Trust center
Last reviewed 2026-04-24
HiringCoach.ai takes the security, privacy, and accessibility of your data seriously. This page links to the documentation we maintain and keep current.
Security and privacy
- Security overview
- Privacy policy
- Cookie policy
- AI use disclosure
- Sub-processors
- Responsible disclosure
- Accessibility
- Accessibility Conformance Report (VPAT)
Compliance posture
- Aligned with NIST CSF 2.0 and CIS Critical Controls v8 IG1.
- Hosted on Google Cloud (SOC 1/2/3, ISO 27001, PCI DSS, HIPAA, FedRAMP High) and Vercel (SOC 2 Type II).
- PCI DSS scope: Stripe hosts card capture; our infrastructure never sees card data (SAQ-A).
- HIPAA: our Terms of Service prohibit submission of PHI; we are not a Business Associate.
- GDPR / UK GDPR: 2021 EU SCCs and UK IDTA apply to cross-border transfers.
- CCPA / CPRA: we act as a service provider; no sale or sharing of personal data.
How to contact us
- Security: [email protected] (see also responsible disclosure)
- Privacy / DSR: [email protected]
- Accessibility: [email protected]
Working with higher education institutions
We maintain a completed HECVAT 4.1.5 response and a supporting evidence bundle. Email [email protected] to request it.