Trust & Security
Built for the work that matters most.
Secured like the data demands.
Recruiting data is some of the most sensitive information a business handles — personal contact details, employment history, salary expectations, candidate evaluations. OpusRoster is built from the ground up to protect it: encrypted infrastructure, row-level isolation, explainable AI, and audit logs on every action. No black boxes. No surprises.
Security
Your data, protected at every layer.
Security isn’t a feature — it’s a precondition. We treat customer data like the production database of a regulated business, because for many of our customers, it is one.
Encryption everywhere
All data is encrypted in transit (TLS 1.3) and at rest. Database connections use SSL. API tokens are hashed. Passwords are never stored — we use industry-standard credential providers and OAuth flows for sign-in.
Row-level security
Every database query is filtered by organization. Your data is isolated from every other customer at the database layer, not just the application layer. A bug in our code cannot leak another customer’s data — the database itself enforces the boundary.
Infrastructure on enterprise providers
OpusRoster runs on Supabase (Postgres, Auth, Storage) and Vercel (compute, edge network). Both are SOC 2 compliant providers used by Fortune 500 companies. Data centers are in the United States; we do not move customer data outside the US.
Audit logs on everything
Every meaningful action — every email sent, every candidate scored, every job edited, every plan upgrade — is logged with timestamp, actor, and context. You can audit every action your team or our agents take on your behalf.
AI Ethics
The agents do the work.
You make the calls.
AI in recruiting only works if recruiters can trust it. Trust comes from transparency, control, and predictable behavior. Here is exactly how OpusRoster’s AI is designed.
Nothing auto-sends without your authorization
Outreach emails are drafted by AI but only sent after a recruiter approves them — or after you explicitly enable Autopilot for a specific role. We never blast emails on your behalf without consent. There is no “oops, the AI sent 200 cold emails” failure mode in OpusRoster.
Every score is explainable
When the Sourcer or Triage Agent assigns a fit score to a candidate, it shows you the reasoning: matching skills, location alignment, experience signals, gaps. No black-box scoring. You can audit why any candidate ranked where they did, and override the score if you disagree.
Bias-aware by design
Our scoring prompts explicitly exclude protected characteristics from consideration: age, gender, ethnicity, marital status, national origin. Outreach templates are reviewed for inclusive language. We log every prompt and output so we can audit for drift.
You can turn it off
Every AI agent can be paused globally or per-job with one click. If you want to take over a candidate manually, “Lock to me” removes that candidate from agent control. The platform works fully without any AI features enabled — the agents are leverage, not lock-in.
Compliance
Recruiting law is non-negotiable.
We build for it from the start.
Equal-opportunity hiring, candidate data rights, opt-out enforcement, deliverability standards — these aren’t edge cases. They’re the operating environment of every serious recruiter. OpusRoster is designed so that doing the right thing is the default, not an extra step.
EEO-aware outreach
Outreach templates use inclusive, role-focused language. We avoid age-coded terms, gendered descriptors, and exclusionary phrasing. Every email is logged and auditable for compliance review.
Data subject rights
Candidates can request data deletion at any time. We honor opt-out requests within 24 hours. Every outreach email includes a clear opt-out path. You can export or delete a candidate’s record from the platform with one click.
Recruiter accountability
Every action on the platform is tied to a specific user account. Multi-recruiter agencies and TA teams have full visibility into who did what, when, and why. No anonymous actions.
Email deliverability
We enforce SPF, DKIM, and DMARC on all outbound email. We respect bounces and unsubscribes globally. We do not send through unverified senders. Recruiter sender verification is part of onboarding.
Data handling
Direct answers to the questions you should ask.
If you’re evaluating OpusRoster for a TA team, an agency, or a staffing firm — these are the questions your security or legal team will ask. We’ve answered them upfront so you don’t have to chase us for them.
Where is my data stored?
All customer data is stored in US-based Supabase Postgres infrastructure (AWS us-east-1). We do not store data outside the United States.
Who can access my data?
Only authorized users from your organization, plus a small number of OpusRoster engineers for support purposes — logged and audited. We do not share customer data with third parties for advertising, training, or any commercial purpose.
Is my candidate data used to train AI?
No. Your candidate data is never used to train AI models — ours, OpenAI’s, Anthropic’s, or anyone else’s. We use AI providers under contracts that explicitly forbid training on customer data.
What happens if I cancel?
You can export all your data — candidates, jobs, conversations, audit logs — in standard CSV/JSON formats at any time. After cancellation, your data is retained for 30 days for restoration, then permanently deleted.
How do you handle PDL data?
Sourcing data from People Data Labs is fetched on-demand, scored against your role, and stored only for candidates you choose to engage with. Profiles you reject are not retained beyond the search session.
Responsible disclosure
Found a security issue? Tell us.
We take security reports seriously. If you discover a vulnerability in OpusRoster — in the application, the API, the marketing site, or anywhere else — please report it directly to our security team.
Recruiting platform built like the infrastructure it is.
5 days free. 50 candidates sourced. See for yourself how a serious platform handles serious data.