Security & privacy at Popus
Search firms hand us their most sensitive asset — candidate and client data. We protect it the way a serious, world-class technologist should, respect privacy in every market, and help you operate compliantly.
Security posture
We're pursuing SOC 2 (Type II) and ISO 27001; audits are in progress. Our security program covers the people, processes, and infrastructure that handle your data.
Data protection
Encryption in transit (TLS 1.2+) and at rest (AES-256). Strict role-based access control and least privilege. Per-tenant data isolation. Audit logging. Automated, encrypted backups with disaster recovery. Built on reputable AWS infrastructure with vetted subprocessors.
Privacy by design
Data minimization and purpose limitation. Clear consent handling for candidate data. Data-subject rights — access, correction, deletion — honored on request. A Data Processing Addendum (DPA) is available to clients on request.
Per-market compliance
Compliant with local data-protection law in every market we operate in: Taiwan's PDPA, Japan's APPI, and applicable US privacy law (largely state-level, e.g. California's CCPA/CPRA). Popus is built around proper compliance requirements, so operating on the platform helps you stay on the right side of local data-protection and recruiting rules and lowers your risk. This is support and confidence you can rely on.
Defensible audit trail
The platform records audit logs, activity history, and reports you can produce for a regulator or government review if ever required — so you can demonstrate what was done, by whom, and when. Reliable record-keeping, made easy.
Have a security or procurement question? Book a demo and we'll walk your team through it.