Confeticonfeti
Trust Center

Security you can verify

RecruitOS is CASA Tier 2 verified and ESOF Shield certified. Our platform is built with SOC 2–aligned controls — we are not yet SOC 2 Type II attested, but CASA validation and our security program cover the application-security bar enterprise teams expect.

CASA Tier 2 verifiedSince May 15, 2026SOC 2 readiness
ESOF Verified and Secured — assessed by TAC Security, ADA CASA Assessor

ESOF Shield Certified
Tier 2 · Verified May 15, 2026

ESOF Verified and Secured — assessed by TAC Security, ADA CASA Assessor
Certification

CASA Tier 2 · ESOF Shield Certified

Verified May 15, 2026 · Assessed by TAC Security

RecruitOS completed Google CASA Tier 2 (lab-tested, lab-verified) through TAC Security, an authorized App Defense Alliance assessor. ESOF Shield certification validates our application security for sensitive data and Google API integrations.

  • Tier 2: lab-tested, lab-verified under the App Defense Alliance
  • TAC Security — Google-authorized ADA CASA assessor
  • Validates application security for sensitive data and API access
  • Revalidated annually under App Defense Alliance requirements
Assurance

What we can stand behind today

CASA Tier 2 verified

RecruitOS completed Google CASA Tier 2 (lab-tested, lab-verified) through TAC Security, an authorized App Defense Alliance assessor. ESOF Shield certification validates our application security for sensitive data and Google API integrations.

SOC 2 readiness

Security policies, access controls, logging, and operational practices are designed around SOC 2 Type II criteria. Formal SOC 2 attestation is planned; CASA Tier 2 verification already covers overlapping application-security requirements.

Enterprise controls

Encryption in transit and at rest, RBAC, SSO/SCIM, audit logging, and company-level data isolation — documented for security reviews.

Roadmap

Compliance journey

We distinguish verified certifications from readiness work in progress — so your security team knows exactly where we are.

CASA Tier 2

Verified May 15, 2026 by TAC Security under Google's Cloud Application Security Assessment (lab-tested, lab-verified).

Complete

SOC 2 Type II

Controls and documentation aligned to Trust Services Criteria. Formal attestation is on our roadmap — not yet started or certified.

Planned

Continuous assurance

Annual CASA revalidation, vulnerability management, and security monitoring across production environments.

Ongoing

Security reviews

Procurement and security teams can reach out during vendor assessments. Technical control details live on our Security page.

  • Overview of security controls on our Security page
  • Walkthrough of data handling, access control, and audit logging
  • Answers for vendor security questionnaires via hello@confeti.co

Need trust & security details?

We'll walk through our security overview and help with your vendor review process.