Security & Compliance

Infrastructure Security

Athen runs on Amazon Web Services (AWS) and Google Cloud Platform (GCP), using industry-best practices for redundancy and physical security.

• Cloud Native: Our infrastructure is fully codified (IaC), allowing for rapid recovery and auditability.
• Multi-Zone Availability: Data is replicated across multiple availability zones to ensure uptime and data durability.
• Network Isolation: Critical services run in isolated VPCs with strict firewall rules and zero-trust access policies.

Data Protection

We believe that your data—and the data of the candidates you interview—is sacrosanct.

• Encryption at Rest: All databases and file storage volumes are encrypted using AES-256 standards.
• Encryption in Transit: All data transmitted between you and Athen is encrypted via TLS 1.3.
• Key Management: We utilize AWS KMS for secure key management and rotation.

Application Security

Our engineering team employs a “shift-left” security philosophy, integrating security checks into every stage of the development lifecycle.

• SSO & MFA: We support Single Sign-On (SSO) via SAML 2.0 and require Multi-Factor Authentication (MFA) for all internal access.
• Vulnerability Scanning: Automated scanners run on every commit to detect dependencies with known vulnerabilities (SCA) and code flaws (SAST).
• Penetration Testing: We engage third-party security firms to conduct annual penetration tests of our platform.

Responsible Disclosure

If you believe you have found a security vulnerability in Athen, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

Please do not publicly disclose the issue until we have had a reasonable chance to address it.

Contact Our Security Team

For security inquiries, reports, or compliance documentation requests, please contact us: