// Trust & Security Report
Tiplinks Inc.
Fetcher: AI-powered talent sourcing and recruitment platform for recruiters and hiring managers to identify, engage, and source candidates at scale.
Certifications held
2
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on fetcher.ai“Fetcher holds SOC 2 Type 2 certification, which evaluates adherence to five trust service principles: security, availability, processing integrity, confidentiality, and privacy. CTO Jeremy Martin states: 'At Fetcher, we recognize the importance of data security and privacy. This certification isn't just a badge—it's a living testament to our commitment to prioritizing your robust security and governance requirements.'”
Verify on fetcher.ai“Fetcher states it is '100% compliant' with GDPR. The company operates under EU-U.S. Data Privacy Framework (DPF), UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy Framework. Fetcher uses Standard Contractual Clauses issued by the European Commission for personal data transfers and commits to responding to data erasure requests within 72 hours.”
> Show 3 unconfirmed / not-held certifications
source: rankiteo.comNo public evidence of ISO 27001 certification found in vendor domain or available documentation.
source: fetcher.aiNo public evidence of HIPAA compliance. HIPAA is not mentioned in vendor's privacy policy, terms, or trust documentation. Fetcher is a recruitment platform, not a healthcare tool, and outside HIPAA's scope.
source: fetcher.aiNo public evidence of PCI DSS certification in vendor documentation.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
AWS (Amazon Web Services) - vendor states 'meets rigorous international security standards' but specific regions not publicly documented
Terms of Service do not explicitly address whether customer data is used to train AI models. Terms permit data transfer to third-party integrations (ATS, CRM, email) when subscribers authorize, but no statement on internal AI training practices. Recommend contacting vendor for explicit clarification.
// Security controls
Encryption at rest
AES-256 encryption for all data at rest; talent lead data encrypted with unique key per record
help.fetcher.aiEncryption in transit
HTTPS/TLS for data in transit (standard practice, confirmed by GDPR compliance statement)
fetcher.aiInfrastructure
Amazon Web Services (AWS) with continuous security audits and geographically distributed compliance certifications
fetcher.aiData subject rights response
Data erasure requests responded to within 72 hours; unsubscribe and objection requests honored for direct marketing
help.fetcher.aiIncident response
SOC 2 Type 2 certification includes ability to detect and respond to security incidents or system failures quickly and effectively
fetcher.aiResponsible disclosure
Responsible Disclosure policy available for security researchers
help.fetcher.ai// Products & data scope
data: Professional candidate data (job history, skills, LinkedIn profiles) sourced from professional networks and third-party vendors; candidate data retained for one year with annual updates; customer contact information retained during contract validity
AI-powered platform for recruiters and hiring managers to identify, screen, and engage candidates. Integrates with ATS, CRM, email, and Slack. Supports both inbound and outbound sourcing workflows.
// What to watch
- No ISO 27001 certification (not uncommon for growth-stage SaaS, but common for enterprise procurement)
- AI training posture on customer data not explicitly documented—terms permit third-party integrations but do not address internal model training. Recommend vendor clarification for procurement due diligence.
- No dedicated trust center; compliance information distributed across privacy policy, help docs, and blog posts (minor operational concern, not a security concern)
- No HIPAA or PCI DSS compliance (appropriate for recruitment use case, but may limit enterprise sales in healthcare/payments sectors)
// At a glance
Pricing model
Subscription-based SaaS (specific tiers not detailed in available docs)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Tiplinks Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
fetcher.ai