This DPA summary documents the production data-processing posture for tview. Customers that require negotiated terms should use a signed DPA before production launch.
Roles
For recruiter/customer-controlled candidate data, the customer is generally the controller and tview is the processor. For tview account, billing, security, and operations data, the tview operating legal entity (named in the Privacy Policy) acts as an independent controller. Questions about roles can be sent to privacy@tview.work.
Processing instructions
tview processes personal data to provide the service, secure it, troubleshoot incidents, meet legal obligations, and perform documented customer instructions.
Security measures
- Tenant-scoped access controls and authenticated dashboard/API access.
- API key hashing/revocation, rate limits, idempotency, and structured request logging.
- Private storage for uploaded files and restricted operational access.
- Webhook signing and public HTTPS webhook target restrictions.
Subprocessors
Current subprocessors are listed on the Subprocessors page. Customers should review that list before going live.
Data subject requests
tview will assist customers with deletion, export, and correction requests according to the customer agreement and applicable law.