Meta Pixel
Asendia AI LogoAsendia AI

Security & Compliance

Asendia AI is committed to maintaining robust security protections for all users of our platform. This Security & Compliance page outlines our comprehensive approach to protecting your data and ensuring regulatory compliance.

Security is at the heart of what we do—helping our customers improve their security and compliance posture starts with our own. As Asendia AI, we power Sarah, our advanced AI interviewer that conducts automated interviews, screens candidates, detects fraud, and integrates with 50+ ATS systems. We handle sensitive recruitment data, AI-generated interview recordings, candidate assessments, and proprietary AI models that require the highest levels of protection. Our comprehensive security program ensures the confidentiality, integrity, and availability of all data entrusted to our platform.

Security Governance

Our security governance framework establishes policies and controls based on foundational principles:

Core Principles

  • Least Privilege: Access granted based on legitimate business needs
  • Defense in Depth: Multiple layers of security controls
  • Consistent Application: Security controls applied across all areas
  • Continuous Improvement: Iterative security program evolution

Implementation

  • Regular security assessments and audits
  • Security awareness training for all employees
  • Risk-based decision making framework
  • Incident response and business continuity planning

Data Protection & Encryption

Data at Rest

All datastores containing recruitment data, Sarah's AI-generated interview recordings, candidate assessments, and AI model outputs, in addition to S3 buckets, are encrypted at rest. Additionally, sensitive data such as interview transcripts, candidate responses, AI scoring algorithms, and proprietary model weights is protected with field-level encryption.

This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive recruitment information or compromise our AI interview capabilities.

Data in Transit

Asendia AI uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks, including Sarah's AI interview recordings, multilingual candidate responses, fraud detection data, and AI assessment results. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit.

Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers, ensuring secure transmission of all recruitment-related data across our supported languages including English, Spanish, French, German, Arabic, and more.

Secret Management

Encryption keys are managed via AWS Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of Amazon and Asendia AI. The keys stored in HSMs are used for encryption and decryption via Amazon's KMS APIs.

Application secrets, including AI model credentials and database connection strings, are encrypted and stored securely via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited to authorized systems.

AI Model & Sarah Protection

Protecting Sarah, our proprietary AI interviewer, is fundamental to our security program. We implement advanced measures to safeguard our AI models and prevent unauthorized access or replication.

Model Security

  • Proprietary AI algorithms encrypted and secured
  • Model weights and training data protected with advanced encryption
  • Regular security audits of AI inference pipelines
  • Access controls for AI model updates and deployments
  • Monitoring for model poisoning and adversarial attacks

Interview Integrity

  • Fraud detection algorithms protect against cheating and AI assistance
  • Tab switching, script usage, and external AI tool detection
  • Behavioral analysis for authentic candidate responses
  • Secure video/audio streaming for interview sessions
  • Immutable audit trails for all interview interactions

Product Security & Development

Our Secure Development Lifecycle (SDLC) ensures robust security throughout the development process:

Penetration Testing

Asendia AI engages with leading penetration testing consulting firms at least annually. Our preferred partners specialize in AI/ML security, GraphQL API security, and recruitment technology assessments.

All areas of the Asendia AI platform and cloud infrastructure are in-scope for these assessments, including Sarah's AI interview algorithms, fraud detection systems, multilingual processing pipelines, and integrations with 50+ ATS systems like Greenhouse, Workable, and Lever. Source code is fully available to testers to maximize effectiveness and coverage.

We make summary penetration test reports available upon request to demonstrate our security posture for enterprise clients.

Vulnerability Scanning

Asendia AI requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):

  • Static analysis (SAST) testing of code during pull requests and on an ongoing basis
  • Software composition analysis (SCA) to identify known vulnerabilities in our AI/ML software supply chain
  • Malicious dependency scanning to prevent the introduction of malware into our AI models and Sarah's capabilities
  • AI-specific security scanning for model vulnerabilities and adversarial attack vectors
  • Dynamic analysis (DAST) of running applications and multilingual API endpoints
  • Network vulnerability scanning on a regular basis across our global infrastructure
  • External attack surface management (EASM) continuously monitoring our recruitment platform

Enterprise Security Measures

Endpoint Protection

  • Centrally managed corporate devices for our global recruitment team
  • Mobile Device Management (MDM) software for secure remote work
  • Advanced anti-malware protection across all endpoints
  • 24/7/365 security monitoring for recruitment operations
  • Secure configuration enforcement for interview tools

ATS Integration Security

  • Secure API integrations with 50+ ATS platforms
  • OAuth 2.0 and token-based authentication
  • Data encryption during ATS synchronization
  • Regular security audits of integration endpoints
  • Granular permissions for ATS data access

Identity & Access

Okta-powered identity management with WebAuthn authentication.

Role-based access with special controls for recruitment data systems.

Network Security

  • Modern VPN platform (Tailscale/WireGuard)
  • Malware-blocking DNS servers
  • Network segmentation for AI systems
  • Intrusion detection and prevention
  • Global infrastructure vulnerability assessments

Data Privacy

At Asendia AI, data privacy is a first-class priority—we strive to be trustworthy stewards of all sensitive recruitment data, candidate information, and interview recordings.

Privacy Shield

Asendia AI maintains an active Privacy Shield membership for EU-US and Swiss-US data transfers, ensuring compliance with international privacy standards for cross-border recruitment activities.

Regulatory Compliance

Asendia AI evaluates updates to regulatory and emerging frameworks continuously to evolve our program, with special focus on recruitment industry regulations and AI ethics guidelines.

Privacy Policy, DPA, and ISA

View Asendia AI's Privacy Policy | View our list of subprocessors | View our DPA | View our ISA

Compliance & Certifications

We maintain compliance with industry-leading standards and regulations:

Asendia AI maintains compliance with industry-leading standards:

🏛️

SOC 2 Type II

Annual attestation of security controls

🏥

HIPAA

Health Insurance Portability and Accountability Act

🇪🇺

GDPR

EU General Data Protection Regulation

🇺🇸

CCPA

California Consumer Privacy Act

ISO 27001 certified Information Security Management System

Security Education

Asendia AI provides comprehensive security training to all employees upon onboarding and annually through educational modules. In addition, all new employees attend a mandatory live onboarding session centered around key security principles.

All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices, with special emphasis on AI/ML security and protecting sensitive recruitment data.

Asendia AI's security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention, including emerging threats in the recruitment technology sector.

Vendor Security

Asendia AI uses a risk-based approach to vendor security. Factors which influence the inherent risk rating of a vendor include:

  • Access to candidate and employer data
  • Integration with production recruitment environments
  • Potential damage to the Asendia AI brand

Once the inherent risk rating has been determined, the security of the vendor is evaluated in order to determine a residual risk rating and an approval decision for the vendor. This includes assessment of ATS providers, background check services, and other recruitment technology partners.

Incident Response & Business Continuity

We maintain comprehensive incident response and business continuity capabilities:

Incident Response

  • Dedicated incident response team
  • 24/7 monitoring and alerting
  • Defined escalation procedures
  • Regular incident response testing
  • Post-incident analysis and improvement

Business Continuity

  • Data backup and recovery procedures
  • Disaster recovery planning
  • Business impact analysis
  • Regular backup testing and validation
  • Geographic redundancy and failover

Contact Us

If you have any questions about our security practices, Sarah's AI capabilities, compliance certifications, or data protection measures for recruitment data, please contact us:

  • General Contact: hello@asendia.ai
  • Address: 251 Little Falls Drive, Wilmington, Delaware 19808

Last Updated: January 2025