Trust & Security

Sleep well: candidate and employee data handled the way you’d explain it in a board room.

Clear protections and plain-language privacy—so security reviews and worried stakeholders get straight answers, not jargon.

Security

Confidence you can point to in a review

Controls that reduce breach risk and access sprawl—so you’re not retrofitting security after the fact.

Encrypted in motion and at rest—by default

TLS 1.2+ on the wire and AES-256 on disk so sensitive hiring and employee data isn’t exposed in transit or storage.

The right people see the right data—period

RBAC, MFA, and Enterprise SSO mean fewer “who has access?” surprises when you scale headcount or vendors.

Your tenant stays yours

Customer data stays separated at the app layer—so another org’s activity never mixes with yours.

Prove who did what—when auditors ask

Important actions are logged; Enterprise teams get full trails for reviews, investigations, and compliance packs.

Issues get found and fixed—continuously

Regular reviews, dependency checks, and a disclosure path so problems are prioritized and patched quickly.

Infrastructure built for uptime and recovery

Enterprise-grade hosting with backups and failover—so you’re not explaining downtime during a hiring push.

Privacy

Know what happens to the data you entrust us

Plain language so employees, candidates, and legal get clarity—not a document nobody reads.

What you share—and why it matters to you

You give us what you need the product to run: accounts, candidates, assessments, policies, and training. We also collect light usage signals so we can fix friction—not to sell profiles.

How that data works for you—not everyone else

We run the service and make it better for you. We don’t sell your data. We don’t train shared AI models on your candidates or employees for other customers’ benefit.

How long we keep it—and how you exit cleanly

Data stays while your account is active. After you close, we hold it 30 days so you can export—then delete. Want it gone sooner? Ask anytime.

Who touches it on our behalf

Infrastructure, email, and analytics vendors are under contract to meet our bar—so your trust extends to the partners we pick.

Compliance

Check the boxes your procurement team cares about

When GDPR, residency, or AI use cases come up, you get specifics—not a shrug.

EU-ready when you need it

Built with GDPR principles in mind—request a DPA so legal and IT can sign off with confidence.

Data where your policy requires it

Enterprise teams can talk regional hosting so residency matches your rules—not ours by default.

You own export and deletion

Pull your data or ask us to delete it from settings or support—no runaround when someone requests their file.

Your candidates aren’t fuel for others’ models

Screening uses your data to serve you only—we don’t train shared models on your applicant pool.

Security Contact

Found something? Tell us—we’ll move fast

Responsible disclosure keeps everyone safer: report issues and we prioritize fixes and clear communication.

Responsible disclosure

Email [email protected]—we aim to reply within 48 hours so you know it landed.

Privacy inquiries

DPAs, access requests, or privacy questions: [email protected]

Need answers your security or legal team will accept?

We’ll walk through your requirements and share the right docs—so procurement doesn’t stall your rollout.

Get security answers Compare plans that fit