Information Security Measures
Last updated: April 2026
Redsun Innovations Limited ("Redsun") implements reasonable technical and organisational measures designed to protect the security and integrity of the Redsun Recruitment Platform (the "Platform") and Customer Data. This document forms Schedule 4 to the Platform Licence Agreement and summarises the security posture of the Platform.
1. Access Control
- Access to the Platform infrastructure is restricted to authorised personnel using reasonable access control measures.
- Authentication controls are used to restrict administrative access.
- Row-level isolation is enforced in the database layer to keep tenants' data separated, and API keys and third-party credentials are held in managed secret storage.
2. System Monitoring
The Platform infrastructure is monitored using reasonable tools and processes in order to:
- detect security threats;
- identify system anomalies;
- maintain system performance.
Error telemetry and structured application logs are centralised for investigation. Personally identifiable information is redacted from log output where reasonably practicable.
Redsun does not warrant that the Platform will be secure or free from vulnerabilities and shall not be responsible for security incidents arising from factors outside its reasonable control.
3. Data Protection
- Customer Data is processed in accordance with the Data Processing Agreement.
- Data is encrypted in transit using TLS and at rest using industry-standard encryption provided by Redsun's hosting sub-processors.
- Sub-processors used by Redsun are disclosed on the Sub-processors page.
4. Security Updates
Redsun may, at its discretion, implement security patches and system updates in order to protect the Platform from vulnerabilities. Dependencies are monitored for known vulnerabilities and updated on a reasonable cadence.
5. Incident Response
Redsun maintains procedures designed to identify and respond to security incidents affecting the Platform. Where a security incident results in a personal data breach, Redsun will notify the Customer in accordance with the Data Processing Agreement.
6. Customer Responsibilities
The Customer is responsible for:
- maintaining the security of its own systems and devices;
- safeguarding access credentials;
- ensuring secure use of the Platform by its Authorised Users;
- notifying Redsun promptly of any suspected compromise of credentials or unauthorised access.
Redsun shall not be responsible for security breaches arising from the Customer's systems or misuse of access credentials.
7. Security Questionnaires & Audits
Redsun will respond to reasonable security questionnaires from prospective and existing customers and, on reasonable notice, make available information reasonably necessary to demonstrate compliance with this Schedule and the Data Processing Agreement. Audits shall be conducted in a manner that does not disrupt Redsun's operations and shall be subject to reasonable confidentiality obligations.
8. Reporting a Security Concern
If you believe you have identified a vulnerability or security concern affecting the Platform, please email ayrton@redsunplatform.com with the subject line "Security". Please do not probe or test the Platform beyond what is reasonably necessary to reproduce the issue.