Protecting candidate and contact data.

Security is part of how VCINC runs its recruiting and consulting operations. We take a layered approach across people, process and technology, and we work to handle candidate, client and contact data responsibly.

This page describes our security practices at a high level. We do not claim certifications or attestations we have not formally completed.

Access to candidate and contact data is limited to authorized VCINC personnel who need it to perform their role.

We use account-level authentication, role-based access where supported by our tools, and we revoke access when it is no longer needed.

Our website and supporting systems are hosted on reputable cloud providers. We rely on managed services for storage, hosting and content delivery, and we use provider security features such as managed TLS for HTTPS.

Backups, redundancy and availability are handled through the cloud services we use, in line with industry-standard practices.

vcinc.io is served over HTTPS so that information submitted through the website is encrypted in transit using TLS.

Internal recruiting and communications tools are similarly accessed over encrypted channels where supported by the provider.

Resumes and application materials are reviewed only by authorized recruiting and delivery personnel. Where it is appropriate to share materials with a prospective client or partner for a specific opportunity, we do so consistent with our Candidate Privacy Notice.

We do not sell candidate information for money.

We collect only the information we need for recruiting, business, legal and security purposes. We retain it for as long as reasonably necessary and remove it when it is no longer needed, subject to legal obligations.

When we use third-party services that process candidate or contact data, we expect those providers to follow industry-standard security practices.

If you believe you have found a security issue affecting vcinc.io or our recruiting workflows, please contact us at the address below with enough detail for us to reproduce and assess the issue.

Please act in good faith and avoid actions that could affect other users, degrade availability or access data that is not your own.

Security is not a one-time exercise. We review our practices over time and update tools, configurations and processes as our recruiting and consulting operations evolve.