About

Trust & security

How we approach SOC 2 readiness, privacy (GDPR/CCPA-aligned practices), secure engineering, and responsible use of AI-assisted features across the platform.

SOC 2 path

We maintain documented controls for access management, change management, vendor risk reviews, and incident response — mapped to SOC 2 Trust Services Criteria. Formal attestation timelines and auditor reports are shared under NDA with enterprise partners as we progress along the roadmap.

Privacy (GDPR / CCPA)

Candidate and client data are processed with transparency and purpose limitation in mind. We provide privacy notices aligned to GDPR and CCPA expectations, support data subject requests where applicable, and review data residency requirements during contracting for regulated workloads.

See also our Privacy Policy and Cookie Policy.

Security engineering

Least-privilege access patterns for internal tools and production systems.
Encryption in transit for public application traffic; encryption options for sensitive payloads.
Structured logging and monitoring hooks for operational visibility (without logging resume contents in marketing analytics).
Vendor review checkpoints when introducing new subprocessors or model providers.

Responsible AI usage

AI-assisted drafting, parsing, and match scoring are advisory. Recruiters and hiring managers approve outbound communications and hiring decisions. We document data flows for AI features and can align to your internal AI governance questionnaires.

← Back to About