Security & Compliance
Your data is protected by enterprise-grade security measures. We take privacy seriously.
SOC 2 Type II
Compliant infrastructure
FERPA
Educational data protection
WCAG 2.1 AA
Accessibility compliant
TLS 1.3
Encryption in transit
Data Protection
Encryption at Rest
All data is encrypted using AES-256 encryption when stored. Your resumes, interview recordings, and feedback are protected even at rest.
Encryption in Transit
All connections use TLS 1.3 encryption. We enforce HTTPS and use HSTS to prevent downgrade attacks.
Data Isolation
Institutional data is logically isolated. Your organization's data is never mixed with other institutions.
Backup & Recovery
Automated backups with point-in-time recovery. Data is replicated across multiple availability zones.
AI & Privacy
No Training on Your Data
We do not use your resumes, interviews, or any personal data to train AI models. Your data is yours.
Trusted AI Providers
Our AI processing uses Anthropic Claude under strict data processing agreements that prohibit training on user data.
Data Retention Controls
Interview recordings are retained for 90 days by default. Institutions can configure custom retention policies.
Right to Deletion
Users can request deletion of their data at any time. We comply with GDPR and CCPA deletion requirements.
Access Controls
Single Sign-On (SSO)
Integration with SAML 2.0 and OAuth 2.0 identity providers. Support for Google Workspace, Microsoft Azure AD, Okta, and more.
Role-Based Access
Granular permissions for administrators, counselors, and students. Control who can see what data.
Audit Logging
Comprehensive logs of all administrative actions. Export logs for compliance and security reviews.
Session Management
Configurable session timeouts, forced logout capabilities, and device management for enterprise deployments.
Compliance
FERPA
Family Educational Rights and Privacy Act compliance for educational institutions. We sign Data Privacy Agreements (DPAs) with educational institutions.
SOC 2 Type II
Our infrastructure meets SOC 2 Type II requirements for security, availability, and confidentiality. Audit reports available upon request for enterprise customers.
GDPR
General Data Protection Regulation compliant. We provide data processing agreements and support data subject rights requests.
CCPA
California Consumer Privacy Act compliant. California residents have full rights to access, delete, and control their data.
WCAG 2.1 AA
Web Content Accessibility Guidelines compliance. Our platform is accessible to users with disabilities, including screen reader support.
Section 508
Federal accessibility standards compliance for government agencies. VPATs available upon request.
Infrastructure
Cloud Hosting
Hosted on AWS and Supabase with data centers in the United States. SOC 2 and ISO 27001 certified infrastructure.
DDoS Protection
Built-in DDoS mitigation through Cloudflare. Automatic traffic filtering and rate limiting.
Vulnerability Management
Regular security scans and penetration testing. Responsible disclosure program for security researchers.
Incident Response
24/7 monitoring and incident response procedures. Notification within 72 hours for any security incidents affecting your data.
Questions About Security?
Our team is happy to discuss security requirements, provide compliance documentation, or schedule a security review call.