Ravio’s security and compliance statement

SOC 2 Type 2 Validated: Ravio doesn't just claim to be secure; their controls are independently audited. This covers Security, Processing Integrity, and Privacy.
Encryption Standards: Data is encrypted both at rest (in their databases) and in transit (as it moves between Greenhouse/HubSpot and Ravio).
Principle of Least Privilege: Access is restricted based on role. This means only the necessary Ravio systems/personnel interact with your Greenhouse API data.
Continuous Monitoring: They use proactive threat detection and regular vulnerability scanning to prevent breaches before they happen.

Since you are connecting Ravio to your ATS (Greenhouse) and CRM (HubSpot), the following points from the text are most relevant:

Classification: Ravio classifies data by sensitivity, ensuring candidate PII (Personally Identifiable Information) is treated with the highest level of care.
Third-Party Monitoring: Ravio monitors their own sub-processors, ensuring that the "chain of security" isn't broken when data moves through their infrastructure.
Data Minimization: They state they retain data only as long as necessary, which is crucial for GDPR compliance when syncing candidate offer details.

If your Procurement or IT department needs more than this summary, the document provides a direct call-to-action:

Visit the Trust Centre: Direct them to trust.ravio.com.
Request the Full Report: They can sign up there to download the full SOC 2 Type 2 Report.
Review TOMs: The "Technical and Organisational Measures" (TOMs) document available there will provide the granular detail your IT team needs regarding firewall configs, backup frequencies, and patch management.

This text serves as Ravio’s official security and compliance statement, specifically highlighting their SOC 2 Type 2 alignment. If you are currently integrating Ravio with Greenhouse or HubSpot, your IT or Legal team will likely require this specific information to approve the data sync.