What is RecruitSecure AI?

RecruitSecure AI is an enterprise-grade CV search engine that uses 100% local AI processing for semantic search. It runs entirely on your infrastructure with zero external API calls, ensuring complete data privacy.

Yes. All CV data is encrypted at rest with AES-256-GCM, processed locally without external API calls, and stored in your own database. RecruitSecure AI is fully GDPR-compliant with data export and deletion capabilities.

Do I need external AI APIs?

No. RecruitSecure AI uses Transformers.js with the all-MiniLM-L6-v2 model to generate embeddings locally. There are zero external API calls, which means no per-query costs and no data leaving your infrastructure.

How much does it cost?

RecruitSecure AI offers a free tier for small teams, Starter at €9/month, Pro at €19/month with advanced features like pipeline kanban and analytics, and Enterprise from €49/month with SSO, API access, and unlimited usage.

Is there a free trial?

Yes. All paid plans include a 14-day free trial with no credit card required. You can also use promo codes for extended trial periods of up to 30 days.

What CV formats are supported?

RecruitSecure AI supports PDF, DOCX, and TXT file formats. Files up to 10MB are accepted, and you can upload multiple CVs simultaneously with batch processing.

Security

How RecruitSecure AI protects your data at every layer.

Data Architecture

RecruitSecure AI uses a multi-tenant architecture with strict data isolation. Each organization's data is separated at the database level using application-level organizationId filtering on every query, ensuring that one tenant can never access another's records.

All data is encrypted at rest using AES-256-GCM and in transit using TLS 1.3. Database is hosted on Supabase with automated daily backups and point-in-time recovery.

AI Privacy

No external AI APIs. The embedding model used for semantic search runs entirely within your deployment — whether on Vercel serverless functions or your own servers. No data is sent to OpenAI, Google, or any third-party AI provider.

The model generates vector embeddings from CV text locally, and those embeddings are stored in your tenant's isolated database partition. No candidate data leaves your infrastructure for AI processing.

GDPR Compliance

Data Export: Users can request a full export of their data at any time through the dashboard or by contacting support.
Right to Deletion: All candidate data, including CVs, embeddings, and metadata, can be permanently deleted upon request. Deletion is propagated to backups within 30 days.
Consent Management: The platform provides tools for managing candidate consent, including recording consent basis, purpose, and withdrawal.
Data Processing Agreement: A DPA is available for all customers. Enterprise customers receive a customized DPA as part of their agreement.

EU AI Act Ready

RecruitSecure AI is designed with the EU AI Act requirements in mind. As an AI system used in employment and recruitment, we implement the following safeguards:

Audit Trail: Every AI-driven search and ranking decision is logged with timestamps, query parameters, and scoring details for full traceability.
Human Oversight: AI results are presented as recommendations. All hiring decisions remain with human recruiters. The system does not make autonomous decisions.
Transparency: Candidates can be informed about the use of AI in the recruitment process. Similarity scores and ranking factors are visible to recruiters.

Infrastructure

RecruitSecure AI is built on a modern, security-focused stack:

PostgreSQL + pgvector on Supabase — EU region available for data residency compliance.
Transformers.js with all-MiniLM-L6-v2 — 384-dimensional embeddings generated locally. No external AI calls.
AES-256-GCM encryption — all personally identifiable information is encrypted at rest.
Auth.js v5 with JWT strategy — credentials, Google, and Microsoft authentication supported.
Stripe — PCI-DSS compliant payment processing.
Sentry — error monitoring with sensitive data scrubbing.
PostHog — product analytics hosted on EU servers with a privacy-first configuration.
Upstash Redis — serverless rate limiting to protect against abuse.
Resend — transactional email delivery.

Data Residency

For EU customers, data is stored in Supabase EU region data centers to comply with data residency requirements. Enterprise customers can request specific data residency configurations as part of their deployment.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly by emailing contact@recruitsecureai.com. We take all reports seriously and will respond within 48 hours. We ask that you do not publicly disclose the vulnerability until we have had a chance to address it.

← Back to home