Security

Built for operational
integrity.

ThinkATS is designed so hiring data stays isolated, access stays controlled, and every action stays traceable as your team grows.

Tenant isolation

Row-level security at the database layer

Role-based access

Four roles with explicit permission boundaries

Audit trail

Key workflow actions logged with timestamp and actor

Queued delivery

Outbox pattern for all candidate communications

Core security model

Security is part of
how the system operates.

These are not bolt-on compliance features. Data isolation, access control, audit logging, and safe communication delivery are embedded in the platform architecture from the ground up.

Tenant data isolation

Every workspace operates within an isolated tenant boundary. Row-level security is enforced at the database layer — one organisation can never see or interact with records belonging to another.

Role-based access control

Access to operational actions is governed by explicit roles: Owner, Admin, Recruiter, and Viewer. Teams control precisely who can publish roles, move candidates, trigger communications, or modify workspace configuration.

Operational audit trail

Key workflow actions are recorded as timestamped events. Stage changes, job publishing, candidate communications — every significant action is logged with who initiated it and when.

Queued communication delivery

Candidate emails are written to an outbox and processed by a worker service rather than sent directly from the UI. This separates interface actions from message delivery and creates a reliable delivery record.

Infrastructure

Production-grade
from day one.

ThinkATS runs on AWS production-grade infrastructure with a multi-tenant SaaS architecture. The system is designed for scalability, reliability, and high-volume application processing.

Each tenant's data is isolated at the row level. The system does not rely on application-layer filtering alone. Isolation is enforced at the database itself.

Cloud

AWS

Architecture

Multi-tenant SaaS

Isolation

Row-level security

Access model

Role-based (4 roles)

Comms delivery

Outbox pattern

Activity logging

Event-driven audit log

Infrastructure grade

Production

Data processing

DPA available on all paid plans

Security FAQ

Common questions.

Is customer data shared across workspaces?

No. Each ThinkATS workspace operates within a strict tenant boundary. Row-level security at the database layer ensures organisations only ever access their own data.

Can teams control who does what inside the workspace?

Yes. Access to every operational action is governed by explicit role assignments. Owner, Admin, Recruiter, and Viewer roles determine what each team member can see and do.

How are candidate emails sent?

Emails are written to an outbox queue and processed by a background worker. This pattern reduces operational risk, prevents accidental sends, and creates a clear delivery record.

Does ThinkATS log hiring activity?

Yes. Important workflow actions — stage changes, job publishing, communications, and configuration changes — are captured as timestamped events so teams maintain a reliable operational history.

What infrastructure does ThinkATS run on?

ThinkATS runs on AWS production-grade infrastructure with a multi-tenant SaaS architecture. The system is designed for scalability, reliability, and high-volume application processing.

Is there a data processing agreement available?

Yes. A Data Processing Agreement (DPA) is available to all paid plan customers. It is a legal requirement, not a premium feature. You can review our DPA at thinkats.com/legal/dpa or contact privacy@thinkats.com to execute a signed copy.

Learn more

See how ThinkATS works

From role publishing through candidate pipeline management and hiring decisions.

How it works Product overview →

Get started

Run hiring with more control

Create your workspace, publish your first role, and move into a governed hiring workflow today.

Start free View pricing →

Built for operationalintegrity.