Start free
Security

Trust Center

Security and privacy are at the core of everything we build. Learn how Olibr protects your data, maintains compliance, and earns your trust.

Last Updated: May 11, 2026

Encryption

AES-256 at rest, TLS 1.2+ in transit

Access Controls

Role-based access with audit logging

Privacy First

GDPR & CCPA compliant practices

Secure Infra

SOC 2 compliant cloud hosting

Incident Response

24-hour response SLA

Regular Audits

Continuous security assessments

Table of Contents

1. Our Commitment to Security2. Data Protection3. Infrastructure Security4. Access Controls5. Data Privacy6. Compliance & Certifications7. Incident Response8. Responsible Disclosure9. Third-Party Security10. Contact

1. Our Commitment to Security

At Olibr, security is not an afterthought -- it is a foundational principle that guides every aspect of our platform. We handle sensitive data including resumes, professional profiles, company information, AI interview recordings, and payment details. We take this responsibility seriously.

Our security program is built on industry best practices and is continuously improved to address evolving threats. We invest in people, processes, and technology to ensure that your data is protected at every layer.

Our security team monitors threats around the clock and conducts regular assessments to identify and address vulnerabilities before they can be exploited.

2. Data Protection

2.1 Encryption at Rest

All sensitive data stored on our servers is encrypted using AES-256 encryption. This includes candidate personal information, employer data, AI interview recordings, OAuth tokens, and payment-related records. Encryption keys are managed through a dedicated key management system with automatic rotation.

2.2 Encryption in Transit

All communications between your browser and our servers are encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints and use HSTS (HTTP Strict Transport Security) headers to prevent downgrade attacks.

2.3 GDPR & CCPA Compliance

Olibr complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for California residents. We provide users with full control over their data, including rights to access, rectify, delete, and port their personal information.

  • Data minimization: We collect only the data necessary to provide our services.
  • Purpose limitation: Data is used only for the specific purposes disclosed at the time of collection.
  • Storage limitation: Data is retained only as long as necessary to fulfill its intended purpose.
  • Data subject rights: Users can exercise their rights through their account settings or by contacting our privacy team.

3. Infrastructure Security

Our platform is hosted on secure cloud infrastructure with enterprise-grade physical and network security controls.

  • Cloud Hosting: Our infrastructure is hosted on SOC 2 compliant cloud providers with data centers in secure, access-controlled facilities.
  • Network Security: We use firewalls, intrusion detection systems (IDS), and network segmentation to isolate and protect critical systems.
  • DDoS Protection: Our infrastructure includes DDoS mitigation services to ensure platform availability during volumetric attacks.
  • Regular Vulnerability Scanning: Automated vulnerability scanners continuously assess our infrastructure and applications for known vulnerabilities.
  • Penetration Testing: We conduct regular penetration tests through both internal and external security assessors to identify and remediate potential weaknesses.
  • Patch Management: Critical security patches are applied within 24 hours of release. Non-critical patches are applied within our regular maintenance windows.

4. Access Controls

We enforce strict access control policies to ensure that only authorized individuals can access sensitive data and systems.

4.1 Role-Based Access Control (RBAC)

Access to data and systems is granted based on the principle of least privilege. Each team member is assigned a role with only the permissions necessary to perform their job function. Access rights are reviewed quarterly and revoked immediately upon role change or departure.

4.2 Multi-Factor Authentication (MFA)

Multi-factor authentication is enforced for all internal systems, cloud infrastructure access, and administrative dashboards. We support hardware security keys and authenticator apps.

4.3 Audit Logging

All access to sensitive data and administrative actions are logged with timestamps, user identifiers, and action details. Audit logs are retained for a minimum of 12 months and are reviewed regularly for anomalous activity.

5. Data Privacy

Privacy is integral to our platform design and operations. Our complete data handling practices are described in our Privacy Policy.

  • Data Minimization: We collect and process only the data that is strictly necessary for delivering our services. We regularly review our data collection practices to eliminate unnecessary data points.
  • Purpose Limitation: Personal data is processed only for the purposes specified at the time of collection. We never use candidate data for purposes beyond legitimate recruitment activities.
  • Consent Management: Users have full control over their data sharing preferences. Candidates can choose how their profiles are shared with employers, and employers can configure retention policies for uploaded candidate data.
  • Data Portability: Users can export their data in machine-readable formats at any time through their account settings.
  • Right to Deletion: Users can request complete deletion of their personal data. We process deletion requests within 30 days as required by applicable law.

6. Compliance & Certifications

Olibr maintains compliance with the following standards and regulations:

Standard / RegulationStatusDescription
GDPRCompliantEU data protection for EEA/UK users
CCPACompliantCalifornia consumer privacy protections
IT Act, 2000 (India)CompliantIndian information technology and data protection regulations
SOC 2 (Infrastructure)Via cloud providerSecurity, availability, and confidentiality controls
PCI DSSVia RazorpayPayment card data security (delegated to payment processor)
OWASP Top 10ImplementedWeb application security best practices

We continuously evaluate emerging regulations and update our compliance program accordingly.

7. Incident Response

Olibr maintains a documented incident response plan to ensure rapid and effective handling of security events.

  • Dedicated Security Team: Our security team is responsible for monitoring, detecting, and responding to security incidents around the clock.
  • 24-Hour Response SLA: We commit to acknowledging and beginning investigation of any reported security incident within 24 hours.
  • Breach Notification: In the event of a data breach, we will notify affected users and relevant authorities within the timeframes required by applicable law (72 hours under GDPR, as required under CCPA).
  • Post-Incident Review: After every incident, we conduct a thorough post-mortem to identify root causes, implement corrective actions, and update our security controls to prevent recurrence.
  • Communication: We maintain transparent communication with affected parties throughout the incident lifecycle, providing regular updates until the issue is fully resolved.

8. Responsible Disclosure

We value the security research community and encourage responsible disclosure of any vulnerabilities discovered in our platform.

How to Report a Vulnerability

  1. Email your findings to security@olibr.com with a detailed description of the vulnerability.
  2. Include steps to reproduce the issue, potential impact, and any proof-of-concept code (if applicable).
  3. Allow us reasonable time (up to 90 days) to investigate and remediate the issue before any public disclosure.

Our Commitment to Researchers:

  • We will acknowledge receipt of your report within 48 hours.
  • We will not pursue legal action against researchers who follow responsible disclosure practices.
  • We will provide credit to researchers (with permission) for valid vulnerability reports.
  • We will keep you informed about the status and resolution of reported issues.

9. Third-Party Security

We carefully assess and monitor the security practices of all third-party vendors and service providers that have access to user data.

9.1 Vendor Assessment

Before engaging any third-party vendor, we conduct a thorough security assessment that evaluates their data protection practices, security certifications, incident response capabilities, and regulatory compliance. Only vendors meeting our security standards are approved.

9.2 Data Processing Agreements

All third-party vendors that process personal data on our behalf are required to sign Data Processing Agreements (DPAs) that establish clear obligations regarding data handling, security measures, breach notification, and data deletion upon contract termination.

9.3 Ongoing Monitoring

We conduct regular reviews of our vendor relationships to ensure continued compliance with our security requirements. Vendors are reassessed annually, and access is revoked promptly if a vendor no longer meets our standards.

10. Contact

If you have questions about our security practices, want to report a vulnerability, or need more information about our compliance program, please reach out:

Olibr Resourcing Pvt Ltd

Security Team: security@olibr.com

Privacy Team: privacy@olibr.com

General Support: support@olibr.com

Website: https://olibr.com

For urgent security concerns, please email security@olibr.com with "URGENT" in the subject line for prioritized handling.