Privacy & Compliance
Earning and keeping your trust is our highest priority to which we adhere to widely accepted standards and regulations. Our security practices comply with the most widely accepted standards and regulations. Our independent third-party auditors test our controls and provide their reports and opinions — which we share with you whenever possible.
- What kind of data we collect and why
- With whom we may share information
- How we protect this data and how long we retain it
- Where we keep and transmit your data
- What happens if the policy changes or if you have questions
ISO/IEC 27001:2013 - Information Security Management System
SO/IEC 27001 is recognized as the premier information security management system (ISMS) standard worldwide. ISO/IEC 27001 also leverages the comprehensive security controls detailed in ISO/IEC 27002. The basis of this certification is the development and implementation of a rigorous security management program, including the development and implementation of an Information Security Management System (ISMS).
EU General Data Protection Regulation (GDPR)
The General Data Protection Regulation 2016/679, or GDPR, is a European Union regulation that marks a significant change to the existing framework for processing personal data of individuals in the EU. HackerRank is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
For GDPR, we have ensured that we are compliant with the rules laid out by the law and provided product functionality that enables our customers to remain compliant. Because we process candidates on behalf of our customers, according to GDPR, we are considered a Data Processor and the customer organization is regarded as the Data Controller. In the capacity of a Data Processor, all the candidate information we receive or collect is handled securely with adequate data protection. We also have an incident response plan in place to address an unforeseen incident that can put customers’ candidates’ personal information at risk, in accordance with the Article 32 of the GDPR regulation.
Independent third-party audits
We use independent third-party auditors to test our systems and controls against some of the most widely-accepted security standards and regulations in the world, such as ISO 27001. These reviews occur at least annually and are conducted by globally-respected audit and security firms that are independent and thorough in their inspections.
Breach detection and monitoring
We have a security monitoring team dedicated to detecting signs of a data breach. Our security practices are constantly evolving in order to address new types of security threats and further strengthen our detection capabilities.
External and internal application security testing
Our security team performs automated and manual application security testing on a regular basis to identify and patch potential security vulnerabilities and bugs on our products. Our security testing procedure includes threat-modeling, manual code review, automated scanning, and third-party assessments. Our bug bounty program is the cornerstone of security testing for each and every HackerRank product.