Giftem | Trust Center

Giftem Trust Center

Transparency on how we secure GovTech recruiting data—today and on our roadmap.

Last updated 12 May 2025

Why Security Matters in GovTech Recruiting

You handle Personally Identifiable Information (PII), clearance statuses, and contract‑sensitive data every day. Federal customers expect uncompromising protection and clear evidence of compliance. Giftem commits to full transparency so you can recruit with confidence.

This page outlines our current controls, the partner attestations we inherit, and the planned upgrades that will bring us to FedRAMP‑aligned hosting and SOC 2 Type II certification.

Current State Controls (Q2 2025)

Encryption in Transit

TLS 1.2 across core Giftem services

HSTS + Perfect Forward Secrecy

Default TLS 1.3; falls back to 1.2 where provider limits apply.

Encryption at Rest

Primary DB encryption planned Q3 2025; backups already AES‑256

Application data encryption roadmap → Q3 2025

Customer‑provided KMS keys: expected Q3 2025

Infrastructure

AWS us‑east‑1 multi‑AZ

Containerized services on AWS EKS

GovCloud migration pilot → Q4 2025

Partner Controls We Inherit

AWS (EKS, RDS, S3)

Giftem production currently runs in us‑east‑1; GovCloud migration targeted Q4 2025.

Regular 3rd‑party penetration tests & 24/7 monitoring.

E‑Verify Web Services

Operated by the U.S. Department of Homeland Security.

HTTPS/TLS‑1.3 endpoints; audit logs retained per DHS policy.

Our E‑Verify integration is delivered via DHS‑certified web services

SAM.gov & FPDS‑NG APIs

HTTPS only; no candidate PII transmitted.

GDPR Wording

All sub‑processors used for GovTech APIs are bound by GDPR‑compliant Data Processing Agreements; Giftem is the data controller for recruiter and candidate data. Giftem executes DPAs with all current sub‑processors; future vendors added post‑DPA review.

Road‑Mapped Upgrades

Q3 2025 – AES‑256 At‑Rest & Customer KMS

Full database encryption with AWS KMS.

Option to bring your own CMK for federal clients.

Q4 2025 – SOC 2 Type II Audit

Audit facilitated by WorkOS bridge.

Audit scheduled Q4 2025; no SOC 2 report issued yet.

Q4 2025 – AWS GovCloud Migration

GovCloud staging October 2025; production cut‑over December 2025.

Production cut‑over scheduled December 2025.

Q3 2025 - AI Fraud Shield & Biometrics

Private beta July 2025, general availability TBD.