Data Security & Compliance
Last updated: March 22, 2026
1. Security Overview
Empikalyze is designed with security as a core consideration from the ground up. Security is not an afterthought—it's a core design principle.
We implement multi-tenant isolation to ensure your data remains completely separate from other customers. Your organization's data is never shared with others.
We follow the principle of least privilege, ensuring that each component and user has only the minimum access required to perform its function.
2. Technical Safeguards
Encrypted Storage
All data is encrypted at rest and in transit using industry-standard encryption mechanisms.
This ensures that even if physical storage were compromised, your data would remain unreadable without encryption keys.
Secure Authentication
We do not store plaintext passwords. Authentication credentials are handled using secure, industry-standard mechanisms with multi-factor authentication (MFA) support.
Session tokens are short-lived and automatically refreshed to minimize exposure.
Role-Based Access Control
Access to your data is controlled through role-based access control (RBAC). Users can only access data and features relevant to their role within your organization.
Admins can manage user permissions centrally, ensuring appropriate access levels.
Audit Logging (Planned)
Comprehensive audit logging is planned for post-launch, tracking all data access and modifications for accountability and compliance.
3. Organizational Controls
Admin-Controlled Access
Only designated administrators can access sensitive account settings and data. This prevents unauthorized internal access and ensures accountability.
Organisation-Level Data Isolation
All recruiters within your organisation share one credit pool and operate within a single isolated workspace. Data from your organisation is never visible to or accessible by other organisations on the platform.
Internal Access Restrictions
Empikalyze employees have no direct access to customer production data without explicit authorization and audit logging for support cases.
4. AI & Model Safety
Our AI models are designed with privacy and security in mind:
- No memorization: Resume content is processed transiently for generating results and is not used to build persistent training datasets.
- No cross-customer leakage: AI processing and inference are logically isolated per customer to prevent cross-organization data access.
- Contextual output, not storage: AI output is generated based on your resume and job description context. The output is contextual and not used to train shared models.
5. Incident Handling
We take security incidents seriously and have processes in place to handle them:
- Security incidents are handled with high priority and escalated to appropriate teams immediately
- Affected customers are notified without undue delay when incidents involve their data
- We conduct post-incident reviews to understand root causes and implement preventive measures
6. Compliance Positioning
Empikalyze is designed with compliance principles in mind:
- GDPR principles: Our privacy-by-design approach aligns with GDPR principles including data minimization, purpose limitation, and user rights
- India IT Act aware: We are aware of India's Information Technology Act and DPDP (Digital Personal Data Protection) requirements
- Certifications planned: We are planning formal security certifications (ISO 27001, SOC 2) post-launch as the product matures
Important: While we are designed with compliance in mind, we do not claim formal ISO or SOC certifications at this time. These certifications are planned for post-launch.
7. Contact
For security inquiries, vulnerability reports, or compliance questions, please contact us at security@empikalyze.in.