Security & Trust

Built for privacy-first recruitment workflows

BrandingCV is designed to help recruitment agencies share candidate information securely and professionally, with controls that support GDPR, CCPA, and DPDP compliance workflows.

Encrypted Processing

All uploads and processing use TLS 1.2+ encryption in transit and AES-256 at rest.

Ephemeral File Handling

Source resumes are processed ephemerally. Files are removed from processing storage after profile generation.

Logical Tenant Separation

Agency data is logically isolated at the database level with controls designed to prevent cross-tenant data exposure.

Human Review Controls

AI-assisted redaction flags uncertain items. Agencies review and approve outputs before sharing with clients.

Privacy Regulation Support

Designed to support agencies working under GDPR, CCPA, and India's DPDP Act with configurable redaction rules.

Processing History

Track processing actions, reviewer decisions, and generated document versions for internal audit purposes.

Authorized Sub-processors

We use the following sub-processors, bound by Data Processing Agreements, to deliver BrandingCV:

Sub-processorPurposeLocation
Vercel Inc.Cloud Hosting & Edge ComputeGlobal / USA
Cloudflare Inc.CDN, DDoS Protection, Object Storage (R2)Global
Dodo PaymentsPayment Processing & Merchant of RecordUK / Global
MongoDB AtlasDatabase HostingGlobal (AWS)

AI Transparency

BrandingCV uses AI to assist with PII detection, skills extraction, and candidate summary generation. AI is probabilistic by nature — outputs may contain errors or miss edge cases.

We provide human review controls so agencies can verify every redaction and extracted field before generating the final candidate profile. Final outputs should always be reviewed by a qualified person before distribution to clients.

BrandingCV does not guarantee complete PII removal. Agencies remain responsible for reviewing outputs as Data Controllers under applicable privacy laws.

Privacy & Security FAQ

Is BrandingCV SOC 2 certified?

BrandingCV is designed around security, availability, and confidentiality controls inspired by SOC 2 principles. We are not currently SOC 2 certified.

Where is candidate data stored?

Candidate data is processed ephemerally on Vercel's cloud infrastructure. Generated profiles and agency settings are stored on MongoDB Atlas (AWS). Files are temporarily stored on Cloudflare R2.

Does BrandingCV guarantee complete PII removal?

No. BrandingCV uses AI-assisted redaction which significantly reduces manual effort and error rates, but AI is probabilistic. We provide human review controls so agencies can verify outputs before sharing.

How does BrandingCV support GDPR compliance?

BrandingCV provides data minimization controls, ephemeral processing, configurable redaction rules, and the ability to delete processed data. Agencies using BrandingCV remain the Data Controller and should review outputs.