Our Infrastructure
  • My Ally’s computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
  • We have architected a secure multi-tier network environment on top of Amazon’s infrastructure to ensure that our applications and data are protected and always accessible. Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, My Ally ensures that the data it collects remains available through full, daily backups, retained for 14 days
  • We employ secure coding practices and ensure we’re at-minimum protected against the OWASP Top 10. All of the My Ally applications undergo frequent third-party security and vulnerability assessments to catch any security bugs we may have missed. We even have a “bug bounty” program where we pay hackers to responsibly report bugs they find in our applications.

How does My Ally keep sensitive information private?
  • The communication between your employees and our servers is encrypted with 128-bit SSL encryption. All sensitive data-user passwords are securely encrypted-hashed; both in transit and at rest passwords are never stored in plain text. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.

Which employees at my company will use My Ally?
  • Everyone! Your entire recruiting team will obviously be using My Ally regularly. But interviewers will rely on My Ally to seamlessly have interviews scheduled and submit evaluations in a timely fashion. Management will want to use the reporting features to get an overview of how quickly candidates are moving through the pipeline. It can even be used as an internal scheduling tool.

Our internal processes

  • Only authorized employees have access to our production infrastructure, passwords are strictly regulated, and access requires multiple factors of authentication. We limit access to customer data to the employees who need it to provide support and troubleshooting on our customer's behalf. Accessing customer data is done solely on an as-needed basis, and only when approved by the customer (i.e. as part of a support request), or to provide support and maintenance.

Our promise

  • Why take our word for it? We are ISO 27001:2013 certified. Our systems and processes conform to the ISO/IEC 27001:2013 standard, assuring that our controls relating to security, availability, and confidentiality are well designed and operating effectively.

Compliance

Certifications / Attestations
ISO 27001:2013
Laws / Regulations / Privacy
GDPR
Alignments / Frameworks
EU-US Privacy Shield
Swiss-US Privacy Shield

EU Data Protection

GDPR

The European Union’s General Data Protection Regulation (GDPR) protects European Union data subjects' fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance.

The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.
My Ally has been working diligently over the last few months to bring its systems and processes into compliance with the GDPR and to help ensure that customers working with My Ally can meet their GDPR obligations. For instance, we have adopted policies and procedures to ensure that My Ally can assist its customers in responding to any requests by data subjects to exercise their rights under the GDPR. We have also worked hard to ensure that our systems meet GDPR security standards and are proud to be ISO 27001:2013 certified. Of course, GDPR compliance is and will be an ongoing process, and as new developments in the law occur, we will respond and update our systems accordingly.
Yes. My Ally offers a GDPR-compliant Data Processing Addendum (DPA), enabling you to comply with GDPR contractual obligations. For more information on how customers can enter into the My Ally Data Processing Addendum, please email us at privacy@myally.ai.
My Ally processes personal data both as a “data processor” -- meaning that it processes data on behalf of others (e.g. using personal data to schedule and manage the job application process for our clients) and as a “data controller” -- meaning that it processes data on its own behalf (e.g. processing personal data My Ally collects on potential clients to market to them).
We recommend that customers with questions regarding data protection or GDPR and My Ally contact their customer success representative first. Question can also be sent to privacy@myally.ai.
We proactively inform our customers of any sub-processors who have access to content, including content that may contain personal data, here.
Privacy Sheild Framework
The U.S. Department of Commerce, with the European Commission and the Swiss government, created the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to provide companies with a mechanism to transfer personal data from the European Union to the United States in a manner that provides an adequate level of protection for the purpose of European data protection law.
My Ally has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to the U.S. Department of Commerce. View the certification here.

Sub-Processors

In an effort to provide maximum transparency, we’ve compiled a list of sub-processors My Ally works with along with details on what the data collected through these sub-processors are used for.

Sub-Processors Why & How data is used
Amazon Web Services Servers and network infrastructure