Procurement-grade security, by design.
JobRoute handles workforce data at the intersection of HR, legal, and individual privacy. We are building to the standards our enterprise and public sector customers already hold internally, and we're honest about what's in place today versus what's on the audit calendar. No security theater, no hand-waving.
Security controls, live today.
SSO · SAML 2.0 · OIDC
Single sign-on via Okta, Azure AD, Google Workspace, Ping, and any SAML 2.0 or OIDC-compliant identity provider. SCIM provisioning for user lifecycle automation.
Role-based access control
Granular RBAC with admin, analyst, manager, and viewer roles. Enterprise tier supports custom roles, row-level data filters, and just-in-time access elevation with manager approval.
Immutable audit logs
Every data access, export, configuration change, and integration action is logged with user, timestamp, and action detail. Logs are immutable, retained for the contract term, and exportable via API.
Encryption everywhere
TLS 1.3 in transit, AES-256 at rest. Customer-managed encryption keys (CMEK) available on Partner tier via Azure Key Vault.
Tenant isolation by design
Every customer runs in a logically isolated tenant. Partner-tier deployments include dedicated VPCs, isolated databases, and can run in the customer's own cloud account under a BYOC model.
Backup and recovery
Point-in-time recovery for the last 30 days. Daily encrypted backups to a separate region. Quarterly disaster recovery drills with documented RTO of 4 hours and RPO of 1 hour.
Five commitments we put in writing.
These aren't marketing promises. They are contractual terms in every MSA we sign. If we cannot honor one of them for your use case, we tell you before the contract is drafted.
Most of these we inherit from a decade of enterprise consulting work at QueryNow, where getting HR data handling wrong was never an option.
What we can hand to procurement today.
SOC 2 Type II
SOC 2 Type II preparation underway with third-party advisory. Security questionnaires available pre-audit on request under MNDA.
GDPR & EU AI Act
Data processing addendum available pre-contract. Standard Contractual Clauses for international transfer. EU data residency (Azure Germany West Central) available for enterprise tier. EU AI Act high-risk system controls documented.
HIPAA
For healthcare and life sciences customers handling PHI, we support HIPAA-aligned deployment configurations and sign Business Associate Agreements on a case-by-case basis for Partner-tier engagements.
Your data stays where it needs to stay.
For EU customers, public sector deployments, and regulated industries, data residency is not a preference, it's a requirement. JobRoute runs on Azure in two regions today, with sovereign deployment available for Partner tier.
Cross-region replication, backups, and disaster recovery all respect the primary region contract. Nothing leaves the region by default.
Azure West US 2 (DR)
Azure North Europe / Ireland (DR)
On request for Partner tier
When something goes wrong, this is how we respond.
Detect
24/7 monitoring via automated alerting, log analysis, and external reporting channels (security@jobroute.ai).
Triage
Security lead classifies severity, assembles response team, contains the incident, and begins evidence preservation.
Notify
Affected customers notified with initial facts, scope estimate, and incident lead contact. Regulators notified per jurisdiction.
Resolve + review
Root cause analysis, remediation, public-facing incident report where appropriate, and control updates to prevent recurrence.
Need something we didn't publish here?
For procurement, security review, architecture documentation, sub-processor lists, penetration test summaries, or specific compliance questionnaires (CAIQ, SIG, VSAQ), email security@jobroute.ai or request through your account contact. We respond within two business days.