Security Practices

HireAudit is a compliance tool. We hold ourselves to a higher data security standard than we ask of our clients. This page describes, in plain language, exactly how we protect your data. We update it whenever our practices change.

Our security commitment

A compliance tool that cannot protect your data is not a compliance tool — it is a liability. We designed HireAudit's data handling from first principles: collect the minimum, retain the minimum, encrypt everything, be transparent about all of it, and give you control. Every practice described on this page is in effect today, not aspirational.

Encryption in transit and at rest

All data transmitted to and from HireAudit is encrypted using TLS 1.3. All data stored on our servers — including uploaded documents, extracted text, and compliance findings — is encrypted at rest using AES-256.

Automatic document deletion

Uploaded documents are automatically and permanently deleted from our storage systems 30 days after your compliance report is delivered. You receive an email confirmation when deletion occurs. You may request immediate deletion at any time by emailing [email protected] — we complete deletion requests within 48 hours.

No third-party tracking

We do not use Google Analytics, Facebook Pixel, session recording tools, advertising networks, or any third-party tracking technology on this site. The only cookie we set is a session cookie required for authentication.

No AI training on your data

Your documents and compliance findings are never used to train, fine-tune, evaluate, or improve any AI model. Your data is processed to generate your report and for no other purpose. This commitment is absolute and unconditional.

Minimal data collection

We collect only what is necessary to provide the service: your name, email, company name, uploaded documents, and AI vendor list. We do not collect behavioral data, browsing history, or any information beyond what you explicitly provide.

72-hour breach notification

In the event of a security incident affecting your personal data, we will notify you by email within 72 hours of becoming aware of the breach. This commitment applies to all customers regardless of location and meets or exceeds GDPR, CCPA, and applicable US state breach notification requirements.

How your data flows through our system

1
Upload: Your documents travel over TLS 1.3 to our server. They are never written to temporary disk storage unencrypted.
2
Storage: Files are stored in AES-256 encrypted cloud object storage with a unique, non-guessable key per file. No public enumeration is possible.
3
Analysis: Extracted text is sent to an AI language model for compliance analysis. The model processes your text and returns findings. Your data is not retained by the model between sessions.
4
Report delivery: Findings are stored in an encrypted database and displayed on your private report dashboard. Only you can access your report.
5
Deletion: 30 days after report delivery, an automated job permanently deletes your uploaded files from object storage. You receive an email confirmation.

Responsible disclosure

If you discover a security vulnerability in HireAudit, please report it to [email protected]. We will acknowledge your report within 24 hours, investigate promptly, and keep you informed of our progress. We do not pursue legal action against researchers who report vulnerabilities in good faith.

This page was last reviewed and updated: April 6, 2026. We review our security practices quarterly and update this page whenever practices change.