Security

Interviews are sensitive. Here's how candidate and employer data is protected — stated plainly, no badge theater.

Encryption

All traffic — the interview itself, video streams, dashboards, and APIs — is encrypted in transit with TLS. Interview artifacts are stored encrypted at rest in our cloud storage.

Isolation & access control

Data is scoped to your organization with row-level security enforced at the database layer. Interview transcripts and recordings are only accessible to authorized members of the hiring organization; access is role-gated and every artifact is keyed to its session.

Recordings & consent

Candidates are told upfront that they are interviewing with an AI and that the session is recorded. Recording is consent-gated — sessions without consent don't retain recordings.

Retention & deletion

Organizations control their candidate data. Full account purge is automated — deleting an account removes transcripts, recordings, rubric scores, and stored assets. Candidate deletion requests are honored through the hiring organization or directly.

Payments

Billing is processed by Stripe. Card details never touch our systems.

Subprocessors

We use a small set of infrastructure providers: Cloudflare (hosting, CDN, storage), Supabase (database & authentication), Stripe (payments), Mailjet (transactional email), and vetted AI-inference and GPU-compute providers. A current list is available with our DPA.

Compliance roadmap

Candidate data is handled in line with GDPR and CCPA. Interviews are structured for auditability under NYC Local Law 144 and Illinois' AI-hiring laws (AIVIA, HB 3773) — same questions, same rubric, words-only scoring, full transcripts. A SOC 2 audit and an independent bias audit are planned for 2026; ask us where they stand.

Responsible disclosure

Found a vulnerability? Email [email protected] — we read every report and respond quickly.

Security documentation and a DPA are available on request: [email protected]