Signals, not surveillance

We build HR analytics that helps retain people — not watch them.
Privacy isn't a feature. It's an architectural principle.

Our privacy philosophy

What we DON'T do What we DO
Read messages
Analyze only metadata
Monitor screens
Aggregate at team level
Track keystrokes
Explain every metric
Build "loyalty scores"
Give control over data
Give "who will leave" lists
Show team risks
Sell data to third parties
GDPR-ready by design

We believe you can help HR teams without turning the workplace into a Panopticon.

What we access (and don't)

HRIS Data

BambooHR, Personio, HiBob, Workday

We use:

  • • Employee ID (anonymized)
  • • Tenure
  • • Department/Team
  • • Manager relationships
  • • Time-off
  • • Role changes

We DON'T:

  • • Salary
  • • Personal contacts
  • • Performance reviews
  • • Medical info

Calendar Data

Google Calendar, Outlook

We use:

  • • Meeting count
  • • Duration blocks
  • • Schedule patterns
  • • 1-on-1 presence

We DON'T:

  • • Titles
  • • Descriptions
  • • Participants names
  • • Invitation content

Communication Metadata

Slack, Teams

We use:

  • • Activity patterns (timestamps)
  • • Response time aggregates
  • • Channel participation

We DON'T:

  • • Message content
  • • Channel names
  • • Participant names
  • • Files

Surveys

Built-in pulse surveys

We use:

  • • Responses
  • • eNPS
  • • Response rates

We DON'T:

  • • Individual ID below 5 responses
  • • Forced participation
  • • Non-anonymous tracking

Aggregation & Anonymity

K-Anonymity (min 5 people)

We never show data if a group has fewer than 5 people. If your team is too small, we show "N/A" instead of risking individual identification.

Team-level by default

All risk scores are aggregated at team level. We don't show "John will leave" — we show "Engineering team has elevated attrition risk."

Data security

Encryption

  • TLS 1.3 in transit
  • AES-256 at rest
  • Field-level encryption for sensitive data

Infrastructure

  • AWS/GCP (EU/US choice)
  • Multi-tenant isolation
  • Continuous security scanning

Access Control

  • Minimal access principle
  • Just-in-time access
  • All access logged
  • MFA required

Incident Response

  • 24/7 monitoring
  • <24h breach notification
  • Regular response drills

Compliance & Certifications

We're building trust through transparency. Here's our current compliance status.

GDPR Compliant

EU data processing, DPA available, data subject rights supported

SOC 2 Type II

In progress. Expected completion: Q3 2025. Contact us for current security documentation.

Penetration Testing

Annual third-party penetration testing. Report available under NDA.

?

Insurance

Cyber liability and E&O insurance coverage. Certificates available on request.

Your rights & controls

Employee Rights

  • Know what data is collected
  • Access their data
  • Rectification of incorrect data
  • Erasure (right to be forgotten)
  • Restriction of processing
  • Object to processing

Company Controls

  • Choose data sources
  • Set retention periods
  • Exclusion lists
  • Audit logs
  • Data export
  • Account deletion

Data lifecycle

1

Collection

From connected sources only

2

Processing

Team-level aggregation

3

Storage

Encrypted at rest

4

Retention

2 years configurable

5

Deletion

30 days after cancellation

Data Type Retention Deletion
HR metadata (signals) 24 months rolling Auto-purged monthly
Risk scores 12 months Auto-purged monthly
Account data Active + 90 days On account closure
Audit logs 7 years Compliance requirement
Backups 30 days Rolling deletion

Data Export & Deletion: Request full data export or deletion at any time. We process requests within 30 days per GDPR requirements.

Sub-processors

We use the following third-party services to process customer data. This list is updated when sub-processors change.

Last updated: December 2024

Service Purpose Location
Cloudflare CDN, DDoS protection, DNS Global (US HQ)
AWS / GCP Infrastructure hosting US-West / US-East (EU available)
PostgreSQL (hosted) Database US region (EU available)
SendGrid / Postmark Transactional email US (GDPR DPA)
Stripe Payment processing US (GDPR DPA)

For DPA requests or sub-processor change notifications, contact [email protected]

Security Review for Buyers

We understand enterprise security teams need to evaluate vendors. Here's what we can provide:

Available on Request

  • Security questionnaire (SIG Lite)
  • Architecture diagram
  • Penetration test summary (under NDA)
  • Data Processing Agreement (DPA)
  • Insurance certificates

Review Process

  1. 1 Email [email protected]
  2. 2 Sign mutual NDA if needed
  3. 3 Receive documentation within 48 hours
  4. 4 Schedule security call if needed
Request Security Documentation

Incident Response

Detection & Response

24/7 automated monitoring. Security incidents trigger immediate alerts to our on-call team. Initial triage within 1 hour.

Customer Notification

For incidents affecting customer data: notification within 72 hours per GDPR requirements. Critical incidents: same-day notification.

? Post-Incident

Root cause analysis and remediation report provided to affected customers. Public disclosure for significant incidents.

Report security issues: [email protected]
For responsible disclosure, see our security.txt

Security & Privacy Questions

Can employees find out they're monitored?

Yes, we recommend transparency. Companies should inform employees about what data is collected and why. We provide a template communication for this purpose.

What if an employee wants to be excluded?

Employees can be added to an exclusion list. Their data will not be processed, though this may affect team-level metrics if the team becomes too small (below 5 people).

How do you prevent re-identification?

We use k-anonymity (minimum 5 people per group), data suppression for small groups, team-level aggregation, and noise injection where appropriate. Individual tracking is architecturally impossible.

Where is data stored?

You choose during onboarding: EU (GDPR-compliant infrastructure) or US. All data stays in your chosen region. We never transfer data across regions without explicit consent.

What happens when we cancel?

30-day grace period for data export, then complete deletion from all systems including backups. You receive confirmation of deletion. Audit logs retained for 1 year as required by security standards.

Is there a Data Processing Agreement?

Yes, provided before onboarding. Covers all GDPR requirements including data subject rights, breach notification, sub-processors, and deletion procedures.

Get in touch

Security questions

[email protected]

PGP key available on request

DPA requests

[email protected]

Response within 24 hours

Report a vulnerability

Found a security issue? Please report it responsibly to:

[email protected]

We respond within 24 hours

Trust Center

Privacy Policy Terms of Service Request DPA

GDPR Compliant

SSL/TLS Secured

Encrypted Storage

SOC2 Roadmap

Questions about security?

We're happy to discuss our security practices and provide additional documentation.

No spam. Unsubscribe anytime.

Priority access
3 months free
Shape the roadmap