Last Updated: December 12, 2025
SmartInterviews.AI protects user and candidate data using enterprise-grade security practices incorporating modern encryption, infrastructure hardening, monitoring, and operational controls.
1. Data Encryption
- In transit: TLS 1.2+
- At rest: AES-256 encryption
- Secure storage of video/audio files
- Salted & hashed passwords (bcrypt/argon2)
2. Infrastructure Security
- Hardened server images
- Isolated environments for PII
- Firewall & WAF protection
- Zero-trust access principles
- Automatic security updates
- Rate limiting & DDoS protection
3. Access Control
- Strict role-based access (RBAC)
- Multi-factor authentication (MFA) for internal admins
- Audit logs for sensitive operations
- Least-privilege access model
Security Commitment:
No engineer or employee can access candidate videos without explicit authorization.
4. Application Security
- Regular penetration tests
- Automated vulnerability scanning
- Secure development lifecycle (SDLC)
- Code reviews for all deployments
- Asset encryption and secure key vaults
5. Monitoring & Incident Response
- Real-time anomaly detection
- 24/7 monitoring
- Incident response plan
- Notification to customers within 72 hours in case of a data breach
6. Vendor Management
All sub-processors undergo:
- Security evaluations
- Contractual data protection obligations
- Annual compliance reviews
7. Business Continuity
- Encrypted daily backups
- Multi-region failover
- Disaster recovery plan
8. Customer Responsibilities
Employers must:
- Restrict dashboard access internally
- Apply strong password policies
- Handle downloaded recordings securely
← Back to Home