Security Trust Center

• In transit: TLS 1.2+ for all HTTP, WebSocket, and WebRTC traffic. HTTPS is enforced; HTTP requests are redirected.
• At rest: AES-256 encryption for the Postgres database and storage volumes hosting candidate submissions, interview recordings, and uploaded files.
• Passwords: bcrypt hashing — passwords are never stored or logged in plaintext.
• Sessions: NextAuth (JWT strategy) with signed, short-lived tokens.

ClarityHire runs on dedicated EU-based infrastructure. The web application, integrity-detection service, Postgres database, and Redis queue all reside in the European Union.

• Sign-in options: Google OAuth, email magic link (single-use, short-lived), or password (bcrypt).
• Role-based access control: dedicated roles for super-admin, admin, recruiter, hiring manager, interviewer, interviewer-config, and viewer — enforced in middleware and at every tRPC procedure.
• Multi-tenancy: all data is scoped by organization ID; queries enforce org isolation at the application layer.
• Platform-owner separation: the platform-admin console runs on a separate auth surface from customer organizations and is restricted to the operator account.

• Administrative actions (role changes, permission grants, data exports, deletions) are recorded in an append-only audit log.
• Compliance and incident events (GDPR data-subject requests, security incidents) are tracked in a dedicated incident-logging schema with retention guarantees.
• Customers are notified of confirmed security incidents within 48 hours of discovery, per the Data Processing Agreement.

ClarityHire uses a small set of vetted sub-processors to deliver specific platform capabilities. Each is bound by a Data Processing Agreement and listed publicly:

The full register, including jurisdictions and transfer mechanisms, is published at clarity-hire.com/sub-processors.

• GDPR (EU) & UK GDPR: data-subject rights (access, rectification, erasure, portability, objection) supported via the platform; controller/processor relationship documented in our DPA.
• Swiss revFADP: aligned controls for Swiss data subjects, with revFADP-compliant transfer mechanisms.
• International transfers: EU Standard Contractual Clauses and the UK International Data Transfer Agreement (IDTA) are in place where required.
• Biometric data: face-continuity and keystroke biometric features are processed only for integrity verification and retained for a default 30-day window unless extended; candidates are informed before assessments begin.
• Retention: default 90-day retention for candidate PII and 30 days for biometric data; configurable per organization.
• Data residency: EU-only residency available on request via the dataResidencyRegion org setting.