VVault Hire
Sign inGet started

Trust & Compliance Centre

Built for regulated hiring.

Vault Hire is engineered to satisfy the controls expected of banking, fintech and regulated-industry recruitment. Below is what we have implemented today — verifiable, not aspirational.

For banking buyers · NDA-gated

The case against legacy ATS architecture

A board-ready briefing for the Senior Manager who will personally sign off on this system under SMCR. Why retention is now the liability, what we hold vs. what a legacy ATS holds, and the line that closes the deal. NDA + owner approval required.

Request the briefing →

Banking-grade security

  • Phishing-resistant sign-in with zero-downtime credential rotation
  • Secure-by-default session handling — no token leakage to client storage
  • Rate limiting on every sensitive endpoint
  • Brute-force lockout with cooldown
  • Multi-factor authentication available for all accounts
  • Industry-standard password hashing with enforced strength

GDPR & data rights

  • Article 7 — explicit, versioned consent capture at registration
  • Article 15 — one-click data export (full JSON of your vault)
  • Article 17 — right to erasure with 30-day grace + audit trail
  • Article 30 — record-of-processing with retention horizons enforced
  • PII redacted from production logs
  • Automatic retention sweep purges expired tokens & shares hourly

AI governance

  • Every AI inference logged in an audit register (6-year horizon)
  • AI-generated content clearly disclosed in the UI
  • AI features can be disabled per tenant, per workflow, per data subject — honoured at the request boundary
  • No customer data used for model training — ever
  • Human-in-the-loop required for any hiring decision
  • EU AI Act Article 22 opt-out is the architecture, not a setting

Banking compliance

  • 6-year retention on audit logs & completed references (POCA/FCA aligned)
  • Companies House verification on all employer accounts
  • OpenSanctions screening hooks for KYC workflows
  • Tamper-evident audit log across every regulated artefact
  • Cryptographic vault with time-limited employer access
  • Anonymity-by-default for references; reveal only on candidate consent

FAQ

Common questions.

Where is my data stored?

Customer data sits in encrypted clusters hosted in EU regions, with field-level encryption on personal data and rotation-friendly keys. Full sub-processor list and region map available under NDA.

How do I export or delete my data?

Any signed-in user can hit Settings → Data & Privacy → Export (GDPR Art. 15) or Request erasure (Art. 17). Erasure runs after a 30-day cool-off so accidental deletions can be reversed.

Do you use my data to train AI models?

No. We use enterprise LLM providers via API only, with explicit no-training contractual terms. Your data is never sent to model providers for training purposes.

Is Vault Hire SOC 2 / ISO 27001 certified?

We are pre-pilot. SOC 2 Type I readiness assessment is on the FY26 roadmap. The controls listed above are already operational and independently audit-ready.

Procurement & due-diligence

Everything your procurement team asks for, in one place.

Our Legal & Compliance Library hosts the four artefacts banking procurement and DPO teams ask for in week one: Instructions for Use (EU AI Act Art. 13), Data Processing Agreement (UK GDPR Art. 28), sub-processor list, and a fillable DPIA template.

Open the Legal & Compliance Library →

Need a SOC 2 readiness statement, region map, or pen-test summary? Email trust@vault-hire.com — reply within 1 working day.

Made with Emergent