<aside> ⚠️ This guide outlines frequently asked questions from security teams. Please note that this page is for informational purposes only. Although we do our best to keep this information up-to-date, you should always refer to our Terms, Privacy Policy, or your signed agreements with Ashby for the most accurate information. Please reach out to [email protected] if you have questions not addressed in this page.
</aside>
Ashby is an all-in-one recruiting platform that replaces several classes of software your Talent team uses. As a result, Ashby’s integration with your company’s IT systems will require the same access as the software it replaces. Below is a summary of what we replace that requires access to sensitive data (and consequently is relevant to a security risk assessment).
| Software Class | Comparable Software | Data Access |
|---|---|---|
| ATS | Greenhouse | |
| Lever | HRIS Read/Write (e.g., Workday) | |
| Sourcing/CRM | Gem | |
| SourceWhale | ||
| Interseller | Email Read/Send | |
| Scheduling | Calendly | |
| GoodTime | ||
| Modernloop | ||
| Cal.com | Calendar Read/Write |
We ask for the minimum access necessary to provide your Talent team with the full suite of functionality available from these comparable products. While we provide integration options for less information to be accessed by Ashby, it also comes at a cost to functionality and benefits to your Talent team. This document aims to help you assess your options and their tradeoffs to make an accurate risk assessment of Ashby.
The integrations we request give Ashby access to data sensitive to your company, and we take this responsibility seriously. We conduct an annual SOC2 Type II audit and White-Box pentest and use vulnerability detection software for infrastructure, third-party packages, and our application (via a DAST). We also employ a global team of reliability engineers to ensure high availability and security for users at any scale. For further details, please read our security overview or contact our security team at [email protected].
We also provide features and resources for maintaining compliance with privacy regulations such as GDPR and CCPA. For GDPR, see our page outlining how to use Ashby to maintain compliance.
Our integrations with Google Workspace and Office 365 increase the risk profile of Ashby as a vendor, but provide significant benefits to your Talent team. To support several features that increase the speed and efficiency of your hiring, Ashby requests access to the emails and calendars of your team members involved in the hiring process. Ashby will store a subset of this data in our database to allow us to provide a fast and reliable user experience. Our database is encrypted at rest, logically separated by customer, and behind a VPC. All data transmitted between your IT systems, Ashby’s servers, and Ashby’s clients are encrypted in transit. For more information, please read our security overview.
This section explains the benefits Ashby provides for the access we request. Without this access, the functionality described will not be available.
When Ashby can send email through your email provider (e.g., Gmail), your Talent team and hiring managers can utilize the following functionality:
https://lh7-us.googleusercontent.com/DdcvAhHIlnT8NYajNSA6XXarVyY4-nnomSwKE1R5X1iBkiH0XGNfSyQYfDf5FpkvTROGifc_yQxVX_IU4FJ8HKygjhyWg49IwCRtt0dwTRqKEkgs0IdvssnTKMVmeB2xYEsvforlujvg1GPv4iX3AqY
When Ashby can read emails through your email provider, your Talent team and hiring managers can utilize the following functionality: