Enterprise-Grade Security

Security & DataProtection

Your data security is our top priority. Here's exactly how we protect your information and what data we collect.

What Data We Collect

Candidate Information

  • First and last name
  • Email address (for booking link delivery)
  • Job title and department
  • Interview stage
  • Timezone (optional/auto-detected)
  • ATS tracking IDs (for coordination only)

Interviewer Information

  • Name and email address
  • Job title and department
  • Office location and timezone
  • Calendar availability (free/busy only)
  • Interview capacity and statistics
  • Calendar connection status

What We Do NOT Collect

  • Phone numbers (unless you enable SMS)
  • Home addresses
  • Resumes or CVs
  • Salary information
  • Social Security Numbers
  • Background check results
  • Hiring manager notes or feedback
  • Protected class information

Calendar Access

When you connect your Google or Microsoft calendar, we use OAuth 2.0 (the industry standard) to access only what we need for scheduling. Here's exactly what we can and cannot do:

What We CAN Access

  • Read your availability (free/busy times only)
  • Create new calendar events for interviews
  • Add meeting links (Google Meet, etc.)

What We CANNOT Access

  • Modify or delete your existing events
  • Read event details or attendees
  • Access your email or contacts

You have full control: You can revoke calendar access at any time through your Google or Microsoft account settings. Revoking access will not delete any interviews already scheduled.

How We Protect Your Data

Encryption Everywhere

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). The same encryption used by banks and financial institutions.

Role-Based Access

Team members only see data relevant to their role. Admins have full control over who can access what within your organization.

Secure Infrastructure

Hosted on enterprise-grade infrastructure with automated backups, DDoS protection, and 99.9% uptime SLA.

Regular Security Audits

We conduct regular security assessments and penetration testing to identify and fix vulnerabilities before they become issues.

Data Retention & Deletion

Active Interview Data

Booking sessions expire automatically 7 days after creation if no interview is scheduled.

Scheduled Interview Data

Interview details are retained for 90 days after the interview date for analytics and reporting purposes.

Your Right to Deletion

You can request deletion of specific candidate or interview data at any time by contacting support. We'll delete the data within 30 days.

Account Cancellation

When you cancel your account, all data is deleted within 90 days, except for billing records which we're required to retain for 7 years.

Compliance Standards

We're committed to meeting global privacy and security standards:

GDPR

EU Data Protection

CCPA

California Privacy Rights

SOC 2

Type II (In Progress)

Questions about security?

We're happy to provide additional details or discuss your specific security requirements.