Data Protection
Technical and organizational security measures protecting your organization's candidate data on SpeakSights.
Last Updated: February 22, 2026
Security Commitment to Organizations
Every organization's data is fully isolated. Candidate audio, transcripts, and scores are accessible only to your team. SpeakSights implements multiple layers of security as required under GDPR Article 32.
AES-256 Encryption
Per-Org Data Isolation
Automated Data Cleanup
1. Multi-Tenant Data Isolation
SpeakSights is designed as a true multi-tenant system with hard isolation boundaries between organizations:
Database Isolation
Every database query is scoped by organizationId. It is technically impossible for an org user to access another organization's data through the application layer.
- •
candidates— scoped to organizationId + roleId - •
candidate_assessments— scoped to organizationId - •
roles_positions— scoped to organizationId - • All queries verified server-side against authenticated org session
Azure Blob Storage Isolation
All candidate audio and media files are stored under an org-specific path prefix in the b2b-assessments Azure container:
SAS tokens are generated per-request with 2-hour expiry. No permanent public URLs exist.
2. Encryption
2.1 Encryption in Transit
- TLS 1.3: Latest encryption protocol for all web traffic between candidate browsers and SpeakSights
- HTTPS Only: No unencrypted HTTP connections allowed at any point
- Strong Cipher Suites: AES-256-GCM and ChaCha20-Poly1305 preferred
- AI Service Calls: Audio files accessed via HTTPS SAS tokens — all API calls to AssemblyAI, OpenAI, Azure Speech over encrypted connections
2.2 Encryption at Rest
- •Database (Neon PostgreSQL): AES-256 encryption for all records including candidate PII, scores, transcripts
- •Azure Blob Storage: Server-side encryption with Microsoft-managed keys for all audio files
- •Password Hashing: Org user passwords hashed with bcrypt (cost factor 12) — plaintext passwords never stored
3. Access Controls
3.1 Role-Based Access Control (RBAC)
Admin
Full platform access. Manage team, templates, roles, candidates, billing, settings.
Recruiter
Create roles, invite candidates, view assessments, manage pipeline. No billing/settings.
Hiring Manager
View assigned roles and candidate assessments. Read-only pipeline access.
Viewer
Read-only access to specified content. No candidate management.
3.2 Authentication
- JWT-based authentication with HttpOnly cookies — resistant to XSS token theft
- Session tokens validated on every request via Edge middleware
- Candidate access via one-time assessment tokens (7-day expiry)
- Rate limiting on authentication endpoints to prevent brute-force attacks
3.3 SpeakSights Internal Access
SpeakSights engineers follow the principle of least privilege. Production database access requires justification and is audited. No engineer has standing access to candidate audio or PII in production.
4. Data Retention & Automated Deletion
Candidate Audio Files
Default: 30 days from assessment completion (org-configurable: 30–365 days)
Automatically deleted from Azure Blob Storage via the daily retention cron. Default is 30 days — keeps storage costs low while the transcript remains available. Organisation admins can configure 30–365 days in dashboard → Settings → Data & Privacy.
Transcriptions & Analysis Data
Default: 90 days from assessment completion (org-configurable: 30–365 days)
Automated cron job nullifies transcription, analysisData, and questionResponses fields in the database after 90 days by default. Contains verbatim speech — GDPR personal data. 90 days covers most hiring cycles. Organisation admins can configure 30–365 days.
Assessment Scores & Recommendations
Retention: Indefinitely (never auto-deleted) — not configurable
Numeric scores and dimension breakdowns only — no speech content. Kept indefinitely for pipeline analytics and role benchmarking. Low privacy sensitivity under GDPR. Deleted only on account closure. Not user-configurable by design.
Candidate PII (name, email, phone)
Retention: While org account is active
Retained to support hiring pipeline management. Deleted when org account closes or upon individual erasure request.
Audit Trail: All automated deletions are logged in our data_retention_logs table with timestamp, org context, and fields deleted — providing proof of GDPR compliance.
5. Infrastructure Security
5.1 Hosting
- Application: Vercel (ISO 27001, SOC 2 Type II) with edge network globally
- Database: Neon PostgreSQL (SOC 2 Type II) with automatic backups and point-in-time recovery
- File Storage: Microsoft Azure Blob Storage (ISO 27001, SOC 1/2/3, FedRAMP) in US data centers
5.2 Network Security
🛡️ DDoS Protection
Vercel edge network with DDoS mitigation built in
🔥 WAF
Web Application Firewall filtering malicious requests
⚡ Rate Limiting
API rate limiting on all endpoints to prevent abuse
📊 Monitoring
24/7 infrastructure monitoring and anomaly detection
5.3 Backup & Recovery
- • Automated daily database backups retained for 30 days
- • Point-in-time recovery to any second within the last 7 days
- • Disaster recovery plan with 4-hour RTO (Recovery Time Objective)
6. Security Incident Response
In the event of a security incident affecting your organization's data:
Detection & Containment
Isolate affected systems within 1 hour of confirmed breach
Organization Notification
Notify you as Data Controller within 72 hours with breach details, data affected, and immediate remediation steps
Regulatory Notification
Assist you with GDPR Article 33 notification to supervisory authority within 72 hours if required
Candidate Notification
If required under GDPR Article 34, assist you in notifying affected candidates
Remediation & Review
Fix root cause, restore secure operations, provide post-incident report
To report a security vulnerability: security@speaksights.com — We aim to respond within 24 hours.