Trust & Compliance

Automated hiring tools are under growing legal and regulatory scrutiny — and they should be. This page explains how SkillFoundry is built so that every assessment decision made on the platform can be explained, audited, and defended.

Compliance posture

SOC 2 Type II
Examination in progress (Q4 2026)
GDPR & CCPA
Data-subject rights supported
NYC Local Law 144
Bias-audit tooling built in
EU AI Act
Transparency documented
Data Processing Agreement
Available on request

A green dot indicates a capability that is live today; amber indicates an active workstream with a target date. We describe our status plainly — see the roadmap note below for what we have not yet completed.

Evidence and Auditability

Every score on SkillFoundry is assembled from recorded evidence rather than a reviewer's recollection:

  • Automated test execution. Submissions run against the task's test suite; pass/fail results for each test are stored with the submission.
  • Static code analysis. Lint quality, complexity, duplication, and modularity metrics are computed on the submitted code and itemized in the score breakdown.
  • Session event records. Assessment sessions are captured as structured events (edits, test runs, commands, communication), which drive the behavioral portion of the score and provide a trail reviewers can inspect.
  • Persistent score breakdowns. Each evaluated submission stores its full breakdown — base score, test results, code-quality metrics, behavioral scores, AI-use assessment, and every adjustment applied.

Human Oversight, On the Record

Automated scores on SkillFoundry are recommendations, not verdicts. The platform is designed for human-in-the-loop review:

  • Reviewers can adjust any evaluated score through a structured manual-review workflow.
  • Every manual adjustment is logged with the reviewer's identity, the point change, the stated reason, and a timestamp — and the log is preserved on the submission record.
  • Organizations set their own assessment policies, including whether candidates may use AI assistance. Score adjustments related to AI use follow the organization's configured policy and are disclosed in the report.

Honest AI-Use Analysis

We do not claim to catch every possible use of AI, and we caution customers against vendors who do. SkillFoundry's approach is transparency over certainty:

  • Sessions capture signals such as paste activity, large code insertions, typing patterns, and iteration on inserted code.
  • Reports describe how assistance appears to have been used — including whether the candidate understood, iterated on, and validated the resulting code — rather than issuing a binary "cheating" verdict.
  • Signals are presented to reviewers as evidence with stated confidence, so a human makes the final call, with the reasoning recorded.

Data Protection

  • Transparent monitoring. Candidates are informed about what the platform collects during an assessment session before they begin. Our monitoring and data-collection practices are documented publicly.
  • Retention and erasure. Candidate data is retained under our published Privacy Policy and deleted on verified request, subject to legal retention requirements.
  • Data processing agreements. A DPA covering our role as a processor of candidate data is available to customers on request.
  • Access controls. Assessment data is scoped to your organization; reviewer actions require authenticated, role-based access.

Fairness and Automated-Hiring Regulation

Laws such as New York City's Local Law 144 place obligations on employers who use automated employment decision tools, including bias audits and candidate notice. SkillFoundry is designed to make meeting those obligations practical:

  • Job-related inputs only. Scoring operates on work products and session behavior — code, tests, and how the work was done. Demographic attributes are never inputs to any score.
  • Consistent criteria. The same rubric and scoring model apply to every candidate on a task, eliminating reviewer-to-reviewer variance in the automated portion of the evaluation.
  • Audit-ready records. Per-candidate score breakdowns, session evidence, and manual-review logs give your compliance team the raw material an independent bias audit requires.
  • Human review built in. Structured manual review keeps a person accountable for every final decision.

Where we are honest about the roadmap: SkillFoundry has not yet completed a third-party SOC 2 examination or published an independent adverse-impact study, and we will not imply otherwise. Both are active workstreams; customers evaluating us can contact our team for current status, our security documentation, and interim attestations.

Questions From Your Security or Legal Team?

We're glad to walk your reviewers through the platform's data flows, evidence model, and compliance posture.

Talk to Our Team