Interview data is the most sensitive data you handle.
We treat it that way. Here's how Capifiq protects your data, your candidates' privacy, and the integrity of your evidence.
We treat it that way. Here's how Capifiq protects your data, your candidates' privacy, and the integrity of your evidence.
Encrypted in transit and at rest
All session data, detection signals, and integrity reports are encrypted using TLS 1.3 in transit and AES-256 at rest. No plaintext data leaves the agent or sits in storage.
Tamper-proof evidence chain
Every detection verdict is cryptographically hashed at the moment of capture. The hash chain is independently verifiable. Evidence cannot be altered after the fact by anyone, including us.
Server-side verdicts only
The agent collects signals. It never makes detection decisions locally. All verdicts are generated server-side with full audit trail. The agent cannot be tampered with to produce false positives.
Content-blind by design
The agent detects that a cheating tool is active. It never sees, records, or transmits what the candidate types, browses, says, or displays. Privacy is not a setting; it's an architectural constraint.
No continuous video surveillance
The camera is used once for a brief liveness verification. No session video is ever recorded or stored. The interview is yours, not ours.
No screen recording
Capifiq captures only the metadata needed to verify integrity. It never captures, stores, or transmits the content on the candidate's screen.
No browsing or file access
History, documents, personal files, and application content are never read, indexed, or transmitted. The agent has no file system permissions.
No access outside the session
The agent activates at session start and shuts down at session end. No background processes, no persistent monitoring, no data collection between interviews.
No keystroke logging
We detect tools by their system behavior, never by reading input. What the candidate types stays between them and their keyboard.
No admin privileges required
The agent runs in user-space with standard permissions. No elevated access, no system-level hooks, no IT approval needed.
Cloud infrastructure
Hosted on enterprise-grade cloud infrastructure with automated backups, geographic redundancy, and 99.9% uptime SLA.
Data residency
All data is stored in the United States. Enterprise customers can discuss data residency requirements with our team.
Access controls
Role-based access control with multi-factor authentication. Audit logs track every access to session data. Zero standing access for engineering.
Compliance roadmap
SOC 2 Type II certification is on our roadmap. We maintain security controls aligned with the Trust Services Criteria today. Ask us for our current security posture document.
Collection
Only system-level metadata needed for integrity verification. Never content, keystrokes, or screen pixels.
Processing
Signals are transmitted encrypted and processed server-side. Verdicts are hashed immediately at generation.
Storage
Reports and evidence are stored encrypted at rest with access controls. Available on your dashboard for the retention period.
Deletion
Data is retained per your organization's configured retention period. After expiry, all session data is permanently deleted. You can also request immediate deletion.
Our team is happy to discuss your specific security and compliance requirements.