Our Commitment to Enterprise-Grade Security

Trust Is Earned Through Strong Systems

The recent wave of security incidents across the technology sector is a clear reminder that trust is not a static asset, it is earned continuously, and it can be lost in a single lapse. In hiring, the stakes are particularly high. Employers entrust AI recruiting platforms like Alex with business-critical recruiting workflows and sensitive information; candidates entrust us with personal data at a consequential moment in their lives. That trust has to be backed by engineering rigor, disciplined operational practice, and an unambiguous commitment to doing the work correctly. Enterprise-grade security and responsible data stewardship are not capabilities we layer on after the fact, they are foundational to how we operate at Alex.

As AI in hiring becomes more deeply embedded in core business operations, the bar for platforms like ours rises accordingly. That is exactly right. Customers should expect strong safeguards, clear accountability, and a security culture that treats data protection as a standing obligation rather than a one-time exercise. Candidates should be confident that the information they share across the hiring process is protected and handled with care. We consider both non-negotiable.

Why Security Matters in Hiring Infrastructure

Hiring platforms hold a uniquely sensitive class of data including candidate names and contact details, resumes, interview content, evaluation workflows, and the internal mechanics of how organizations recruit. In the enterprise, these systems frequently support business-critical functions and connect closely to broader people, talent, and operational systems. A weakness here is rarely contained to a single application. Thus, protecting this data is not merely a technical requirement; it is essential to the integrity of the hiring process itself.

For candidates, the stakes are equally important. Job searches are personal, and the information shared in the course of applying and interviewing deserves to be protected with care. For customers, recruiting data often reflects highly confidential business priorities, headcount plans, and internal decision-making. Platforms operating in this space should be held to a high standard; and at Alex, we hold ourselves to it.

Our Approach to Security

Our philosophy is straightforward: security must be built into the foundation of the product and the company. It cannot be bolted on later or addressed only when external pressure demands it. That means making disciplined decisions across infrastructure, access controls, monitoring, compliance, and operational processes from the outset.

We design our environment around a set of core principles. The first is least-privilege access, ensuring that access to systems and data is limited to only those individuals and services that require it. The second is defense in depth, which means building multiple layers of protection across our systems rather than depending on any single control. The third is continuous visibility, so that activity across our environment can be monitored, reviewed, and investigated appropriately. Together, these principles inform how we build, maintain, and strengthen the Alex platform.

The Controls Behind the Commitment

Strong security takes more than good intentions. It requires concrete controls, disciplined execution, and sustained accountability. Alex is SOC 2 Type II compliant, an attestation that reflects not just the existence of controls but their effective operation over time, as expected of an enterprise AI recruiting platform. We are also GDPR compliant, and we treat privacy and data stewardship as core responsibilities in serving both our customers and candidates.

All data on the platform is encrypted in transit and at rest, protecting sensitive information across its entire lifecycle. We enforce strict access controls, run on secure cloud infrastructure, and maintain robust logging and monitoring to support oversight and rapid investigation when warranted. We follow secure development practices and internal review processes designed to reduce risk across the software development lifecycle.

These measures are part of our broader operating philosophy: security should be embedded in the day-to-day functioning of the company, not isolated as a point-in-time initiative. Our goal is simple: provide customers with well-founded confidence that Alex is built to support high-trust, business-critical hiring workflows.

Responsible AI Requires Continuous Accountability

Security and trust in our space extend beyond infrastructure alone. Because AI in recruiting now shapes real hiring decisions, responsible oversight also has to include how systems are evaluated in practice. At Alex, we do not treat fairness and bias monitoring as an annual checkpoint. We conduct monthly AI bias audit checks, giving customers and candidates a more frequent and transparent view into how our systems are performing over time. This goes well beyond the annual cadence typically expected in the market and reflects our view that responsible AI oversight should be continuous, not periodic.

Our public AI trust page provides visibility into these ongoing reviews, including monthly results and the standards against which the system is evaluated. Those audits cover more than 15 protected classes and related categories, including sex, race and ethnicity, intersectional bias, age, disability, religion, sexual orientation, veteran status, English proficiency, pregnancy status, national origin, criminal history, medical conditions, gender identity, and marital status. The latest public audit reflects a sample size of 17,544, which gives these evaluations meaningful scale rather than relying on narrow or lightly tested datasets.

We also evaluate our system against multiple emerging and established regulatory frameworks. Specifically, our bias audit reporting includes checks aligned to New York City Local Law 144, Colorado SB 205, the EU AI Act, and California FEHA. That matters because the regulatory landscape for AI in hiring is evolving quickly, and we believe responsible operators should get ahead of it rather than wait for the minimum bar to be set. Our approach is to build the operating discipline now: frequent audits, transparent reporting, and measurable oversight that can withstand enterprise scrutiny.

Just as importantly, we make these results visible. We believe trust is stronger when customers can see evidence of ongoing oversight rather than broad claims about responsible AI. For us, enterprise-grade trust means protecting data, maintaining strong security controls, and holding our AI systems to a high - and consistently reviewed - standard.

Security Is an Ongoing Practice

One of the most important truths in security is that the work is never finished. A strong security posture is not a milestone you reach once. It is a continuous discipline of review, testing, refinement, and investment. Threats evolve, systems change, and responsible organizations strengthen their posture accordingly.

At Alex, we routinely assess our controls, evaluate opportunities to improve our environment, and refine internal processes as the company scales. We believe effective security requires a combination of rigor and humility: rigor in maintaining clear standards, and humility in continually re-examining assumptions, identifying areas for improvement, and acting before issues emerge. This mindset is central to how we operate.

Our Responsibility to Customers and Candidates

Trust is not established through statements alone. It is earned through consistent execution over time. We understand that our customers are trusting us with important parts of their recruiting operations, and that candidates are trusting us with information tied to significant career decisions. We take both responsibilities seriously.

Our commitment is to keep building AI recruiting software worthy of that trust. That means maintaining strong security controls, meeting high compliance standards, investing in responsible AI oversight, and continuously strengthening the systems and processes that support our platform. It also means communicating carefully and factually about the work we do. Security should be evident in our operations, not just in statements.

Looking Ahead

Recent events across the technology landscape are a clear reminder that any organization entrusted with sensitive data must remain vigilant. At Alex, we are continuing to invest in the infrastructure, controls, and operating discipline that responsibility demands.

Our view is simple: protecting customer and candidate data is central to our business. It is fundamental to the trust our platform depends on, and it will remain a core priority as we grow. We are committed to building for the long term, and that means continuing to hold ourselves to a high standard in security, compliance, and responsible stewardship.

‍