Sign Up for Free
Jetzt starten
SupportInformation on data protectionTechnical and Organizational Security Measures

Technical and Organizational Security Measures

Picture of Eyüp Aramaz

1. Access Control

  • A1 – User Rights Management: Access to the Klara dashboard is restricted to authorized logins only.
  • A2 – Two-Factor Authentication: Mandatory for all administrator and support accounts.
  • A3 – Roles & Permissions: Access to data and functions is strictly role-based (e.g., Administrator, Recruiter).

 

2. Access Monitoring

  • B1 – Audit Logs: Complete logging of all access, changes to application questions, and interview recordings.
  • B2 – Log Integrity: Logs can be viewed only by authorized admins, exported if required, and cannot be altered.

 

3. Access Security

  • C1 – Encrypted Connections: All transmissions (dashboard access, API communication with Recruitee, Twilio, ElevenLabs, Stripe) are secured via TLS.
  • C2 – Data Isolation: Infrastructure (e.g., AWS instances in Frankfurt) is logically and strictly separated per tenant/customer.

 

4. Data Transfer Control

  • D1 – Secure APIs: Data transfer to third parties such as Stripe or Recruitee occurs only through verified, encrypted interfaces.
  • D2 – Consent & Transparency: Applicants and companies are informed about data transfers (e.g., to Recruitee).

 

5. Input Control

  • E1 – Traceability: Every change to questions, answers, or interview data is traceable to the user and timestamp.
  • E2 – Automated Backups: Data is backed up regularly (e.g., AWS Frankfurt) and can be restored promptly if required.

 

6. Processor Control

  • F1 – Subprocessor Documentation: All third-party providers (Twilio, VAPI, AWS, ElevenLabs, Stripe, Recruitee) are contractually bound, including GDPR-compliant data processing agreements.
  • F2 – Reviews & Audits: Regular checks ensure subprocessors comply with security and data protection standards.

 

7. Availability Control

  • G1 – High Availability: Klara AI is deployed redundantly (e.g., across multiple availability zones in Frankfurt).
  • G2 – Emergency Management & Recovery: Predefined procedures for outages (e.g., backup restoration, failover).

 

8. Security Policies & Training

  • H1 – Data Protection Policies: Documented, published, and accessible to all employees.
  • H2 – Training: Regular training on information security, GDPR compliance, and secure use of Klara AI.

 

9. Incident Management

  • I1 – Reporting Procedures: Incident reporting (e.g., data breaches or outages) follows established channels and timelines (e.g., within 72 hours of detection).
  • I2 – Response & Documentation: Every security incident is analyzed, documented, and followed by preventive measures.

 

10. Data Protection Impact Assessment (DPIA)

  • J1 – DPIA Document: Maintained for Klara AI, specifically addressing automated interviews.
  • J2 – Updates: Regularly reviewed (e.g., semi-annually or upon functional changes) and updated accordingly.