Trust center

Security, privacy, and AI data-handling overview

Current safeguards for teams evaluating Klevian. External certifications are not claimed unless separately documented.

Email security Email privacy DPA and subprocessors Security disclosure

Current posture

Klevian uses conservative, truthful security and trust language. Public information describes operational controls and workflow safeguards without claiming unsupported external certifications.

Encryption

Traffic to Klevian services is encrypted in transit over HTTPS/TLS.

Sensitive integration credentials and tokens are stored with encryption support where configured.

Signed file URLs are issued for limited purposes and should be short-lived for sensitive documents.

Workspace isolation and access control

Workspace-scoped records are enforced through backend access patterns tied to company and workspace identifiers.

Recruiter and candidate sessions use separate authentication paths.

Administrative billing and integration operations require role-gated access.

Logging and redaction

Operational logs support troubleshooting, auditability, and abuse protection. Request and response redaction is applied to reduce accidental exposure of tokens, secrets, and sensitive fields.

Security events should never log raw invite tokens, session cookies, or signed URLs.

Recording and transcript controls

Interview recordings and transcripts are treated as sensitive candidate data.

Candidate-facing APIs should not expose recruiter-only scores, evidence, transcripts, or internal evaluation state.

Access to recordings and transcripts is limited to authorized workspace users with a recruiting need.

Recording, transcript, resume, and operational retention

Candidate profile and resume data supports recruiting workflow and candidate evaluation and is retained according to customer controls or deleted on request where applicable.

Interview transcripts and recordings support structured review, evidence, auditability, dispute resolution, and interview quality control, with retention varying by customer configuration and contractual terms.

Operational logs support security, reliability, abuse prevention, and debugging with limited operational retention.

DPA and subprocessors

Customers that need a Data Processing Addendum, subprocessor information, or security review support can contact privacy@klevian.com.

Subprocessor categories include cloud infrastructure and storage, authentication provider, email delivery, AI/model providers, video/meeting infrastructure, and payment processor.

Responsible disclosure and privacy requests

Report security vulnerabilities through security@klevian.com. Route privacy, deletion, export, DPA, and data-processing requests through privacy@klevian.com.

This static fallback is provided for search engines, accessibility tools, security scanners, procurement reviewers, and users when JavaScript is unavailable.