Security & trust
Built for the team that has to answer the procurement questionnaire.
Candidate data is the most sensitive data a hiring team touches. We treat it that way.
Encryption at rest and in transit
All database columns containing credentials or tokens — including per-tenant SSO client secrets — are encrypted at rest with Fernet. All traffic is TLS 1.2+.
SSO-only sign-in
No shared email/password logins. Users authenticate through your Microsoft Entra, Google Workspace, or any OIDC identity provider. One provider per type per tenant; multiple providers supported simultaneously.
Role-based access
Admin, Recruiter, Hiring Manager, Interviewer, and Candidate roles. Each role sees only what it needs, enforced in both the API and the UI.
Per-tenant isolation
Every query is scoped to the authenticated tenant at the repository layer. Tenant data never crosses boundaries, enforced in code — not just convention.
Audit logging
Every Buster action, every recruiter decision, every rubric edit, every SSO-provider change is captured with actor, timestamp, and payload. Exportable for your internal audit.
SES-delivered transactional mail
All candidate email — interview invites, rejection letters, notifications — goes through AWS SES with a verified sending domain, bounce handling, and a GDPR-compliant unsubscribe header.
GDPR-ready
Soft-delete on candidate records, right-to-erasure workflow, data export on request, data-residency options on the roadmap for EU tenants.
Interview integrity
AI interviews are proctored with gaze tracking and tab-switch detection. Each violation reduces the integrity score. The recruiter sees the full evidence — no black box.
What we don't claim — yet.
DawnStep is a young product. We do not currently hold SOC 2 Type II or ISO 27001 certification. We believe that being honest about this matters more than checking a box on your RFP. Our architecture is designed to pass both audits — multi-tenant isolation, audit logging, encryption, least-privilege IAM, SSO-only access, SES identity verification. When our first cohort of customers requires formal certification, we'll pursue it. In the meantime, we answer every security question directly.
Email security@dawnstep.ai for a security brief, sub-processor list, or pen-test summary.
See it on your own pipeline
Bring a live requisition.
Leave with a shortlist.
30-minute demo. Real job description, your screening criteria, your candidates. By the end of the call you'll know whether DawnStep fits your hiring loop.