vesna

Security & AI

Plain answers about data, AI, and defensibility.

Hiring is regulated and getting more so. Here's exactly how Vesna handles candidate data and how the AI is used — no hand-waving. (Vesna is pre-incorporation, in early access; this reflects the product as built today and will be formalized at launch.)

CANDIDATE résumé + answer ISOLATED TENANT Postgres RLS SCORING CALL Claude · temp 0 AUDIT LOG append-only
One organization's data is never visible to another — enforced by the database. Résumés and answers are inputs to a single, logged scoring call, then an append-only record you can export or delete.

Candidate data

Where does it live, and who can see it?

Each customer is an isolated tenant. Data is partitioned at the database level (Postgres row-level security), so one organization's candidates are never visible to another — it's enforced by the database, not just application code. Your recruiters see your data; we don't pool it across customers.

Is candidate data used to train any model?

No. LLM calls go to Anthropic's commercial API under their standard commercial terms, and Vesna enables no data-sharing or model-improvement options. Your candidates' résumés and answers are inputs to a single scoring call — not training data for us, and we don't sell or pool them.

The AI

Which models, and how are they used?

Anthropic's Claude models, through a single logged gateway — every call is recorded. The AI does three narrow jobs: read a résumé for substance, draft one targeted follow-up question, and read the candidate's answer. Calls run at temperature 0 (the most consistent setting the model offers), so the same input gives the same read — which matters for consistency and for reviewing a decision later.

Does the AI reject anyone?

No — and this is the rule we never break. Vesna never makes a hiring decision. The polish read is a score that guides, not a verdict; the routing decides only one thing: whether to ask the candidate a follow-up question or hand the case to a human. A person makes — and owns — every advance, hold, or reject, with a recorded reason.

How do you know it can't just be gamed?

We measured it. We built a test that runs the real product against candidates trying to game it and careless recruiters — every combination — and graded each result against the known-right answer. Across every combination we tested, Vesna sorted every case correctly. The only failures were a human overriding a correct flag, which the record catches.

48
candidate-and-recruiter combinations, run start to finish
0
cases Vesna sorted wrong, in the test
1
risk left: a human override — which the record catches

See a run →

Human-in-the-loop & the audit trail

What does "audit-ready" actually mean?

Every step — evidence pulled out, score, question asked, answer received, the human's decision and reason — is added to a record that can't be quietly edited or deleted. For any candidate, "why did this happen?" is one screen: the full timeline, who did what, and when. That's what makes a decision defensible to a hiring manager, a candidate, or a regulator.

Candidate contact

When Vesna asks a candidate a follow-up question, it's a single message with a magic-link (no account to create), which they answer on their own time — or decline. In a pilot, these emails are opt-in — you choose whether they go out, or the question stays internal to your team.

Your data, your rights

Deletion and export

Your data is yours. We support deleting a candidate's or an organization's data on request, and exporting the audit trail. At launch we'll publish a full data-processing policy covering retention, subprocessors, and transfers; today, as a pre-incorporation early-access product, we'll answer any specific question directly — valerii@usevesna.com.

Ask us anything (15 min) Site privacy policy