PaiSLEY. Hire the best. Simply.

Security & compliance

Built for HR data from day one.

Hiring data is some of the most sensitive your organization holds. PaiSLEY is built around audit trails, least-privilege access, short-lived media URLs, and deployment options that match your data-residency posture.

Presigned media

15 min expiry

Auth

OTP + magic link

Audit logs

Every event

GDPR

One-click withdrawal

Role-based access control

Least-privilege defaults, scoped to the job and the person.

  • Applicant, HR Consultant, and Super Admin roles with granular permissions.
  • Per-job assignment: consultants only see candidates for jobs assigned to them.
  • Password-based authentication for staff. Passwordless OTP and magic link for applicants.
  • Configurable session durations, OTP expiry, max attempts, and rate-limit windows.
Close-up of a vault hinge representing audit and access integrity.

Audit trail by default

Every meaningful action is captured, attributed, and searchable.

  • Every application view, status change, and AI recommendation is logged.
  • Job CRUD, user management, login and logout, API tokens, and invite lifecycle captured.
  • Filter audit logs by date range, user, or event type.
  • Actor attribution on every event with structured metadata.

Data privacy

Sensitive media stays behind authenticated, short-lived links.

  • Video and resume files served via short-lived presigned URLs (15 minute expiry).
  • Media is never publicly accessible. Every access goes through portal auth.
  • Self-service withdrawal triggers full data deletion or anonymization, supporting GDPR's "right to be forgotten".
  • All sensitive data exchanged inside the portal. Email notifications carry secure links only.
Server racks lit in cool tones, representing dedicated deployment options.

Deployment posture

Pick the hosting model that fits your residency and IT policy.

  • Self-hosted deployment with full Docker support for strict residency requirements.
  • Managed cloud option with dedicated, branded environments per client.
  • Encrypted API key management with connection testing and rotation. No code deploy needed.
  • Health-check endpoint for monitoring and uptime tooling.

Compliance by design

Consistent, documented decisions your legal team can defend.

  • Consistent screening criteria applied to every candidate.
  • Human override on every AI recommendation, documented and timestamped.
  • Structured candidate intake reduces ad-hoc, undocumented evaluation.
  • Exportable audit log gives compliance and legal teams a clean record.

Need a security review?

We're happy to walk your IT or compliance team through the deployment model, data flows, and audit-log schema during the demo.

Book a security review