HiringCoachAI

Trust center

Last reviewed 2026-05-16

HiringCoachAI is used by job seekers, who share resumes, career history, salary expectations, and application drafts with the product. We designed the product so that content stays under the user's control, AI features do not train on user inputs, and the experience is usable whether or not the user can see, hear, or use a mouse.

This trust center is the canonical source for our security, privacy, AI, and accessibility posture. The four commitments below describe the controls in place; the catalog further down has the policy, framework, and evidence detail behind each. Where coverage is partial, our written answers and the public roadmap say so directly.

Your career data is yours
Export everything you've created on the platform at any time. Delete your account and we delete your data with it. We don't sell, share, or rent personal data for advertising, and we don't train AI models on your career content. The AI providers we use have committed not to either.
AI under per-request controls
Every AI feature is disclosed with the data it processes, the provider, and the trigger. Where the provider supports retention-minimizing controls, we send them on every request, so generated content isn't held by the provider beyond the immediate call.
Accessible by default
WCAG 2.1 Level AA conformance verified across the public web application. No separate accessibility mode, no third-party overlay, no AI-substituted interface. Keyboard navigation, focus management, screen-reader landmarks, and 320-pixel reflow are part of the default UI.
Built on audited infrastructure
Google Cloud, Vercel, Cloudflare, and Stripe each carry SOC 2 Type II at minimum; Google Cloud's infrastructure additionally holds ISO 27001, PCI DSS, HIPAA, and FedRAMP High. Our application layer adds encryption, audit logging, input validation, and AI safety controls. Coverage and current state are documented in the security overview and HECVAT response.
For institutional security reviewers
A completed HECVAT 4.1.5 and supporting evidence bundle are available on request from [email protected]. Most reviewers also find what they need by browsing the public compliance documentation catalog.
Privacy & data-subject requests
[email protected]
Security & vulnerability reports
[email protected]
Accessibility feedback
[email protected]

Customer policies

Privacy & data

  • Privacy policy
    What data we collect, how we use it, your rights, and how to exercise them.
  • Cookie policy
    Cookie categories, what we set them for, and how to manage your preferences.
  • Sub-processors
    Third parties that may process customer data on our behalf, with purposes and certifications.

Security

  • Security overview
    Hosting, encryption, identity, audit logging, and the application-security controls in place today.
  • Responsible disclosure
    How to report a security vulnerability and what to expect from us in return.

AI

  • AI use disclosure
    Every AI feature with the data it processes, the provider, and the trigger.

Accessibility

  • Accessibility statement
    WCAG 2.1 AA commitment, supported assistive technology features, and how to report issues.
  • Accessibility Conformance Report (VPAT)
    Per-criterion conformance against WCAG 2.1 AA, available as JSON, Markdown, HTML, or PDF.
  • Accessibility roadmap
    Dated milestones for live screen-reader verification, evidence refreshes, release-process accessibility checks, and external accessibility-review planning, through March 2027.

Compliance documentation

We maintain a comprehensive set of compliance documents covering security, privacy, AI governance, change management, resilience, and accessibility. Our control set is mapped to the NIST Cybersecurity Framework 2.0 and CIS Critical Controls v8 Implementation Group 1, with published mappings in the catalog.

Browse the compliance documentation catalog
Every published document, grouped by topic.

Regulatory posture

PCI DSS
Stripe hosts card capture. Our infrastructure never sees primary account, CVV, or card-track data (SAQ-A merchant scope).
HIPAA
Our Terms of Service prohibit submission of PHI. We are not a Business Associate and do not execute BAAs.
GDPR / UK GDPR
2021 EU Standard Contractual Clauses and the UK IDTA apply to cross-border transfers.
CCPA / CPRA
We act as a service provider. No sale or sharing of personal data.

Legal entity

HiringCoachAI is operated by Elite Ad Operations, LLC d/b/a JumpYield, a California limited liability company. Contracts and Data Processing Agreements are entered with that entity.

showUpgradeModal: false, modalType: migration, planName: