Enterprise-Grade Compliance
VivyaScreen is built on a foundation of security, privacy, and regulatory compliance. We adhere to the world's most rigorous data protection frameworks to keep your data safe.
GDPR
EU CompliantGeneral Data Protection Regulation
Full compliance with the EU General Data Protection Regulation, ensuring the highest standards of data protection for all users in the European Economic Area.
Lawful Basis for Processing
We process personal data only under legitimate legal bases — contractual necessity for recruitment services, explicit consent for optional features, and legitimate interest for platform security and fraud prevention.
Data Minimization & Purpose Limitation
We collect only the data strictly necessary for recruitment screening. Candidate data is never used for marketing, profiling beyond recruitment scope, or shared with unauthorized third parties.
Data Subject Rights
Full support for all GDPR rights including access, rectification, erasure (right to be forgotten), portability, restriction of processing, and objection. Requests are processed within 30 days via our DPO.
Cross-Border Data Transfers
International data transfers are protected by Standard Contractual Clauses (SCCs) and EU adequacy decisions. We maintain a transparent sub-processor list available to all data controllers.
Data Protection Impact Assessments
We conduct DPIAs for all high-risk processing activities, including AI-driven candidate scoring and automated screening. Results are reviewed quarterly and shared with supervisory authorities upon request.
SOC 2
Type II CertifiedSOC 2 Type II Certification
SOC 2 Type II certified, demonstrating continuous adherence to the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.
Security
Multi-layered security controls including network firewalls, intrusion detection systems, vulnerability scanning, and 24/7 security monitoring. All infrastructure changes go through change management with peer review.
Availability
99.99% uptime SLA backed by redundant infrastructure, automated failover, disaster recovery with <4-hour RTO, and real-time health monitoring with automated incident escalation.
Processing Integrity
All AI scoring models are validated against bias benchmarks. Candidate evaluations include confidence scores and are fully auditable. Processing errors trigger automatic alerts and rollback procedures.
Confidentiality
Role-based access controls (RBAC) ensure data is accessible only to authorized personnel. All data access is logged, reviewed monthly, and anomalies trigger immediate investigation.
Privacy
Privacy-by-design architecture ensures personal data protection throughout the entire data lifecycle — collection, processing, storage, and deletion. Annual privacy audits by independent assessors.
HIPAA
Healthcare ReadyHealth Insurance Portability and Accountability Act
HIPAA-ready infrastructure and processes for healthcare sector clients, ensuring protected health information (PHI) is handled with the required level of security and privacy.
Administrative Safeguards
Designated privacy and security officers, workforce training programs, access management procedures, and comprehensive incident response plans aligned with HIPAA breach notification requirements.
Physical Safeguards
Cloud infrastructure hosted in SOC 2 certified data centers with physical access controls, environmental safeguards, and device/media controls for any PHI-containing hardware.
Technical Safeguards
AES-256 encryption at rest, TLS 1.3 in transit, unique user identification, automatic session timeout, audit logging of all PHI access, and emergency access procedures.
Business Associate Agreements
We execute BAAs with all healthcare clients and ensure our sub-processors maintain equivalent HIPAA protections. BAA terms are reviewed annually and updated to reflect regulatory changes.
ISO 27001
ISMS AlignedISO/IEC 27001:2022 Information Security Management
Aligned with ISO 27001:2022 international standards for information security management systems (ISMS), providing a systematic approach to managing sensitive company and customer information.
Risk Assessment & Treatment
Systematic identification, analysis, and treatment of information security risks. Risk register is maintained and reviewed quarterly with mitigation strategies for all identified threats.
Access Control & Cryptography
Strict access control policies based on least-privilege principle. AES-256 encryption for data at rest, TLS 1.3 for data in transit, and hardware security modules (HSM) for cryptographic key management.
Operational Security
Documented operating procedures, change management controls, capacity management, separation of development and production environments, and protection against malware with real-time monitoring.
Incident Management
Comprehensive incident response plan with defined roles, escalation procedures, containment strategies, root cause analysis, and post-incident reviews. Mean time to detect: <15 minutes.
Business Continuity
Business continuity plans tested bi-annually with disaster recovery drills. Geographic redundancy ensures service availability even during regional outages. Recovery Point Objective (RPO): <1 hour.
Security Infrastructure
Encryption
AES-256 at rest, TLS 1.3 in transit. All data encrypted end-to-end with hardware security module key management.
Infrastructure
SOC 2 certified cloud hosting, geographic redundancy, 99.99% uptime SLA, 24/7 monitoring with automated threat detection.
Access Control
Role-based access with least-privilege principle. Multi-factor authentication, session management, and comprehensive audit logging.
Incident Response
< 15 min detection, automated containment, defined escalation paths, root cause analysis, and post-incident review for every event.
Audit & Compliance
Annual third-party penetration testing, quarterly vulnerability assessments, continuous compliance monitoring, and SOC 2 Type II audit cycle.
Vendor Management
All sub-processors bound by DPAs with equivalent security requirements. Annual vendor security assessments and continuous monitoring.
Need a Security Assessment?
We're happy to share our SOC 2 report, complete a security questionnaire, or walk your team through our compliance program.