Engaged
Security & Compliance

Enterprise-Grade Security, Built-In

Multi-tenant architecture with GDPR compliance, EU AI Act alignment, and SOC 2 Type II roadmap.

Start Free Trial

Security Architecture

Active

Row-Level Security (RLS)

PostgreSQL RLS policies ensure tenant data isolation at the database level.

Active

Multi-Tenant Architecture

Logical data separation with X-Tenant-ID header propagation across all services.

Active

Encryption at Rest

All data encrypted using AES-256 encryption in Supabase PostgreSQL.

Active

Immutable Audit Logs

All actions logged with triggers preventing deletion or modification.

Active

Secure API Gateway

HTTPS-only communication with rate limiting and DDoS protection.

Roadmap

SOC 2 Type II

Certification in progress. Expected completion Q2 2026.

Compliance Standards

GDPR (EU)

General Data Protection Regulation compliance with Right to Access, Right to Erasure, and Data Portability.

  • Candidate data subject access requests (DSAR)
  • Right to erasure (forget candidate)
  • Data export in machine-readable format
  • Privacy notices and consent management

EU AI Act

High-risk AI system compliance with transparency and human oversight requirements.

  • No automated decision-making (GDPR Article 22)
  • Explainable AI scoring (all decisions require human review)
  • No emotion recognition (Article 5 compliance)
  • Intent classification as warning-only

PDPL (Saudi Arabia)

Personal Data Protection Law compliance for Middle East market.

  • Arabic language support (RTL)
  • Data residency options
  • Consent management
  • Data transfer agreements

WCAG 2.2 AA

Web Content Accessibility Guidelines compliance for inclusive recruitment.

  • Keyboard navigation support
  • Screen reader compatibility
  • Contrast ratio requirements (4.5:1)
  • Video transcripts (auto-generated)

Data Protection Practices

Data Retention

Candidate CVs retained for 6 months (configurable). Anonymized analytics retained for 2 years.

Data Processing Agreements

DPA templates available for enterprise customers with sub-processor disclosure.

Right to Erasure

Candidates can request deletion of their data at any time via platform or email.

Data Portability

Export candidate data in JSON format (machine-readable) for GDPR compliance.

Breach Notification

72-hour breach notification policy to affected candidates and supervisory authorities.

Access Controls

Role-based access control (RBAC) with least privilege principle.

AI Safety & Transparency

Human Oversight Required: No automated decisions. All AI recommendations require explicit human approval (GDPR Article 22).

Explainable Scoring: Every score comes with detailed reasoning, requirement mapping, and evidence excerpts.

No Emotion Analysis: We analyze transcript content only—no facial recognition, tone analysis, or emotion detection (EU AI Act Article 5).

Fairness Guardrails: Intent classification flags functional mismatches but doesn't auto-reject candidates.

Security Roadmap

SOC 2 Type II Certification

Security, Availability, Confidentiality, Processing Integrity

Q2 2026
  • Audit log immutability implemented
  • Multi-tenant RLS policies active
  • Penetration testing scheduled (Q1 2026)
  • Third-party audit engagement (Q2 2026)

ISO 27001 Certification

Information Security Management System

Q4 2026

Data Residency Options

EU and Middle East regional deployments

Q3 2026

Questions About Security?

Our team is happy to discuss your security requirements and provide additional documentation.

Start Free TrialContact Security Team