Built for privacy-first recruitment workflows
BrandingCV is designed to help recruitment agencies share candidate information securely and professionally, with controls that support GDPR, CCPA, and DPDP compliance workflows.
Encrypted Processing
All uploads and processing use TLS 1.2+ encryption in transit and AES-256 at rest.
Ephemeral File Handling
Source resumes are processed ephemerally. Files are removed from processing storage after profile generation.
Logical Tenant Separation
Agency data is logically isolated at the database level with controls designed to prevent cross-tenant data exposure.
Human Review Controls
AI-assisted redaction flags uncertain items. Agencies review and approve outputs before sharing with clients.
Privacy Regulation Support
Designed to support agencies working under GDPR, CCPA, and India's DPDP Act with configurable redaction rules.
Processing History
Track processing actions, reviewer decisions, and generated document versions for internal audit purposes.
Authorized Sub-processors
We use the following sub-processors, bound by Data Processing Agreements, to deliver BrandingCV:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Cloud Hosting & Edge Compute | Global / USA |
| Cloudflare Inc. | CDN, DDoS Protection, Object Storage (R2) | Global |
| Dodo Payments | Payment Processing & Merchant of Record | UK / Global |
| MongoDB Atlas | Database Hosting | Global (AWS) |
AI Transparency
BrandingCV uses AI to assist with PII detection, skills extraction, and candidate summary generation. AI is probabilistic by nature — outputs may contain errors or miss edge cases.
We provide human review controls so agencies can verify every redaction and extracted field before generating the final candidate profile. Final outputs should always be reviewed by a qualified person before distribution to clients.
BrandingCV does not guarantee complete PII removal. Agencies remain responsible for reviewing outputs as Data Controllers under applicable privacy laws.
Privacy & Security FAQ
Is BrandingCV SOC 2 certified?
BrandingCV is designed around security, availability, and confidentiality controls inspired by SOC 2 principles. We are not currently SOC 2 certified.
Where is candidate data stored?
Candidate data is processed ephemerally on Vercel's cloud infrastructure. Generated profiles and agency settings are stored on MongoDB Atlas (AWS). Files are temporarily stored on Cloudflare R2.
Does BrandingCV guarantee complete PII removal?
No. BrandingCV uses AI-assisted redaction which significantly reduces manual effort and error rates, but AI is probabilistic. We provide human review controls so agencies can verify outputs before sharing.
How does BrandingCV support GDPR compliance?
BrandingCV provides data minimization controls, ephemeral processing, configurable redaction rules, and the ability to delete processed data. Agencies using BrandingCV remain the Data Controller and should review outputs.