For employers
Security, tenant isolation & AI governance
How Feedback AI protects your hiring data, scopes access by organisation, and keeps humans in the loop.
Tenant isolation
Organisation data is scoped server-side. Org admins can only access users, assessments, and candidate records within their organisation. Cross-tenant query parameters are blocked with org-scoped authorization checks.
Defense in depth
- Default-deny middleware on
/api/*with an explicit public allowlist for registration, OTP, and careers browse - Assessment and question routes require authentication and assessment-level access checks
- AI endpoints rate-limited with fail-closed behavior when client IP cannot be determined
- Scheduled jobs (reminders, payment verification) require
CRON_SECRET
Human-in-the-loop hiring
AI generates questions and scores responses, but hiring decisions stay with your team. Integrity signals and authenticity scores are disclosed — never used to auto-reject without review. Verified skill badges require a passing assessment score, giving you a concrete signal beyond résumé keywords.
Data retention
Candidate responses, evaluation records, and audit logs are stored in your organisation's tenant. Contact us for data export or deletion requests per your compliance requirements.
Candidate transparency
Share our candidate-facing integrity page with applicants: How assessments work.