TRUST & SECURITY

Enterprise-grade safeguards for
your candidate data.

ShortlistTable is built from the ground up for strict data isolation, complete data sovereignty, and audited privacy compliance. Your trust is our foundation.

01 / PROTOCOLACTIVE Safeguard

No LLM Model Training

Your candidate data, resumes, job descriptions, and custom evaluations are strictly private. We never share, sell, or use your data to train public or third-party AI models.

COMPLIANT COREISO 27001 ALIGNED
02 / PROTOCOLACTIVE Safeguard

Complete Tenant Isolation

Every resource belongs to a specific workspace tenant. Strict schema checks in our application and API middleware prevent cross-workspace data leakage.

COMPLIANT COREISO 27001 ALIGNED
03 / PROTOCOLACTIVE Safeguard

Encryption in Transit & At Rest

All candidate document transfers are secured with TLS 1.3. Persistent database tables, structured values, and resume files are encrypted at rest using AES-256.

COMPLIANT COREISO 27001 ALIGNED
04 / PROTOCOLACTIVE Safeguard

14-Day Automated Data Purges

We enforce strict retention limits. When a workspace trial expires, or when an executive chooses to purge a batch, candidate records are permanently deleted from database disks.

COMPLIANT COREISO 27001 ALIGNED
SOC 2 Posture

Our SOC 2 Type I & II Roadmap.

We are currently completing third-party security audits under AICPA Trust Services Criteria. Our infrastructure is hosted exclusively on AWS US-East data centers, which are fully SOC 2 Type II certified.

Request Security Package
COMPLIANCE FAQ

Frequently asked trust questions

Do you share or sell candidate files?
Absolutely not. Candidate documents are processed solely to populate your workspace spreadsheet database. We never license, sell, or distribute your candidates' resumes or contact information to any external party.
Are your AI models using our data?
No. The AI models we utilize (such as Anthropic Claude or OpenAI GPT) are accessed via standard API interfaces where data is not persisted and is strictly exempt from training. Your job descriptions, screening criteria, and resume files never contribute to standard public AI training data.
Can I request a complete deletion of my workspace?
Yes. Under GDPR and global privacy guidelines, you can request a complete, permanent purge of your workspace database and all associated resumes at any time. Clicking 'Delete Workspace' in your settings queues all records for immediate physical destruction on database disks.