Security & Privacy

Data Protection

• Encryption in transit: All connections use TLS 1.2+ with HSTS preload enabled
• Encryption at rest: Sensitive candidate data (phone numbers, interview transcripts, AI evaluations, salary data, resume text) is encrypted at the field level using AES-128-CBC
• Password security: Argon2id hashing with OWASP-recommended parameters
• Integration credentials: OAuth tokens for third-party integrations are encrypted at rest
• No plaintext secrets: All credentials, API keys, and encryption keys are stored as environment variables, never in the codebase

Privacy by Design

• No tracking cookies: We use only three strictly necessary cookies for authentication and security. No analytics, advertising, or third-party tracking
• Automated data retention: Voice recordings and AI analysis are automatically destroyed after 90 days. Rejected candidate data is anonymised after 180 days. Audit logs are purged on schedule
• IP anonymisation: IP addresses in activity logs are automatically truncated after 30 days
• Data subject rights: Candidates can export or delete their data through our self-service Data Rights portal, verified via one-time passcode
• Demographic data isolation: Voluntary diversity surveys are stored separately from candidate records using one-way hashing, with no direct link to hiring decisions

Access Controls

• Multi-tenant isolation: Every workspace is isolated at both the application and database level. Cross-tenant access is architecturally prevented
• Role-based access: Workspace members have owner, lead, member, or viewer roles with granular permissions
• Short-lived tokens: Access tokens expire after 15 minutes with automatic rotation
• Brute-force protection: Accounts are locked after repeated failed login attempts
• Rate limiting: All API endpoints are rate-limited to prevent abuse

Compliance Commitments

We take a proactive approach to regulatory compliance across the jurisdictions we operate in:

• GDPR: Committed to compliance with the EU General Data Protection Regulation. We maintain a Record of Processing Activities (ROPA), conduct Data Protection Impact Assessments for our AI features, and have a documented incident response plan with 72-hour notification procedures
• Australian Privacy Act: Built in accordance with the Australian Privacy Principles (APPs). Cross-border data transfers are documented with appropriate safeguards under APP 8
• Data Processing Agreements: Available on request for customers who need formal processor agreements. Contact privacy@yojivo.com
• Sub-processor transparency: Details of our sub-processors and their data handling are available on request

AI Transparency

Our AI-assisted hiring features are designed with transparency and human oversight:

• Candidate visibility: Candidates can view their AI evaluation scores and the dimensions used in assessment
• Human review: Candidates can request a fully human review of their application at any time, as required under GDPR Article 22
• Informed consent: AI screening and voice interview features require explicit, granular consent before any data is processed
• Biometric data: Voice recordings are treated as biometric data with full disclosure of retention periods (90 days) and destruction methods. See our Biometric Data Retention Policy
• No automated decisions: AI scores assist human decision-makers. No hiring decision is made solely by AI

Incident Response

We maintain a documented incident response plan covering breach detection, classification, containment, and notification. In the event of a data breach affecting your organisation, we will notify you in accordance with our contractual obligations, GDPR Article 33 (72-hour supervisory authority notification), and the Australian Notifiable Data Breaches scheme.

Contact

For security inquiries, vulnerability reports, or to request our Data Processing Agreement, contact our Data Protection Contact:

Email: privacy@yojivo.com

For a full description of our data handling practices, see our Privacy Policy.