Security, Privacy & Compliance

Assessment data is sensitive. HumanMetrix is built to protect candidate and partner information at every stage, with encryption, strong access controls, data-protection-by-design and a responsible approach to AI.

Data protection and privacy

HumanMetrix is built to support GDPR compliance and is designed to align with POPIA for South African operations. We practise data minimisation, collecting only what is needed to deliver and score assessments, and candidate results are gated behind explicit consent before they can be shared.

Encryption

All traffic is encrypted in transit using TLS/HTTPS, and data is stored on managed cloud infrastructure that encrypts data at rest. Sensitive fields are never exposed in client code, and application logging is sanitised to keep credentials and personal data out of logs.

Access and authentication

Accounts are protected with session-based authentication and CSRF protection, with role-based access separating candidate, partner and administrator capabilities. Partner API access is authenticated with scoped API keys that can be managed and revoked from the partner dashboard.

Infrastructure and data residency

HumanMetrix runs on managed, elastic cloud infrastructure with a managed PostgreSQL database and object storage for report assets. For enterprise customers with specific data-residency or regional-hosting requirements, we can discuss appropriate arrangements during onboarding.

Responsible AI

AI scoring is anchored to a benchmarked golden set for consistency, and our Algorithmic Integrity Quotient keeps bias awareness, fairness and responsible deployment central to the product. We treat the same standards we assess candidates against as standards for how we build.