Security you can audit.
Compliance you can demonstrate.
Zelvar is built on enterprise-grade infrastructure with full transparency into how your data is handled.
Security Overview
Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Supabase infrastructure with managed key rotation.
Access Control
Role-based access control (RBAC). 7 role tiers. Row-level security on every database table. JWT authentication on all API routes.
Data Residency
Data stored in US-EAST-1 (AWS). No data sold to third parties. Candidates own their data.
SOC 2 (In Progress)
We are pursuing SOC 2 Type II certification. Expected completion: Q4 2026. Security whitepaper available on request.
Compliance
Full FCRA compliance with 3-layer rejection safeguard, adverse action workflow (WF20), and candidate disclosure rights.
AI voice agent identifies itself as AI before every call. Explicit written consent obtained before any automated outreach.
Bias audit dashboard with Adverse Impact Ratio (AIR) tracking per the EEOC four-fifths rule.
Candidate data deletion on request. Data processing agreement available for all clients.
AI calling scripts include required disclosure language. All-party consent captured before screening calls.
Sub-processors
View full list →| Vendor | Purpose | Data Processed | Region |
|---|---|---|---|
| Supabase | Database & Auth | All candidate + recruiter data | US-East-1 (AWS) |
| Anthropic (Claude) | AI screening analysis | Transcript text only | US |
| Retell AI | Voice calling infrastructure | Audio recordings (90-day retention) | US |
| Twilio | SMS delivery | Phone numbers, message content | US |
| SendGrid | Email delivery | Email addresses, content | US |
| n8n | Workflow automation | Trigger events only, no PII stored | EU/US |
| Netlify | App hosting | No personal data | US |
| Cloudflare | DNS & domain | No personal data | Global |
Responsible AI
Zelvar uses AI for candidate screening. We maintain the following principles:
Candidates are always informed they are speaking with an AI
Humans make all final hiring decisions — AI provides scores and summaries only
AI scores are explainable — every score includes reasoning
Bias audit runs automatically — Adverse Impact Ratio tracked per demographic group
Candidates can request human review of any AI decision
Security inquiries
For security inquiries, vulnerability disclosures, or to request our security whitepaper:
[email protected]