This DPA summary documents the production data-processing posture for tview. Customers that require negotiated terms should use a signed DPA before production launch.
Roles
For recruiter/customer-controlled candidate data, the customer is generally the controller and tview is the processor. For tview account, billing, security, and operations data, tview may act as an independent controller.
Processing instructions
tview processes personal data to provide the service, secure it, troubleshoot incidents, meet legal obligations, and perform documented customer instructions.
Security measures
- Tenant-scoped access controls and authenticated dashboard/API access.
- API key hashing/revocation, rate limits, idempotency, and structured request logging.
- Private storage for uploaded files and restricted operational access.
- Webhook signing and public HTTPS webhook target restrictions.
Subprocessors
Current subprocessors are listed on the Subprocessors page. Customers should review that list before going live.
Data subject requests
tview will assist customers with deletion, export, and correction requests according to the customer agreement and applicable law.