Product Conditions & Shared Responsibility
PolpoHire operates under a shared responsibility model. We are responsible for securing and operating the platform. Tenants are responsible for secure usage within their organization.
PolpoHire Responsibilities
- Infrastructure security, hosting controls, and platform patching.
- Data protection controls including encryption in transit and at rest.
- Application security controls such as authentication and RBAC framework.
- Operational security, monitoring, incident response, and restore procedures.
- Compliance support features including audit logging and data handling workflows.
Tenant Responsibilities
- User lifecycle management, permissions, and access revocation.
- Lawful data processing and retention policies for candidate data.
- Endpoint and credential security inside the tenant organization.
- Security review and management of third-party integrations and API keys.
- Internal process controls, training, and compliance governance.
In most cases, the tenant acts as Data Controller and PolpoHire acts as Data Processor. PolpoHire processes candidate data according to tenant instructions and the applicable data processing agreement.