FAQ: Information Security
P
Written by Pillar Support
Updated over a week ago

Information Security FAQ

Bring the best people into your organization with Pillar, an interview intelligence platform that empowers teams to hire the right talent efficiently and equitably. Visit us at: https://pillar.hr/

Security

  • What is the security posture of Pillar?

    • Pillar treats the security of customer data as the highest priority through rigorous adherence to security frameworks and best practices.

  • How do you keep customer data safe?

    • Pillar relies on security operational best practices, such as platform and network security threat modeling, application development security training, and regular audits.

  • What security frameworks do you follow?

    • Pillar follows the guidelines of the OWASP SAMM

  • Do you encrypt our data?

    • Pillar encrypts customer data both in-flight and at rest.

  • Do you offer SSO?

    • Pillar offers single sign on (SSO) through Microsoft, Google, and any SAML based identity provider.

Privacy

  • How are interview recordings accessed?

    • Pillar provides a granular role based access control to data within customer accounts. These roles include Interviewers, Hiring Managers, Admins, and Owners.

      • Interviewers only have access to interviews they themselves have participated in or have been granted access to via sharing.

      • Hiring managers only have access to the interviews for roles they’ve been assigned.

    • Pillar also provides three levels of interview recording sharing access:

      • Restricted: only participants or invitees may access an interview

      • Company: only members in the organization may access an interview

      • Public: only those with access to a unique URL may access an interview

    • Pillar also provides the ability to revoke shared access after a defined period of time.

  • Does Pillar interact with candidates?

    • Pillar interacts with candidates on a limited basis to provide them with information about Pillar and their interview being recorded and an optional mechanism for opting-out.

  • Where are the interviews stored? Can they be deleted? For how long?

    • Pillar retains customer data for the duration of their engagement with the product. Pillar will return and/or destroy data on termination.

    • Pillar allows for custom data retention policies for customers.

    • Pillar provides the ability to delete customer data in part or in full.

    • Pillar also adheres to "right to be forgotten" requests.

  • Does Pillar own the data?

    • Pillar does not own the recordings or data derived from the recordings. The customer owns these in full.

Compliance

  • Does Pillar offer functionality to meet the legal requirements for recording?

    • Some States in the U.S. and some International jurisdictions require the parties on a call or video conference to be notified that a recording is in progress. Pillar helps comply with these rules by sending a notification email ahead of the call and a text or audio prompt when the attendees join the call (e.g. Zoom consent features).

  • Does Pillar adhere to GDPR, CCPA, etc?

    • Pillar adheres to GDPR and the CCPA guidelines.

  • Does Pillar maintain any certifications?

    • Pillar maintains SOC2 Type II certification

  • Does Pillar resell customer data?

    • Pillar does not resell any of the data it processes on behalf of customers.

  • Does Pillar have data sub-processors?

    • Pillar has a small list of primary data sub-processors:

      • Google Cloud Platform

      • Twilio / SendGrid

  • Pillar maintains a full sub-processors list available upon request to info@pillar.hr

  • What data does Pillar process?

    • Pillar processes a limited set of hiring data related to customer interviews. This data includes:

      • Job Roles / Job Titles

      • Candidate and Interviewer Contact Information

      • Video/Audio Recordings and Transcripts of Interviews

      • Interview Notes & Reactions

Did this answer your question?