Recruitment Smart Trust Center

SniperAI leverages a hybrid AI architecture combining proprietary ML models with state-of-the-art LLMs to deliver high-accuracy candidate matching, ranking, and insights.

Supports multi-model orchestration with the ability to switch or integrate different LLM providers based on client requirements.

Uses vector embeddings to enable semantic search across large candidate datasets, improving relevance and discovery.

AI is designed to assist in sourcing, screening, ranking, and insights generation. Final hiring decisions remain fully human-driven.

SniperAI does not autonomously make hiring decisions; it provides explainable recommendations only.

AI outputs include scoring logic, matching insights, and reasoning to ensure transparency for recruiters.

Customer data is never used to train base AI models unless explicitly agreed under a separate contractual arrangement.

Includes resume data, professional information, skills, education, work experience, and recruiter inputs.

Sensitive and protected attributes (e.g., health, political views, biometric data) are excluded from processing and training.

Personally identifiable information (PII) is pseudonymized or masked during AI processing workflows.

Only required fields are processed, ensuring compliance with GDPR and data minimization principles.

All candidate and customer data remains fully owned and controlled by the client.

Hosted on secure cloud platforms such as AWS and Microsoft Azure with regional deployment flexibility.

All stored data is protected using AES-256 encryption.

Data in transit is secured using TLS 1.2/1.3 protocols.

Data is retained based on contractual or regulatory requirements and can be deleted upon client request.

Data is securely erased or anonymized after retention expiry.

Automated encrypted backups with disaster recovery capabilities across multiple availability zones.

SniperAI enables region-specific data hosting through AWS and Microsoft Azure, ensuring that customer data can be stored and processed within designated jurisdictions to comply with data sovereignty laws such as GDPR, PDPA, and other regional regulations.

Access is granted based on least privilege principles aligned with user roles.

Supports SAML 2.0 and OAuth/OpenID Connect for enterprise identity integration.

Enforced for privileged and administrative access.

Periodic (quarterly/annual) access reviews to validate permissions.

Automated provisioning/deprovisioning through SCIM or identity provider integrations.

Separate administrative accounts for high-privilege operations.

SniperAI follows structured AI governance aligned with ISO 27001, GDPR, NYC Bias, Colorado SB, California FEHA and responsible AI practices.

Regular bias detection and fairness testing conducted during model updates.

All AI recommendations are subject to recruiter validation and control.

Comprehensive logging of AI actions, user activity, and system events.

AI and security policies reviewed periodically for effectiveness and compliance.

Designed to comply with GDPR, CCPA, and other global data protection regulations.

Input validation and monitoring mechanisms to prevent malicious prompts

Controlled data ingestion with validation and integrity checks.

Security embedded across design, development, testing, and deployment phases.

Regular scanning, patching, and penetration testing.

Defined procedures for detection, containment, mitigation, and reporting of security incidents.

Real-time monitoring of AI performance, anomalies, and security events.

Logs collected for system activity, AI processing, and access events.

Continuous monitoring for anomalies, threats, and system health.

Immutable logs for compliance, forensic analysis, and traceability.

Metrics include latency, accuracy, and system reliability.

Regular internal audits for compliance and control validation.

External audits (e.g., SOC 2, ISO) conducted where applicable.

Multi-zone deployment with automated failover capabilities.

Encrypted backups with regular recovery testing.

Redundant infrastructure ensuring minimal downtime.

Documented procedures for maintaining operations during disruptions.

Security, privacy, and compliance assessments before onboarding subprocessors.

Data protection agreements (DPA), confidentiality clauses, and no-training clauses enforced.

Customers are provided with a list of subprocessors upon request.

Annual or periodic reassessment of vendor security posture.

Subprocessors are restricted to processing data only for defined purposes.

Data transfer mechanisms comply with GDPR and international data transfer regulations.