For employers

Security, tenant isolation & AI governance

How Feedback AI protects your hiring data, scopes access by organisation, and keeps humans in the loop.

Updated July 2026 · aligns with shipped SEC fixes (FAI-510–512)

Tenant isolation

Organisation data is scoped server-side. Org admins can only access users, assessments, and candidate records within their organisation. Cross-tenant query parameters are blocked with org-scoped authorization checks.

Defense in depth

  • Default-deny middleware on /api/* with an explicit public allowlist for registration, OTP, and careers browse
  • Assessment and question routes require authentication and assessment-level access checks
  • AI endpoints rate-limited with fail-closed behavior when client IP cannot be determined
  • Scheduled jobs (reminders, payment verification) require CRON_SECRET

Human-in-the-loop hiring

AI generates questions and scores responses, but hiring decisions stay with your team. Integrity signals and authenticity scores are disclosed — never used to auto-reject without review. Verified skill badges require a passing assessment score, giving you a concrete signal beyond résumé keywords.

Data retention

Candidate responses, evaluation records, and audit logs are stored in your organisation's tenant. Contact us for data export or deletion requests per your compliance requirements.

Candidate transparency

Share our candidate-facing integrity page with applicants: How assessments work.

FeedbackAI — AI Job Matching & Hiring Assessment Platform