The Shared Recruiting Co. (SRC) is built on trust. We believe the best way to build trust is to be transparent. SRC is open source, so you can see exactly how we use and process your data.
At SRC, members trust us with some of their most sensitive information, their emails and their job status. Sadly, we've seen firsthand what happens when companies abuse this. We've seen employers use LinkedIn to find out which employees are looking for new roles. We've seen backlash against recruiting companies for making candidate job profiles public without their consent. SRC does not and will never store your emails within our database. We use native email functionality, like labels and folders, to securely manage your emails from within your inbox.
And with SRC's two-way opt-in communication, your job status is confidential. Companies cannot see if you are looking for a new role until you choose to start the interview process.
By open sourcing SRC, we are making more then a promise of privacy. All the ways we use and protect your data is transparent and auditable.
The Cloud Application Security Assessment (CASA) is built upon the industry-recognized standards of the OWASP's Application Security Verification Standard (ASVS) to provide a consistent set of requirements to harden security for any application. CASA is required for any application accessing user email data via OAuth. SRC is Tier-2 CASA compliant. SRC's CASA compliance has been verified by an independent lab partner as part of the Google OAuth approval process.
SRC is commited to adhering to the best security practices. We are actively working towards other best-in-clas industry standards like SOC 2 and ISO 27001, as well as, regularly auditing and pen-testing our code.
We chose to open source SRC because we believe open source software builds trust, community, and more secure products. The current recruiting ecosystem is shrouded in secrecy. Candidates don't know how recruiters get access to their personal email addresses or how their personal information is stored and used. This lackadaisical approach to candidate privacy has been normalized over the past few years, but SRC takes a radically different approach. We want both candidates and companies to know exactly how and why we use, store, and process their data. Open sourcing SRC not only allows us to be transparent, but it also keeps SRC accountable. Any change to how SRC deals with your data is open to public scrutiny.
Public scrutiny is also essential to security. To quote Supabase's CTO Ant Wilson, "We believe Linus's law of 'given enough eyeballs, all bugs are shallow' applies to security issues.'". Open source software allows exploits to be identified as early as possible and patched just as fast. In the long run, we believe open sourcing SRC will allow us to build the most secure and trusted recruiting platform.