Security and privacy, built into the ATS from day one.
AI screening only works if candidates and companies can trust it. Rubrily is GDPR-ready by design: your data is isolated per organization, access is role-scoped, candidates consent explicitly, and every score is explainable — never fabricated.
- Your organization's data is isolated.
- Every org lives in its own tenant with row-level security; no other customer can ever query, see, or match against your candidates or scores.
- Access is role-based.
- Owner, Admin, and Member roles with project-level scoping — recruiters see the hiring projects they’re assigned to, and nothing else. (Scale adds SSO and advanced RBAC.)
- Candidates consent before anything is recorded.
- The interview flow gates on explicit consent — conditions shown up front, recording consent captured separately, and an optional per-project requirement that candidates accept your legal documents before applying.
- Privacy and erasure requests are handled in-product.
- Candidates can request their data or its deletion, and the platform processes erasure without engineering tickets.
- Shared reports are anonymized.
- Client-share reports scrub PII, so agencies can show scored candidate evidence without exposing identities.
- Scores are never fabricated.
- When the AI lacks signal it returns "Cannot evaluate" rather than a guess — the same honesty principle applies to everything we show you.
Where is my data stored?
Rubrily stores each organization's data in an isolated tenant with row-level security. Your candidates, scores, and recordings are never shared across organizations, used to train models for other customers, or sold.
Who can see candidate data?
Only members of your organization, within their role and project scope. Owners and Admins manage org-wide settings; Members see the hiring projects they're assigned. Candidates see their own flow. Anonymized client-share reports expose scores and evidence — with names and contact details scrubbed.
How do erasure requests work?
A candidate (or your team on their behalf) can request deletion, and Rubrily erases their personal data — profile, CV, recordings, transcripts — in line with GDPR.
Is candidate consent captured?
Yes, explicitly and before recording. Candidates see the monitored-interview conditions, tick separate consent boxes for the conditions and the recording, and can't proceed without them. Projects can additionally require acceptance of your organization's legal documents before a candidate applies.
Compliance & documents
Evaluating Rubrily for your team?
Talk to us about security, data handling, and your compliance requirements.