Security & GDPR
Data security at Lusk and General Data Protection Regulation (GDPR) compliancy
Security at Lusk
How does Lusk handle the security of your organization’s data?
All connections to Lusk are secured by HTTPS which encrypts the data flow between client and server. Our API and application endpoints are TLS/SSL only.
All user passwords are securely hashed and salted; passwords are never stored in plain text so nobody can view them, not even our own employees. However it also means that if you forget your password we can’t retrieve it for you. The only solution is to reset it.
All data access is protected by a role and visibility -based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.
In addition to the backups of your data stored within Amazon’s hosting infrastructure, we also make hourly backups of our entire database that are kept in long-term storage.
Additionally, you can also create your own local backup of candidate data that you have in Lusk at any time you choose and as many times as you like by using the Export data feature*
*This feature is under development and will be coming soon.
Access to customer data
All persons with potential access to sensitive or personal data are bound by our internal personal data protection policy that outlines their responsibility in the area of data security. Our customer support team can only access your data if you add them as a member to your organization.
Loss, misuse or alteration of your data
Unfortunately no method of transmission over the Internet, or method of electronic storage, can be guaranteed to be 100% secure. As a result, while we strive to protect your organization data, Lusk cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your data, we make our best effort to ensure security on our systems.
As of the 25th of May 2018 the European Union’s General Data Protection Regulation is upon us and impacts any business processing personal data of EU residents, regardless of whether the processing takes place in the EU or not. With your candidates’ personal data being a key component of the data we process for you in Lusk, we have completed the necessary steps to ensure that we are compliant.
The GDPR has strict requirements for moving data outside of the EU. If Lusk engages sub-processors outside of the EU, it is our responsibility to ensure that we transfer data according to the GDPR. Below we provide an up-to-date list of sub-processors.
Amazon Web Services, Inc., Cloud Service Provider (EU region), Ireland & United States
Salesforce Heroku, Cloud-based Managed Application Provider (EU region), United States
mLab, Cloud-based Managed Database Provider (EU region), United States
OVH, Dedicated Servers Provider, France
WEDOS, Dedicated Servers Provider, Czech Republic
Glow, Content Delivery Network (CDN) Provider, Czech Republic
Intercom, Cloud-based Customer Support & Communication Services, United States
Mailgun Technologies, Inc., Cloud-based Email Notification Services, United States
Sentry, Error tracking and monitoring , United States
Keen IO, Cloud-based platform for tracking of end user usage data & candidate data, United States
CloudConvert, Cloud-based File Conversion Services, Germany
PipeDrive, Cloud-based Sales CRM, Estonia
Google Inc., Cloud-based Email Services & Data Analytics, United States