Information Security FAQ

Bring the best people into your organization with Pillar, an interview intelligence platform that empowers teams to hire the right talent efficiently and equitably. Visit us at: https://pillar.hr/

Security

  • What is the security posture of Pillar?

    • Pillar treats the security of customer data as the highest priority through rigorous adherence to security frameworks and best practices.

  • How do you keep customer data safe?

    • Pillar relies on security operational best practices, such as platform and network security threat modeling, application development security training, and regular audits.

  • What security frameworks do you follow?

    • Pillar follows the guidelines of the OWASP SAMM

  • Do you encrypt our data?

    • Pillar encrypts customer data both in-flight and at rest.

  • Do you offer SSO?

    • Pillar offers single sign on (SSO) through Microsoft, Google, and any SAML based identity provider.

Privacy

  • How are interview recordings accessed?

    • Pillar provides a granular role based access control to data within customer accounts. These roles include Interviewers, Hiring Managers, Talent Acquisition Team, and Admins.

      • Interviewers only have access to interviews they themselves have participated in or have been granted access to via sharing.

      • Hiring managers and Talent Acquisition only have access to the interviews for roles they’ve been assigned.

  • Pillar also provides three levels of interview recording sharing access:

    • Restricted: only participants or invitees may access an interview

    • Company: only members in the organization may access an interview

    • Public: only those with access to a unique URL may access an interview

  • Pillar also provides the ability to revoke shared access after a defined period of time.

  • Does Pillar interact with candidates?

    • Pillar interacts with candidates on a limited basis to provide them with information about Pillar and their interview being recorded and an optional mechanism for opting-out.

  • Where are the interviews stored? Can they be deleted? For how long?

    • Pillar retains customer data for the duration of their engagement with the product. Pillar will return and/or destroy data on termination.

    • Pillar provides the ability to delete customer data in part or in full.

  • Does Pillar own the data?

    • Pillar does not own the recordings or data derived from the recordings. The customer owns these in full.

Compliance

  • Does Pillar offer functionality to meet the legal requirements for recording?

    • Some States in the U.S. and some International jurisdictions require the parties on a call or video conference to be notified that a recording is in progress. Pillar helps comply with these rules by sending a notification email ahead of the call and a text or audio prompt when the attendees join the call (e.g. Zoom consent features).

  • Does Pillar adhere to GDPR, CCPA, etc?

    • Pillar adheres to GDPR and the CCPA guidelines.

  • Does Pillar maintain any certifications?

    • Pillar maintains SOC2 Type II certification

  • Does Pillar resell customer data?

    • Pillar does not resell any of the data it processes on behalf of customers.

  • Does Pillar have data sub-processors?

    • Pillar has a small list of primary data sub-processors:

      • Google Cloud Platform

      • Twilio / SendGrid

  • Pillar maintains a full sub-processors list available upon request to info@pillar.hr

  • What data does Pillar process?

    • Pillar processes a limited set of hiring data related to customer interviews. This data includes:

      • Job Roles / Job Titles

      • Candidate and Interviewer Contact Information

      • Video/Audio Recordings and Transcripts of Interviews

      • Interview Notes & Reactions

Did this answer your question?