate data the way we'd want our own treated. Here's how we keep it safe.

Encryption everywhere

Data is encrypted at rest (AES-256) and in transit (TLS 1.3). All secrets are managed in Vercel and Supabase — never logged.

Strong authentication

Email/password, Google OAuth, Microsoft OAuth, and TOTP MFA. SAML SSO on Enterprise. Session expiry, IP allowlist, and device tracking on the roadmap.

Multi-tenant isolation

Every database query is gated by Postgres Row-Level Security keyed to your organization ID. A compromised app instance cannot read another tenant's data.

Audit logging

Every state-changing action is recorded in a tamper-evident audit log. HR Admins and Function Heads can view, filter, and export the log via the Workspace Settings page.

Bias scanning

AI-generated candidate scores are run through a bias scanner that flags age, gender, and nationality proxies. Surfaced to HR Admin only with a separate audit trail.

Compliance roadmap

GDPR-compliant by default (EU data residency). UAE / Bahrain data residency on Enterprise. SOC 2 Type II audit in progress (target: end of 2026).

Have a security question?

We're happy to walk through our infrastructure, share our pen-test scope, sign your DPA, or fill out a security questionnaire. Email security@icanmena.com and we'll respond within one business day.

· Data Processing Addendum
· Privacy Policy
· Sub-processors list (on request)
· Security questionnaire (on request)