Security & Privacy

ALOT is designed to help teams run secure hiring operations with clear access control, auditable workflows, and encrypted transport for data in motion.

Access Control

Organization-scoped access boundaries for data isolation.
Role-based member permissions for operational control.
Scoped API keys to limit integration blast radius.

Data Handling

HTTPS/TLS for client and API traffic.
Signed webhooks to prevent payload tampering.
Candidate records and assessment results retained under organization ownership.

Operational Recommendations

Restrict dashboard access with strong password policies and SSO when available.
Rotate integration secrets on a regular schedule.
Review webhook delivery logs and anomaly alerts frequently.
Limit production access to least privilege team members.

Incident Response

If you suspect account compromise, revoke affected API keys, rotate webhook secrets, and contact support immediately through the contact page.