Built to be trusted with hiring data.
You’re handing us candidate PII across every location. Here’s exactly how we protect it — and an honest account of what we’ve shipped versus what we’re still earning.
Per-organization isolation
Every customer's data is logically isolated by organization. One company's candidates, jobs, analytics, and billing are never visible to another. Access is scoped on every request in application code.
Authentication & access control
Optional multi-factor authentication, role-based permissions (admin / recruiter / hiring manager), and a privileged master-admin tier kept separate from customer accounts.
Encryption
All traffic is encrypted in transit (TLS). Data at rest is encrypted by our managed Postgres provider.
Audit logging
Sensitive actions are recorded with actor, entity, and timestamp — so there's an answer to "who did what, when."
Consent-gated communications
Candidate texts and emails are consent-gated to TCPA/CAN-SPAM standards, with opt-out honored automatically and retained as evidence.
Account & data controls
In-app account deletion and data export. Admins can deactivate their organization; members can remove themselves.
On our roadmap (not yet complete)
We won’t claim a certification we haven’t earned. These are in progress — ask us where each stands.
- SOC 2 (Type I, then Type II) — Type II's observation window is the long pole; in progress.
- Independent third-party AI bias / adverse-impact audit, with a published summary.
- A signable Data Processing Addendum (DPA) and a public sub-processor list.
- Penetration test summary available under NDA.
Security review or vendor questionnaire?
We’ll walk your team through our controls, share what’s in progress, and answer your questionnaire. See also how our AI works.
Request the security package