Trust

Trust Center

Last updated: June 11, 2026

Security

Defence in depth

Encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access control, hardware-backed MFA for staff, isolated production environments, and continuous vulnerability scanning.

Privacy

Your data, your control

Granular export, deletion, and access controls. No selling of personal information. No training of foundation models on your private content without explicit opt-in.

AI Safety

Evidence, not assumptions

Aristotle and Sherlock outputs are evaluated against held-out benchmarks, audited for bias, and shown alongside the source signals so recruiters can verify rather than trust blindly.

Compliance

Built for global hiring

Aligned with the Australian Privacy Principles, GDPR/UK GDPR, and CCPA/CPRA. SOC 2 Type II audit in progress (target 2026 Q4).

INGEN LABS PTY LTD takes a proof-first approach to security as well as hiring: published controls, evidence on request, and human-in-the-loop on every AI decision.

Data handling

We process two broad categories of data: profile signal you connect (GitHub, LinkedIn, projects, certifications) and recruiter inputs (job briefs, shortlists, candidate notes). Both stay scoped to your account or organisation.

  • Encryption in transit (TLS 1.2+) for every connection.
  • Encryption at rest (AES-256) for databases, object storage, and backups.
  • Logical isolation between customer tenants.
  • Backups taken daily, retained for 30 days, restore-tested quarterly.

Access & authentication

  • Role-based access control on every internal system.
  • Hardware-backed MFA required for all staff and contractors.
  • Just-in-time access to production with full audit logging.
  • Quarterly access reviews; immediate revocation on role change or offboarding.
  • SSO (SAML/OIDC) available on enterprise plans for customer accounts.

AI safety & evaluation

iNGen's AI outputs are aids, not decisions. We design every surface so a human can verify the evidence.

  • Aristotle's roadmaps, briefs, and talking points are grounded in connected sources and shown with the underlying signal.
  • Sherlock's proof scores are explainable: each score links back to the GitHub, project, hackathon, or testimonial signal that produced it.
  • We run continuous bias and fairness evals on candidate-scoring outputs and document known limitations.
  • We do not train foundation models on your private content without explicit opt-in.

Compliance & certifications

  • Australian Privacy Principles (Privacy Act 1988, Cth).
  • GDPR & UK GDPR — Standard Contractual Clauses for cross-border transfers.
  • CCPA / CPRA for California residents.
  • SOC 2 Type II — audit in progress (target 2026 Q4).
  • ISO 27001 — roadmap (target 2027).

Subprocessors

We use a small number of vetted subprocessors. We give 30 days' notice before adding new ones, and customers can subscribe to subprocessor updates by emailing contact@ingenworkspace.com.

ProviderPurposeRegion
Amazon Web ServicesCloud hosting, storage, computeUS, AU
SupabaseApplication database & authUS, EU
VercelEdge hosting for marketing & app surfacesGlobal edge
AnthropicFoundation model inference (Claude)US
OpenAIFoundation model inference (selected features)US
StripePayment processingUS, AU
ResendTransactional emailUS
PostHogProduct analytics (de-identified)US
SentryError and performance monitoringUS

Incident response

We run a documented incident response programme with 24/7 on-call coverage, severity tiers, and post-incident reviews. We notify affected customers without undue delay, and within the timeframes required by applicable law (72 hours under GDPR for qualifying incidents).

Found a vulnerability? Report it to contact@ingenworkspace.com. We respond within two business days and don't pursue good-faith research.

Business continuity

  • Multi-AZ deployments with automated failover.
  • Recovery point objective (RPO): 1 hour. Recovery time objective (RTO): 4 hours.
  • Quarterly disaster recovery exercises.
  • Status page at status.ingenworkspace.com.