Where do the resumes come from?

Upload from your ATS, past job postings, or any resumes you've legally collected. Promtitude searches only the resumes you upload, not external databases.

Will it work with my ATS?

Yes—start with CSV/PDF exports today. Native integrations are planned; ask for early access.

Is my data private and secure?

Yes. Your data is tenant-isolated and encrypted. No shared training on your uploads. We comply with GDPR and EU AI Act requirements.

Free during beta. Pricing tiers will be announced at GA.

How is this different from resume databases?

Promtitude is NOT a resume database provider. We don't sell you resumes or scrape the web. We make YOUR existing resumes searchable with AI.

Can I upload resumes in bulk?

Yes! Upload ZIP files, folders, or CSV exports from your ATS. We support PDF, DOCX, TXT formats and can process hundreds of resumes at once.

Enterprise-Grade Security

Your Data Security is Our Priority

Promtitude employs industry-leading security measures to protect your recruitment data. We're committed to maintaining the highest standards of data protection and privacy.

Contact Security Team Privacy Policy

Security Features

End-to-End Encryption

TLS 1.3 in transit; AES-256 at rest (managed storage)

Tenant Isolation

Per-tenant DB schema + service-identity based access

No Data Sharing

Customer data is never used to train shared foundation models

Access Controls

Role-based access with SSO/MFA support (beta: email + MFA)

Audit & Logging

Immutable app logs, 90-day hot / 365-day cold retention

Security Testing

Third-party vulnerability scans; annual pen-test planned

How We Protect Your Data

Data Isolation

Dedicated database schema per tenant with row-level security. Service-identity based access control prevents cross-tenant access.

Encryption Standards

TLS 1.3 in transit, AES-256 at rest (managed storage). Key rotation policy enforced on platform level.

No Shared Learning

Customer data never used to train shared models. Subprocessors: Vercel, Railway, OpenAI (published list available).

Backup & Recovery

Daily automated PostgreSQL backups (Railway) with point-in-time recovery. Regular restore tests ensure recovery readiness.

Infrastructure Security

Vercel global edge network for web app & serverless API

Railway managed PostgreSQL with automated backups

Edge protections: Anycast DDoS mitigation & firewall rules

App-level rate limiting and IP throttling at API gateway

Encrypted env vars (Vercel/Railway) with rotation policy

Compliance & Certifications

We follow recognized frameworks and publish our status transparently. Items below include a status badge and links to evidence.

GDPR-Ready

operational

We act as a data processor for customer data

Data Processing Addendum available
Data subject rights supported
Tenant data isolation & encryption
Purpose limitation enforced

Request DPA →

EU AI Act – Practices Aligned

aligned (beta)

Aligned with EU AI Act principles for transparency and fairness

Human oversight required
Bias Radar highlights scoring gaps
AI suggestions are explainable
Opt-out for AI features available

Read AI Policy →

SOC 2 Type II

planned

Preparing for SOC 2 journey with policies and controls

Access management (MFA/SSO)
Change management controls
Logging & monitoring active
Incident response procedures

View Roadmap →

Continuous Security

operational

Regular security assessments and monitoring

Annual penetration testing
Continuous vulnerability scanning
Quarterly security reviews
Last pen-test: November 2024

Request Test Results →

Transparency Commitment

During our beta phase, some certifications are in progress. We update this page quarterly with our latest compliance status and audit results. All evidence documents are available upon request under NDA.

Privacy by Design

Data Minimization

We only collect and process data necessary for providing our services. Unnecessary data is not collected or is promptly deleted.

Purpose Limitation

Your data is only used for the specific purposes you've consented to. We never sell or share your data with third parties.

Data Retention

Data is retained only as long as necessary. You can request deletion at any time, and we provide automated data retention policies.

User Control

Full data portability, access requests, and deletion rights. Export your data anytime in standard formats.

Enterprise Data Processing Agreement available

Request DPA →

Evidence & Documentation

The following documents are available upon request to qualified customers:

Legal & Compliance

Data Processing Addendum (DPA)
Subprocessor list (Vercel, Railway, OpenAI)
Data retention & deletion policy
Responsible AI policy

Security & Technical

Pen-test attestation letter
SOC 2 readiness checklist
Incident response summary
Security control matrix

Documents provided under mutual NDA for enterprise customers (some available for download)

Request Documentation →

Security Roadmap

Q4 2025 (target)

• Organization-wide MFA & SSO
• Rate-limit dashboard

Q1 2026 (target)

• External penetration test
• EU data residency (Railway)

Q2 2026 (target)

• SOC 2 readiness review
• CMEK research

Security Questions?

Our security team is here to answer your questions and address any concerns.

Security Inquiries

For security-related questions

promtitude@gmail.com

Responsible Disclosure

Found a vulnerability?

Report securely

Security Updates

We regularly update our security measures and promptly communicate any important changes that may affect your data. Subscribe to security updates through your account settings.

Have a Security Question?

Our team can share control summaries and evidence under NDA.

Contact Security Team Request DPA