Book a demoVoyse connects live to your ATS and runs an assistant on your careers site. Here is how we protect candidate data, govern the models, and stay accountable — with the full Trust Pack available once we're engaged.
We state status plainly, without dates. “In progress” means work that is genuinely underway — we don't pre-announce certifications we haven't begun.
The summaries below are the public version. Every one expands into evidence, control mappings and operating detail in the Trust Pack.
Logical tenant isolation on every authenticated request, least-privilege access, and secrets kept out of code — running on a serverless AWS estate defined entirely as code.
You stay the controller for candidate data and set the lawful basis; Voyse processes on your documented instructions under a data processing agreement, and never determines the purpose.
The assistant answers only from content you approve, cites its sources, and says so when it doesn't know. It never screens, scores, ranks or rejects candidates, and makes no hiring decisions.
Serverless across multiple availability zones, daily snapshots exported to independent storage, and a severity-graded incident process with a clear customer-notification commitment.
These commitments cover Voyse Intelligence, our AI assistant. Customer and candidate data is used only to serve your own tenant at inference time. It is never pooled across tenants for model training, and it is never used to train Voyse-owned models. Foundation models are accessed via provider APIs under enterprise terms that prohibit training on submitted data.
Candidate and company information appears only when it is directly relevant to the question at hand — grounded in retrieved evidence, never inferred.
The assistant answers from the knowledge base you curate and the campaigns you configure. Defaults are conservative: approved content only.
Each claim carries a structured reference to the source it came from, so any surfaced statement can be traced to its origin.
This is the canonical, public list. Customers are notified of material changes per the data processing agreement.
| Sub-processor | Purpose | Processing location | Security page |
|---|---|---|---|
| Amazon Web Services | Cloud hosting, compute, storage, identity, email & messaging | EU · Ireland | aws.amazon.com/compliance |
| AWS Bedrock (Amazon Nova) | AI inference — classification, query & memory tasks | EU · Ireland | aws.amazon.com/bedrock |
| MongoDB Atlas | Primary database & vector search | EU · Ireland | mongodb.com/trust |
| OpenAI | LLM inference (final answer) & text embeddings | United States | openai.com/security |
| Cloudinary | Media storage & delivery (images, video) | United States | cloudinary.com/trust-center |
| Perplexity | AI research enrichment (ancillary) | United States | perplexity.ai/hub/legal |
US transfers rely on the UK IDTA and, for EU data, the EU SCCs, with transfer risk assessed. Full scopes and contractual terms are available under NDA.
So you don't have to start from a blank questionnaire. Request anything below from the security team.
Security questionnaires, NDA requests, DPA execution and vulnerability reports all go to one place. We'll route them to the right specialist, and share the full Trust Pack once we're engaged.