Your candidate data isprotected — and never trained on.
InterviewMesh handles sensitive hiring data: recordings, transcripts, and candidate evidence. Here is exactly how we protect it, how our AI providers process it, and why your data never trains a model.
We treat every interview as confidential hiring data. It is encrypted, scoped to your workspace, and never used to train AI models — not ours, and not our providers’.
Last updated: July 5, 2026
Your data & AI
Your data is never used for training
Your candidate interviews, recordings, transcripts, scores, and reports are never used to train foundation models — ours or any provider's. Interview content is processed only to generate the evidence your hiring team reviews. Your data trains nothing.
How our AI providers handle your data
Mesha is built on frontier AI from leading labs — real-time voice models from OpenAI and frontier reasoning models from Anthropic (Claude). Session content is sent to these providers solely to conduct the interview and produce your report, under enterprise agreements with zero-retention and no-training terms. It is not used to train their models.
Data protection
Encryption everywhere
All data is encrypted in transit (TLS 1.2+) and at rest. Recordings, transcripts, and reports are stored in access-controlled infrastructure, and secrets are managed separately from application data.
Workspace isolation and access control
Interview data is scoped to your workspace. Only members you explicitly invite can access session recordings, transcripts, and scorecards. We enforce role-based access controls, maintain audit logs, and support SSO on enterprise plans.
Governance
Candidate consent and human oversight
Your team is responsible for informing candidates that the interview is AI-conducted and recorded. Mesha produces structured evidence for human review — never an autonomous hiring decision. Your team makes every call, and we provide sample candidate disclosure language on request.
Compliance posture
We build to SOC 2-aligned controls and handle personal data in line with GDPR principles. Formal SOC 2 Type II certification is on our roadmap — contact us for our current security posture, sub-processor list, or to complete a vendor security review.
Operations
Retention, deletion, and export
Workspace data is retained for the duration of your active subscription plus a 90-day grace period after cancellation, then permanently deleted. You can request early deletion of specific sessions, a full data export, or correction at any time.
Incident response
We conduct periodic security reviews and monitor for anomalous activity. In the event of a confirmed breach affecting your workspace, we notify you promptly with details, scope, and remediation steps.
Security questions, our sub-processor list, or a vendor security review? Email support@interviewmesh.com.