Rinmorinmo

Security and data handling

We protect candidate and company hiring data.

Rinmo processes resumes, screening outputs, structured evaluations, and hiring notes. That data is sensitive. We treat it that way. This page describes how we handle it.

How we protect data

Tenant isolation

Company data is separated at the database level. Your candidates, evaluations, and hiring workflows are scoped to your tenant. Other customers cannot access them. We use Supabase row-level security to enforce this.

Encryption

Data is encrypted in transit (TLS) and at rest. We run on Supabase, which uses AWS infrastructure. API keys and service credentials stay server-side. They are not exposed to the client.

Secrets and privileged ops

Sensitive operations run server-side only. AI model calls, database writes, and admin actions use service credentials that never reach the browser.

Dependencies

We keep dependencies updated and run vulnerability scanning on the codebase. No third-party scripts on candidate-facing flows.

Access and accountability

Role-based access

Team members see only what their role allows. Admin actions are restricted. We scope permissions to the minimum needed for each function.

Audit logs

Access to candidate data, screening runs, and admin functions is logged with timestamps and actor identifiers. You can export these logs. They support compliance reviews and internal investigations.

Internal access

Rinmo engineers access production data only when required for support or debugging. Access is logged and reviewed. We do not use customer data for training public AI models.

Data lifecycle

We collect what we need to run the product. We do not build candidate profiles across companies. We do not enrich data with third-party sources. We do not sell or share your data for marketing.

Retention follows your agreement with us and applicable law. You can request deletion at any time. We delete data when it is no longer needed for the service or when you ask us to.

We're continuing to mature our security program as Rinmo grows. If you have questions about how we handle your data, email us.

Report a vulnerability

Found something? Email security@rinmo.ai with a description and reproduction steps. We aim to respond within 24 hours.