SalesProof
SalesProof Trust Centre

Enterprise-Grade Security Built For Modern Hiring Teams

SalesProof is designed with security, privacy, and responsible AI handling at its core. Built on enterprise-grade infrastructure and aligned with UK GDPR and England & Wales legal requirements.

View Security OverviewContact Sales

Data Protection

Candidate and customer data encrypted in transit and at rest.

Privacy First

SalesProof does not sell candidate data or use customer assessment data to train public AI models.

Secure Access

Role-based permissions, MFA enforcement, and controlled production access.

Audit Visibility

Critical platform activity is logged and monitored for security and operational integrity.

Responsible AI

AI-assisted assessment analysis includes integrity and authenticity controls.

Enterprise Ready

Security controls aligned to enterprise SaaS expectations and UK GDPR obligations.

Security Overview

How we approach compliance

A summary of the legal frameworks and safeguards SalesProof operates under. Tap any topic to read more.

Privacy & Data Protection

Built around respect for candidate data

Clear handling principles for every piece of personal data flowing through SalesProof from candidate assessments to customer workspaces.

Encrypted at restTLS in transitPrivacy-firstMinimised storage

Candidate data handling

  • Collected only for the purpose of completing an assessment for the hiring company.
  • Processed under the lawful basis of legitimate interest or contract performance, as relevant.
  • Never sold to third parties.
  • Retention aligned to the hiring company's needs and applicable legal periods.
  • Deletion requests honoured. Email privacy@salesproof.io.

Customer data handling

  • Customer workspace data isolated by tenant.
  • AI usage limited to assessment scoring and integrity analysis. Disclosed in our terms.
  • Customer assessment data is not used to train public AI models.
  • Reasonable retention principles with the option to request export or deletion.
  • Privacy questions answered by our team via privacy@salesproof.io.

Access Controls

Tight control over who accesses what

Access Control Policy

Least-privilege by default

  • Least-privilege access across systems and data.
  • Production access is restricted, logged, and reviewed.
  • Role-based permissions for customer workspaces.
  • Periodic account and access reviews.

MFA Security

Multi-factor protection

  • MFA enforcement available across user accounts.
  • Secondary verification for sensitive admin flows.
  • Hardened admin accounts with elevated protection.
  • Credential storage hardened with industry-standard hashing.

Audit Logging & Monitoring

Operationally observable, end-to-end

Critical platform activity is logged so we can investigate, learn, and respond.

  1. Authentication events

    Sign-ins, sign-outs, password and MFA changes are logged for security review.

  2. Admin actions

    Critical admin activity. Role changes, billing changes, workspace configuration. Is recorded.

  3. Suspicious activity monitoring

    Unusual login patterns and anomalous behaviour are flagged for follow-up.

  4. Incident investigation support

    Operational telemetry retained to support troubleshooting and forensic review if needed.

Responsible AI

Responsible AI & Candidate Integrity

AI is a tool inside SalesProof. Not a substitute for hiring judgement. We design AI use to be transparent, evidence-based, and respectful of candidates.

AI-assisted scoring

AI helps surface signals from candidate responses; final scores follow our published methodology.

AI integrity analysis

Submissions are screened for tell-tale signs of inauthentic or generated answers.

Authenticity monitoring

Behavioural patterns during assessments are reviewed to support fair, evidence-based hiring decisions.

Communication pattern analysis

Language and structure of candidate responses are analysed to identify deal-control evidence.

No public AI model training on customer candidate data.

Anonymised, aggregated patterns only. No candidate names, emails, employer names, or workspace data ever enter the benchmark model.

Security Reviews

Continuous assessment, not point-in-time theatre

Periodic security reviews

Internal reviews of platform security posture, configurations, and access controls.

Vulnerability scanning

Automated scanning across application surfaces and infrastructure to detect known issues.

Dependency reviews

Continuous monitoring of third-party packages for security advisories and timely patching.

Infrastructure assessments

Hardening reviews across hosting, database, and authentication providers.

Third-party security reviews

Engagement with external specialists for additional assessment when appropriate.

Vendor Management

Selective, governed sub-processors

SalesProof seeks to work with providers maintaining commercially reasonable security standards.

Hosting providers
Infrastructure providers
Authentication systems
Analytics providers
Payment platforms
AI providers

Responsible Disclosure

We welcome responsible disclosure from the security community. If you believe you've discovered a vulnerability, please contact us at:

security@salesproof.io
  • Avoid disruption to the service or other users.
  • Avoid accessing, modifying, or exfiltrating personal data.
  • Give us reasonable time to investigate and remediate before public disclosure.

This information is provided for general informational purposes and does not constitute legal advice, regulatory certification, SOC 2 certification, or warranty of uninterrupted security. SalesProof continues to invest in maturing its security and privacy programme.