Last Updated: October 10, 2019
Security and data privacy are top priorities for Interview Cycle because they are fundamental to your experience with our product. Interview Cycle is committed to securing your application’s data, eliminating systems vulnerability, and ensuring continuity of access.
We use a number of industry-standard technologies and services to secure your data from unauthorized access, disclosure, use, and loss, some of which are discussed below.
Interview Cycle is hosted behind Cloudflare, a distributed DNS that serves over 20 million sites worldwide. Among other services, it provides DDos protection and makes it difficult for bots or unscrupulous services to visit interviewcycle.com. We leverage Cloudflare SSL certificates to enable HTTPS and provide a secure connection for our users.
All passwords are salted and hashed using industry standard cryptographic utilities. When querying user names for display, we never return confidential information such as passwords or secret tokens. As mentioned above, all data in Interview Cycle servers is automatically encrypted at rest by GCP and AWS - even with physical access, data would be extremely difficult to decipher. Encryption at rest also enables continuity measures like backup and infrastructure management without compromising data security and privacy. Interview Cycle sends out email updates and notifications. We enable domain authentication to explicitly inform your email service about the sender (Interview Cycle) and reduce the possibility of phishing scams.
Interview Cycle is the assigned administrator of its infrastructure on GCP and AWS. Database access is limited, and specific private keys are required for individual servers. These keys are password-protected and stored in a secure location. All new users go through a 2-step verification process. They must register with and verify their work email. Then, the appropriate administrator is notified of the new registration, and must approve the user/email before they can access the system.
Unusual network patterns or suspicious behavior are key methods to detect attacks in a timely fashion. GCP intrusion detection and prevention systems (IDS/IPS) rely on both signature-based security and algorithm-based security to identify traffic patterns that are similar to known attack vectors. Using IDS/IPS, GCP attempts to automatically remedy dangerous situations and halt known threats. While Interview Cycle does not directly utilize intrusion detection techniques, we rely on infrastructure monitoring as well as reports from Cloudflare and GCP to remain aware of malicious activity. If you would like to report a vulnerability or have any security concerns with Interview Cycle, please contact [email protected] Include a proof of concept, a list of tools used to gain access, and their versions, and other pertinent information about the vulnerability. We take all disclosures very seriously. Once disclosures are received, we will verify each vulnerability before taking the necessary action.
To ensure high availability, Interview Cycle maintain a provisioned, redundant server in case of failure. As part of regular updates and maintenance, servers are taken out of operation without impacting availability. We keep daily encrypted backups of data on GCP. While never expected, in the case of production data loss. we will restore organizational data from these backups. Interview Cycle utilizes industry standard tools for automated error tracking, and continuous infrastructure monitoring. This enables us to rapidly find and fix bugs and make sure our servers and disks are at peak health.
The following section is regarding the collection, use and disclosure of personal information we receive from users of the platform. We use your information only to ensure security and augment the functionality we can provide you. By using interviewcycle.com, you agree to the collection and use of information in accordance with this policy. While using our site, we may ask you to provide us with certain personally identifiable information. Personally identifiable information may include, but is not limited to your name and email address. For example, we require your name and email when you create an Interview Cycle account. These may be used to send you important email notifications about important events, or identify who is creating or updating data on the platform.
Like many site operators, we collect information that your browser sends whenever you visit our site ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we provide certain log information to external services for the explicit purpose of improving the platform and the services we provide you. This includes analytics (Google Analytics) as well as error/infrastructure monitoring tools discussed above. Information is never shared for marketing purposes, nor is it sold, rented or leased to third parties.
You may contact us at [email protected] to find out what information we have collected about you, and to request any changes. You may also ask that we remove your personal data from our system. Data will be deleted upon request, after a brief waiting period.
Like many sites, we use "cookies" (stored on your local hard drive) or the modern equivalent, local storage, to track user sessions and store preferences. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website. Interview Cycle does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.