Current posture
Klevian uses conservative, truthful security and trust language. Public information describes operational controls and workflow safeguards without claiming unsupported external certifications.
Trust center
Current safeguards for teams evaluating Klevian. External certifications are not claimed unless separately documented.
Klevian uses conservative, truthful security and trust language. Public information describes operational controls and workflow safeguards without claiming unsupported external certifications.
Traffic to Klevian services is encrypted in transit over HTTPS/TLS.
Sensitive integration credentials and tokens are stored with encryption support where configured.
Signed file URLs are issued for limited purposes and should be short-lived for sensitive documents.
Workspace-scoped records are enforced through backend access patterns tied to company and workspace identifiers.
Recruiter and candidate sessions use separate authentication paths.
Administrative billing and integration operations require role-gated access.
Operational logs support troubleshooting, auditability, and abuse protection. Request and response redaction is applied to reduce accidental exposure of tokens, secrets, and sensitive fields.
Security events should never log raw invite tokens, session cookies, or signed URLs.
Interview recordings and transcripts are treated as sensitive candidate data.
Candidate-facing APIs should not expose recruiter-only scores, evidence, transcripts, or internal evaluation state.
Access to recordings and transcripts is limited to authorized workspace users with a recruiting need.
Candidate profile and resume data supports recruiting workflow and candidate evaluation and is retained according to customer controls or deleted on request where applicable.
Interview transcripts and recordings support structured review, evidence, auditability, dispute resolution, and interview quality control, with retention varying by customer configuration and contractual terms.
Operational logs support security, reliability, abuse prevention, and debugging with limited operational retention.
Customers that need a Data Processing Addendum, subprocessor information, or security review support can contact privacy@klevian.com.
Subprocessor categories include cloud infrastructure and storage, authentication provider, email delivery, AI/model providers, video/meeting infrastructure, and payment processor.
Report security vulnerabilities through security@klevian.com. Route privacy, deletion, export, DPA, and data-processing requests through privacy@klevian.com.