Where we stand on security.

Certifications take time. The controls behind them don't. Here's what's already in place, where each framework sits, and how candidate data is governed.

Frameworks

SOC 2 Type II

Type I controls observation begins Q3 2026. Type II report targeted for 2027.

In Progress

ISO/IEC 27001

ISMS scope and risk register being maintained. Stage 1 audit targeted for 2027.

In Progress

GDPR

DPA available. EU-hosted by default. DSR workflow built into the product. ROPA maintained.

COMPLIANT

EU AI Act

High-risk system under Annex III. Designing to meet provider obligations under Articles 9–15.

aligned

Controls in
place today

Encryption

AES-256 at rest. TLS 1.3 in transit. Keys managed in AWS KMS.

Identity

SSO via SAML/OIDC. MFA enforced for every employee account.

Access Control

Role-based access. Least privilege by default. Quarterly reviews.

Data Residency

Hosted on AWS in eu-west-1 (Dublin). EU residency for EU tenants.

Secure SDLC

Mandatory PR review. SAST, DAST, dependency and secrets scanning in CI.

Audit Logging

Every candidate data access is logged and retained for 12 months.

Backups & Recovery

Encrypted daily backups. Restore procedure tested every quarter.

Incident Response

Documented IR plan. 24-hour customer notification commitment.

Try it risk-free with $250 in credits.

Book a Demo

© tendent.ai 2025. All rights reserved.

SecurityImprintPrivacy Policy
Follow us on LinkedIn