TRUST CENTERprivacy@alize.ioAll systems operational
Security & Trust at AL\ZE
We design AL\ZE to meet the highest standards of data protection and AI ethics, in full compliance with European regulation. This page is updated continuously as we complete our compliance programme.
Last updated: May 2026
GDPR
EU 2016/679EU AI Act
High-risk readyTLS 1.3
EncryptionAES-256
At restEU Data
Frankfurt, DESOC 2 Infra
via SupabaseCNIL Compliant
FranceSecurity
Encryption in transit
All data transmitted between clients and servers is encrypted using TLS 1.3.
In progress
Encryption at rest
All stored data (databases, backups) is encrypted using AES-256.
In progress
Access control
Role-based access control (RBAC) limits data access to authorised personnel only. Employer data is strictly isolated per account.
In progress
Vulnerability management
Dependencies are regularly audited for known vulnerabilities. Security patches are applied promptly.
In progress
Penetration testing
Annual third-party penetration test of the platform infrastructure and APIs.
In progress
Security incident response
A documented incident response plan ensures rapid containment, notification and remediation in the event of a breach.
In progress
Infrastructure
EU data residency
All personal data is stored within the European Economic Area (EEA). Our primary database is hosted in Frankfurt, Germany (EU West, ISO 27001 certified).
In progress
High availability
Our infrastructure is designed for redundancy with automatic failover. Target uptime: 99.9%.
In progress
Supabase (Postgres)
Our database infrastructure is powered by Supabase, hosted on AWS eu-central-1 (Frankfurt). Supabase is SOC 2 Type II certified.
In progress
Cloudflare CDN & DDoS protection
Our application is deployed on Cloudflare Pages with global CDN and enterprise-grade DDoS mitigation.
In progress
Automated backups
Database snapshots are taken daily and retained for 30 days. Point-in-time recovery is enabled.
In progress
GDPR & Privacy
Data controller identification
AL\ZE acts as data controller for all personal data collected on the platform. Contact: privacy@alize.io
In progress
Lawful basis for processing
Processing of candidate data is based on legitimate interest (pre-contractual recruitment process). Employer data is processed under contractual necessity.
In progress
Data minimisation
We collect only the data strictly necessary for the recruitment process: email address, interview audio/transcript, and job context.
In progress
Retention policy
Interview data is retained for 12 months after the end of the recruitment process, in line with French labour law (Code du travail L.1221-8). Employers may request earlier deletion.
In progress
Data subject rights
Candidates and users may exercise their rights (access, rectification, erasure, portability, objection) at any time by contacting privacy@alize.io. We respond within 30 days.
In progress
Third-party processors
We use a limited number of sub-processors (Supabase, Mistral AI, ElevenLabs). Each processor is bound by a Data Processing Agreement (DPA) and is either EU-based or adequately certified.
In progress
Cookie consent
Our cookie policy is CNIL-compliant. Only strictly necessary cookies are active without consent.
In progress
Privacy Policy
Our full Privacy Policy is publicly available and updated to reflect any changes in processing activities.
In progress
Data Protection Officer (DPO)
Appointment of a formal DPO as required for large-scale processing of sensitive data.
In progress
DPIA (Data Protection Impact Assessment)
A formal impact assessment for the AI-driven interview processing system, as required by GDPR Article 35 for high-risk processing.
In progress
EU AI Act
High-risk AI system classification
AL\ZE's AI interview system falls under Annex III of the EU AI Act as a high-risk system used in recruitment and employment. We acknowledge this classification and are actively preparing for conformity.
In progress
Transparency to candidates
Candidates are informed before the interview that they are interacting with an AI system (Art. 52). The AI never impersonates a human recruiter.
In progress
Human oversight
Every AI-generated score and assessment is provided to a human recruiter who retains the final hiring decision. AL\ZE does not make autonomous hiring decisions (GDPR Art. 22 compliant).
In progress
Non-discrimination & bias monitoring
The evaluation criteria are defined exclusively by the employer and assessed on job-relevant skills only. We are developing statistical bias monitoring across demographic proxies.
In progress
Explainability
Every score is accompanied by a structured breakdown per competency and a qualitative AI assessment to support the recruiter's decision.
In progress
Technical documentation (Art. 11)
Preparation of the technical documentation required for conformity assessment under the EU AI Act.
In progress
Conformity assessment & CE marking
Formal third-party conformity assessment for the EU AI Act high-risk classification.
In progress
EU AI Act registration
Registration of the system in the EU database for high-risk AI systems once the registry is operational.
In progress
Your rights as a candidate
Right to be informed
You are told before the interview that an AI system will conduct it, what data is collected, and how it is used.
In progress
Right of access
You may request a copy of all personal data we hold about you, including your transcript and score.
In progress
Right to rectification
You may request correction of inaccurate personal data.
In progress
Right to erasure
You may request deletion of your data at any time. We will action this within 30 days, subject to any legal retention obligations.
In progress
Right to data portability
You may request your data in a structured, machine-readable format.
In progress
Right to object to automated decision-making
Pursuant to GDPR Article 22, you have the right to request human review of any AI assessment and to contest the result. Contact the employer or privacy@alize.io.
In progress
Right to lodge a complaint
If you believe your data has been mishandled, you may file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): cnil.fr
In progress
Questions about security or privacy?
Our team responds to all security and privacy inquiries within 2 business days. For urgent matters (suspected data breach, law enforcement requests), use the security address.