Security & Data Protection
How Apture keeps your data and your candidates' data safe.
Data Encryption
All data transmitted between your browser and Apture's servers is encrypted using TLS 1.2+ (HTTPS). Data stored in our databases is encrypted at rest using AES-256 encryption, the same standard used by financial institutions and government agencies.
Uploaded CVs and candidate data are encrypted both during upload and while stored. Access to stored data requires authenticated API calls with valid session tokens.
GDPR Compliance
Apture is fully committed to GDPR compliance. As a company registered in Poland (EU), we are subject to European data protection regulations and take our obligations seriously.
- Lawful basis for processing:candidate data is processed under legitimate interest or with explicit consent, depending on the collection method.
- Data minimization:we only collect and process data that is necessary for CV screening and candidate evaluation.
- Right to deletion:organizations can delete candidate data at any time. Candidates can request deletion through their employer or directly.
- Data Processing Agreement:available for all customers. Read our DPA.
For full details, see our Privacy Policy.
AI Transparency
We believe recruiters should understand how AI-generated evaluations are produced. Apture's AI provides detailed explanations for every assessment. Match scores, skills evaluations, and risk flags all come with reasoning that recruiters can review and validate.
Apture is designed as a human-in-the-loop tool. AI assists with the screening process, but all hiring decisions must be made by qualified humans. No automated decision-making is used for employment decisions.
We are committed to compliance with the EU AI Act's requirements for AI systems used in employment contexts, including transparency obligations and human oversight provisions.
Data Processing
Candidate data uploaded to Apture is used exclusively for the purpose of CV screening and candidate evaluation within your organization. We do not:
- Share candidate data with third parties
- Use candidate data for AI model training
- Sell or monetize candidate information
- Retain data beyond what is necessary for service delivery
Each organization's data is logically isolated using row-level security. One organization cannot access another organization's candidates, roles, or evaluations.
Infrastructure
Apture's infrastructure is hosted on Amazon Web Services (AWS), leveraging their enterprise-grade security controls, physical security, and compliance certifications.
Cloud provider: Amazon Web Services (AWS)
CDN: Amazon CloudFront with HTTPS enforcement
Database: Managed PostgreSQL with encryption at rest
Authentication: Clerk (SOC 2 Type II certified)
File storage: Amazon S3 with server-side encryption
Security Concerns
If you discover a security vulnerability or have concerns about data protection, please contact us immediately through our contact page. We take all security reports seriously and will respond within 24 hours.
For enterprise security questionnaires, compliance documentation, or custom DPA requirements, please reach out via our contact page and we'll work with your team directly.