Candidate data handled with the rigor you expect.
Proofglint was built by operators who've seen what happens when candidate data isn't treated with care. Every architectural decision reflects that.
How we protect candidate data by design.
Encryption at Rest & In Transit
AES-256 encryption for all stored data. TLS 1.3 for all data in transit. No plaintext storage of candidate identity documents.
IDV Data Partition
Identity verification results are stored in a separate data partition. Interview scoring systems have no programmatic access to IDV data.
Role-Based Access Controls
Every user action is scoped by role. Interviewers see only their assigned loops. Hiring managers see aggregated results. Admins control access.
Built with controls for regulated hiring environments.
GDPR Controls
Proofglint is built with GDPR controls — data minimization, consent records, right-to-erasure workflow. As a data processor, we support your obligations as data controller. Not a certification claim.
CCPA Controls
Designed with California Consumer Privacy Act principles. Candidate consent flows, data access rights, and deletion requests are handled through a structured workflow. Not a certification claim.
EEOC Neutrality Design
IDV data is never used in hiring decisions and never surfaced to the interview panel. The platform is designed to support, not obstruct, EEOC-neutral hiring. We are not a law firm and this is not legal advice — see our EEOC Statement.
SOC 2 Type II audit in process.
We have engaged an independent auditor for SOC 2 Type II audit. The controls required for SOC 2 — access management, change management, incident response, availability monitoring — have been implemented and are in the observation period.
We do not claim SOC 2 certification at this time. We will update this page when the audit report is issued. If your procurement process requires current SOC 2 evidence, contact us — we can share our controls questionnaire and in-process documentation.
Request Security DocumentationSecurity questions? Talk to our team.
We're happy to walk through our controls architecture and compliance posture in detail.