Security posture

Built for hiring evidence your team can control.

CodeArena handles technical screen data, candidate work, reviewer notes, scorecards, and ATS handoff records. This page states the current security posture plainly so teams know what is ready for self-serve use and what should go through vendor review.

Controls available today

Practical safeguards for technical hiring data.

Tenant-scoped records

Company assessments, candidate sessions, reports, notes, team membership, and ATS records are scoped to the company workspace.

Role-based access

Admins manage billing, team access, ATS setup, and settings. Recruiters, interviewers, and viewers have narrower workspace permissions.

Encrypted transport

Production browser traffic uses HTTPS. Payment collection is handled through Stripe-hosted checkout and billing flows.

Credential handling

ATS API keys and webhook secrets are stored encrypted at rest by the backend before they are reused for sync or write-back.

Reviewable evidence

Reports attach test output, task evidence, replay context, integrity events, and reviewer decisions instead of hiding results behind one opaque score.

Candidate-safe sharing

Teams can share selected candidate feedback without exposing internal rubric details, reviewer notes, or private decision history.

Before rollout

Review the operational details before high-volume hiring.

The safest rollout starts with one real role, then expands after your team agrees on data retention, reviewer responsibilities, feedback policy, and integrations. Procurement teams can use this checklist to decide what needs deeper review.

Expected candidate volume and data retention needs
Who should administer users, billing, ATS keys, and result sharing
Whether the first rollout needs Greenhouse, Lever, Ashby, or a custom ATS path
How your team will use integrity events and AI scoring in human review
Whether procurement needs a security questionnaire, DPA review, or custom agreement
What candidate communication and feedback policy your hiring team will follow

Integration posture

Greenhouse, Lever, and Ashby are the self-serve ATS paths currently represented in the product. Workday and other tenant-specific ATS rollouts require implementation review because setup depends on customer admin configuration and credential handling.

No hidden certification claims

CodeArena can support security review, but this page does not claim SOC 2 certification, SSO/SAML availability, or a completed formal bias audit. Bring those requirements into the buying conversation before scale.

Boundaries

Clear limits make buyer review easier.

These boundaries are intentional. They protect candidate experience, keep employers accountable for decisions, and prevent security review from discovering surprises late in the process.

CodeArena does not make automatic hiring decisions.
CodeArena does not use face, voice, emotion, or personality scoring.
CodeArena is not presented as SOC 2 certified today.
SSO/SAML and custom ATS rollouts should be handled through sales and implementation review.
Integrity events are review prompts, not standalone cheating verdicts.
Final candidate decisions remain the employer's responsibility.