Security & Privacy

Who is this for? HR managers, IT administrators, procurement teams, and anyone evaluating Tailed's data practices.
This page explains how Tailed stores, protects, and handles your organization's data — in plain language.

Where is our data stored?

Tailed stores all data in Google Cloud / Firebase, hosted in the us-central1 region (Iowa, United States).

All data is stored within Google's infrastructure, which is certified to the highest enterprise security standards (ISO 27001, SOC 2 Type II, and more).

Canadian customers: If you need data residency within Canada, contact us at support@tailed.ca — we can discuss options for Enterprise plans.

How is our data protected?

In transit (while data moves)

Every connection to Tailed — from your browser, from university portals, or from our API — is encrypted using TLS 1.3, the most current and secure version of the web encryption standard. No data travels over the internet unencrypted.

At rest (while data is stored)

All data stored in Tailed is encrypted at rest using AES-256, the same standard used by banks and government agencies. This is handled automatically by Google Cloud — no configuration required on your part.

Candidate data and privacy

Tailed handles candidate data (names, emails, resumes, and more) with care:

Candidates can only be seen by your organization. Tailed enforces strict separation between organizations — there is no way for another customer to see your data, and vice versa.
Candidate data is never sold or shared with third parties for advertising or any purpose other than operating the platform.
Resumes and documents are stored in private, access-controlled storage. Download links are time-limited (expire after 24 hours) and cannot be shared publicly.

Data retention and deletion

Soft delete — your data is always recoverable

When you delete a candidate, a job, or any record in Tailed, it is not immediately destroyed. Instead, Tailed marks it as deleted and hides it from your view. This protects you from accidental deletion and supports audit requirements.

Deleted records are permanently removed after 90 days (configurable on Enterprise plans).

If a candidate submits a request to have their personal data erased (as permitted under GDPR), you can initiate an anonymization request from the candidate's profile. This replaces their personal information with anonymized data while keeping application records intact for your internal reporting.

Data export

You can export all your organization's data at any time from Settings → Data → Export. The export includes candidates, applications, and analytics in standard formats (CSV, JSON).

Compliance

Tailed is designed with GDPR principles in mind:

Data minimization — we only collect what's needed to operate the platform.
Purpose limitation — candidate data is used for recruiting only.
Soft delete with right-to-erasure support.
Data processing for EU organizations is governed by a Data Processing Agreement (DPA). Contact us at privacy@tailed.ca to request a DPA.

PIPEDA (Canada's Personal Information Protection and Electronic Documents Act)

Tailed complies with PIPEDA requirements for organizations operating in Canada, including consent, access, and accuracy obligations for personal information.

Platform uptime and status

We publish real-time system status at status.tailed.ca.

You can subscribe to status updates by email or SMS so you're notified immediately if there is ever a service disruption.

Our monitored services include:

Tailed Dashboard (app.tailed.ca)
Tailed API (api.tailed.ca)
University data extraction service
Email delivery

Audit logs

On Professional and Enterprise plans, Tailed maintains an activity log of all significant actions in your organization — candidate changes, pipeline transitions, team member changes, and login events.

Access the audit log at Settings → Security → Audit log.

Audit logs are retained for 12 months (Enterprise: 36 months).

Reporting a security concern

We take security seriously. If you believe you've discovered a vulnerability or security issue in Tailed:

📧 Email: security@tailed.ca
🔒 We will acknowledge your report within 24 hours and work with you to resolve any confirmed issues responsibly.

Please do not publicly disclose potential vulnerabilities until we have had a chance to investigate and address them.

Frequently asked questions

Can Tailed employees read our candidate data?
Access to customer data by Tailed staff is strictly limited and logged. Staff may access data only when required for support purposes and only with a verified support request open.

Is Tailed SOC 2 certified?
We are currently on the path to SOC 2 Type I certification. Contact us at security@tailed.ca for our current compliance documentation and to discuss enterprise security requirements.

What happens to our data if we cancel our subscription?
After cancellation, your data is retained for 30 days. During this period you can export everything. After 30 days, data is permanently deleted from all systems.

Does Tailed use our data to train AI models?
No. Your organization's data is never used to train AI models or shared with AI providers outside of your explicit actions (e.g. the optional AI assistant integration, where you control the connection).

Last updated: March 2026

Security & Privacy ​

Where is our data stored? ​

How is our data protected? ​

In transit (while data moves) ​

At rest (while data is stored) ​

Candidate data and privacy ​

Data retention and deletion ​

Soft delete — your data is always recoverable ​

Right to erasure (GDPR) ​

Data export ​

Compliance ​

GDPR (EU General Data Protection Regulation) ​

PIPEDA (Canada's Personal Information Protection and Electronic Documents Act) ​

Platform uptime and status ​

Audit logs ​

Reporting a security concern ​

Frequently asked questions ​