NeoWorkBack to app

Emergences AI, Inc.

Security

Version
2026-07-03
Effective
July 3, 2026

In plain language · summary only, not a substitute for the terms below

01

Encrypted

Data is encrypted in transit and at rest, and sensitive secrets are additionally encrypted at the application layer.

02

Isolated per tenant

Row-level security and application-layer scoping keep each organization's data separate.

03

Monitored

Audit logging, error monitoring, and rate limiting protect and evidence the platform's operation.

Security is foundational to a platform that handles candidate data. This page summarizes how NeoWork protects data; for a deeper review, contact us for our security package.

Contents

  1. 1Encryption
  2. 2Access control and tenant isolation
  3. 3Monitoring and change management
  4. 4Data handling and privacy
  5. 5Compliance status
  6. 6Incident response and breach notification
  7. 7Reporting a vulnerability
1.

Encryption

All traffic is encrypted in transit with TLS, and data is encrypted at rest. Particularly sensitive secrets, such as connected-tool credentials, are additionally encrypted at the application layer with authenticated encryption.

2.

Access control and tenant isolation

  • Row-level security in the database plus application-layer organization scoping isolate each tenant's data.
  • Least-privilege access controls gate administrative and sensitive actions.
  • Enterprise SSO and directory (SCIM) provisioning are supported for customer identity.
  • Human-in-the-loop gating on outbound actions taken by the AI agent.
3.

Monitoring and change management

We maintain audit logging with request correlation, error and performance monitoring (configured to scrub personal data), and rate limiting against abuse. Code changes pass automated type, test, and build checks on every change, and dependencies are kept current.

4.

Data handling and privacy

Personal data is processed under our Privacy Policy and Data Processing Addendum, shared only with the sub-processors we disclose, and retained per our Data Retention & Deletion Policy. Candidate assessment content is not sold and is not used to train general-purpose AI models for unrelated purposes.

5.

Compliance status

SOC 2 — in progress

Our technical controls are implemented and verified, mapped to the SOC 2 Trust Services Criteria. Formal SOC 2 (Type II) attestation by an independent CPA firm is in progress; we do not yet claim a completed attestation. Contact us for our current status and, once available, our report or bridge letter under NDA.

6.

Incident response and breach notification

We maintain an incident-response process and will notify affected customers without undue delay of a personal-data breach affecting their data, consistent with our Data Processing Addendum and applicable law, to support their own notification obligations.

7.

Reporting a vulnerability

We welcome reports from security researchers. Please see our Vulnerability Disclosure policy, or email contact@emergences.ai.

End of Security

Emergences AI, Inc. · Security 2026-07-03 · Effective July 3, 2026

This overview complements the Privacy Policy, the Data Processing Addendum, and the Sub-processors list. Questions: contact@emergences.ai.

© 2026 Emergences AI, Inc.

All policiesTerms of ServiceFee TermsPrivacy PolicyCookie PolicyYour Privacy ChoicesTrust Center