Tenant isolation and RBAC
Each customer is treated as an isolated tenant. Core resources—jobs, applications, assessments, AI interviews, surveys, analytics, billing, and team settings—are stored with a tenant identifier and filtered in queries so one company cannot read another company’s data.
On top of this, NexeraHR uses role-based access control (RBAC) that evaluates resource, action, and scope (for example, own, team, all). Company admins, recruiters, hiring managers, viewers, and other roles are granted only the permissions they need for their work.
Encryption and storage protections
Sensitive personal data such as email and phone numbers is encrypted at rest using AES-256-GCM. Email values are also hashed to support lookups without exposing raw identifiers, and resumes or attachments are stored in AWS S3 buckets fronted by CloudFront.
File access is controlled at the application layer, with requests checked against tenant and permission context before data is returned. Public flows (like candidate applications or token-based assessments) are scoped narrowly to only the data needed to complete that flow.
Authentication and session security
NexeraHR relies on Auth.js / NextAuth.js for authentication, with JWT-based sessions stored in httpOnly cookies. This helps reduce exposure to client-side JavaScript while keeping sessions tied to secure tokens.
Login options can include email/password, Google OAuth, magic links, and optional TOTP-based multi-factor authentication. Protected admin routes are gated by middleware and server-side checks that validate sessions, tenant membership, and role-based permissions before rendering or executing actions.
API, routing, and rate limiting
API routes are designed to enforce both authentication and authorization. Admin flows, candidate flows, and super-admin operations are separated into distinct route groups, reducing the chance that elevated actions are mixed into regular tenant paths.
Security headers—including Content Security Policy (CSP), CORS configuration, and other HTTP protections—are configured at the framework level. Where configured, rate-limiting powered by Upstash Redis helps protect login and API entry points from abusive traffic.
Audit logging and operational controls
NexeraHR can log sensitive actions such as changes to candidate state, interview lifecycle events, and other important updates. These logs help teams understand how data moves through the platform and who performed specific operations.
Elevated actions that affect multiple tenants are restricted to dedicated super-admin routes and tooling rather than being exposed in everyday tenant APIs. This keeps operational access distinct from customer-facing workflows.
AI workflows and data handling
NexeraHR uses AI in specific workflows such as job description generation, ATS scoring, assessment generation and scoring, and interview transcript analysis. These features are scoped to the relevant job, candidate, and tenant context, and the results are subject to the same RBAC and tenancy checks as other data.
Customers remain responsible for reviewing AI outputs before using them in hiring decisions, job postings, or assessments.
Shared responsibility
NexeraHR is responsible for securing the platform, enforcing application-level protections, and continuing to improve our controls. Customers are responsible for configuring roles correctly, deciding who can invite team members, and ensuring their hiring processes align with internal policies and applicable law.
Questions and security reviews
If your team is performing a security, privacy, or procurement review, we are happy to share additional details about architecture, data handling, and product controls. For questions specific to privacy and GDPR readiness, see our GDPR Readiness page or reach out directly through Contact.