Information Security FAQ
Bring the best people into your organization with Pillar, an interview intelligence platform that empowers teams to hire the right talent efficiently and equitably. Visit us at: https://pillar.hr/
Security
What is the security posture of Pillar?
Pillar treats the security of customer data as the highest priority through rigorous adherence to security frameworks and best practices.
How do you keep customer data safe?
Pillar relies on security operational best practices, such as platform and network security threat modeling, application development security training, and regular audits.
What security frameworks do you follow?
Pillar follows the guidelines of the OWASP SAMM
Do you encrypt our data?
Pillar encrypts customer data both in-flight and at rest.
Do you offer SSO?
Pillar offers single sign on (SSO) through Microsoft, Google, and any SAML based identity provider.
Privacy
How are interview recordings accessed?
Pillar provides a granular role based access control to data within customer accounts. These roles include Interviewers, Hiring Managers, Admins, and Owners.
Interviewers only have access to interviews they themselves have participated in or have been granted access to via sharing.
Hiring managers only have access to the interviews for roles they’ve been assigned.
Pillar also provides three levels of interview recording sharing access:
Restricted: only participants or invitees may access an interview
Company: only members in the organization may access an interview
Public: only those with access to a unique URL may access an interview
Pillar also provides the ability to revoke shared access after a defined period of time.
Does Pillar interact with candidates?
Pillar interacts with candidates on a limited basis to provide them with information about Pillar and their interview being recorded and an optional mechanism for opting-out.
Where are the interviews stored? Can they be deleted? For how long?
Pillar retains customer data for the duration of their engagement with the product. Pillar will return and/or destroy data on termination.
Pillar allows for custom data retention policies for customers.
Pillar provides the ability to delete customer data in part or in full.
Pillar also adheres to "right to be forgotten" requests.
Does Pillar own the data?
Pillar does not own the recordings or data derived from the recordings. The customer owns these in full.
Compliance
Does Pillar offer functionality to meet the legal requirements for recording?
Some States in the U.S. and some International jurisdictions require the parties on a call or video conference to be notified that a recording is in progress. Pillar helps comply with these rules by sending a notification email ahead of the call and a text or audio prompt when the attendees join the call (e.g. Zoom consent features).
Does Pillar adhere to GDPR, CCPA, etc?
Pillar adheres to GDPR and the CCPA guidelines.
Does Pillar maintain any certifications?
Pillar maintains SOC2 Type II certification
Does Pillar resell customer data?
Pillar does not resell any of the data it processes on behalf of customers.
Does Pillar have data sub-processors?
Pillar has a small list of primary data sub-processors:
Google Cloud Platform
Twilio / SendGrid
Pillar maintains a full sub-processors list available upon request to info@pillar.hr
What data does Pillar process?
Pillar processes a limited set of hiring data related to customer interviews. This data includes:
Job Roles / Job Titles
Candidate and Interviewer Contact Information
Video/Audio Recordings and Transcripts of Interviews
Interview Notes & Reactions
What data does Pillar typically require from an ATS with a standard integration?
Jobs (including job description)
Candidates (including contact information and resume)
Applications to Jobs (linking a candidate to a job)
Scheduled interviews (including teleconferencing or phone numbers)
Users/ interview participants (including contact information)