LexTalent.ai
TRUST CENTER

Security, Compliance & Data Handling

Transparency is foundational to enterprise trust. This page documents our current security posture, compliance roadmap, and data handling practices. All statements reflect our current operational state and are updated as certifications progress.

Compliance Roadmap

The following certifications and compliance frameworks are part of our roadmap. Percentages represent internal self-assessment progress and have not been independently verified by a third-party auditor unless explicitly stated.

SOC 2 Type I
Internal readiness ~65% — target Q3 2026 for independent audit
In Progress
SOC 2 Type II
Planned after Type I completion — target Q1 2027
Planned
GDPR Compliance
Data Processing Agreement available at /dpa
Active
NYC Local Law 144 (LL144)
Bias audit framework in development — target Q4 2026
In Progress
Colorado AI Act (SB 21-169)
Impact assessment documentation in progress — target Q4 2026
In Progress
EU AI Act (High-Risk AI)
Monitoring regulatory guidance — assessment planned for 2027
Planned
ISO 27001
Planned for 2027 after SOC 2 completion
Planned

Data Handling Practices

Data at Rest

  • All candidate assessment data is encrypted at rest using AES-256 encryption
  • Database hosted on TiDB Cloud with automatic encryption and daily backups
  • File storage uses AWS S3 with server-side encryption (SSE-S3)
  • No candidate PII is stored in application logs

Data in Transit

  • All API communications use TLS 1.2+ encryption
  • HTTPS enforced across all endpoints with HSTS headers
  • WebSocket connections for real-time features use WSS (encrypted)

Data Retention & Deletion

  • Assessment data retained for 24 months from submission date
  • Candidates may request data deletion via the contact form or DPA process
  • Deletion requests processed within 30 days per GDPR Article 17
  • Anonymized, aggregated analytics data may be retained for product improvement

AI & LLM Usage

  • LLM-based scoring uses the platform's built-in API — no candidate data is sent to third-party AI providers
  • AI scoring prompts do not include candidate names or identifying information
  • All AI-generated scores include a human-reviewable reasoning trace
  • No candidate data is used to train or fine-tune any AI model

AI Fairness & Bias Mitigation

As an AI-powered assessment platform, we take algorithmic fairness seriously. Our approach to bias mitigation is evolving and currently includes:

Current Measures

  • Assessment scenarios are reviewed for cultural and linguistic neutrality
  • Scoring rubrics evaluate observable behavior (tool calls, code output, reasoning traces) rather than subjective qualities
  • The 6-axis scoring framework is grounded in I/O psychology research on work-sample testing validity
  • All scoring dimensions have explicit, documented criteria to reduce scorer subjectivity

Planned Measures (2026–2027)

  • Independent bias audit per NYC LL144 requirements (target Q4 2026)
  • Adverse impact analysis across demographic groups when sufficient data is available
  • Regular fairness reviews of AI scoring patterns by an external I/O psychology consultant
  • Colorado AI Act impact assessment documentation (target Q4 2026)

Infrastructure & Subprocessors

The following third-party services process data as part of the LexTalent.ai platform:

ProviderPurposeData Location
TiDB CloudPrimary databaseUS / configurable
AWS S3File storage (assessment artifacts)US East
Manus PlatformAuthentication, LLM inference, hostingUS / EU
ResendTransactional email deliveryUS
StripePayment processingUS / EU

Questions or Concerns?

For security inquiries, data deletion requests, or compliance questions, please contact us through our dedicated channels:

Last updated: February 2026. This page is reviewed and updated quarterly.