We handle some of the most sensitive data there is — people's careers and companies' hiring plans. We protect it like the livelihoods it represents: encrypted, access-controlled, never resold, and governed by a responsible-AI stance.
Security isn't a setting we toggle on — it's built into how the platform stores, moves, and governs every record.
All data is encrypted in transit over TLS and encrypted at rest in our data stores. Candidate and client PII is never written or transmitted in the clear.
Role-based access with least-privilege defaults. Your workspace data is isolated to your organization, and access is logged. SSO/SAML is available for enterprise.
We keep data only as long as it's needed to deliver the service, then delete or anonymize it. Enterprise customers can set custom retention windows.
We do not sell, rent, or trade candidate or client data. The people UPPER surfaces for your role are yours; they're never repackaged for someone else.
Every candidate can opt out of outreach, and we honor it across the platform via suppression. Opt-out means opt-out — no re-adds, no workarounds.
AI does the sourcing; named humans own the decisions. We disclose our AI agents transparently and design scoring to assist judgment, not replace it.
UPPER is designed to operate within the major data-protection and outreach frameworks that govern recruiting.
For EU candidates and clients, we support data-subject rights — access, correction, deletion, and objection — and process personal data on a lawful basis with appropriate safeguards. A Data Processing Agreement is available for enterprise customers.
California residents can exercise their rights to know, delete, and opt out of the sale or sharing of personal information. Because we don't sell data, there's nothing to opt out of on that front — but the request mechanism is honored regardless.
Automated outreach includes clear sender identity and a working unsubscribe path. Opt-out requests are processed promptly and enforced through platform-wide suppression.
We disclose where AI is at work, keep humans accountable for outcomes, and avoid presenting AI-generated personas as human. See our team page for our AI disclosure.
Candidate personal data is encrypted at rest in our data stores and encrypted in transit over TLS whenever it moves. Access is restricted by role on a least-privilege basis and isolated to your organization's workspace.
No. We never sell, rent, or trade candidate or client data. Candidates surfaced for your role belong to you and are never repackaged for another customer.
Every outreach includes a working opt-out. When a candidate opts out, we suppress them across the platform so they aren't contacted again — no re-adds, no workarounds. This ties directly to our CAN-SPAM and respectful-outreach commitments.
Yes. Enterprise customers can execute a Data Processing Agreement, set custom data-retention windows, and enable SSO/SAML for access control. Contact sales to get started.
AI agents do the sourcing and scoring; named humans own the decisions and outcomes. We disclose our AI agents clearly, never present AI-generated personas as human employees, and design scoring to assist human judgment rather than replace it.
Need a DPA, a security review, or SSO? Our enterprise team will walk you through it.