← Back to Home
Frequently Asked Questions
Everything you need to know about Institutional Memory API
Getting Started
Q: What is Institutional Memory API?
A: Institutional Memory API is a compliance-as-a-service platform that helps companies using AI in hiring create immutable audit trails. When you're challenged legally (EEOC complaint, discrimination lawsuit), we provide instant, complete evidence packs showing:
- What AI systems you used (with bias audit proof)
- Every hiring decision made (with timestamps and rationales)
- All disclosures delivered to candidates
- Human review documentation
Think of us as the "black box" for AI hiring - if something goes wrong, we have the complete flight recorder.
Q: How long does integration take?
A: 1-2 hours for most ATS platforms. Our webhook-based API requires:
- Register your company (get API key) - 2 minutes
- Add 3-5 webhook calls to your hiring workflow - 30-60 minutes
- Test with sample data - 15 minutes
- Generate your first audit pack - 5 minutes
We provide code examples in Python, Node.js, Ruby, and cURL. See our
API Documentation.
Q: Do I need to change my existing hiring process?
A: No! Our API integrates silently into your existing workflow. You continue hiring exactly as you do now - we just record what happened in the background. No UI changes, no workflow disruption.
Privacy & Compliance
Q: Do you store candidate personal information?
A: No. We use SHA-256 hashing to convert candidate identifiers (email, ID) into one-way cryptographic hashes. We NEVER store:
- ❌ Candidate names
- ❌ Resumes or applications
- ❌ Protected class data (race, gender, age)
- ❌ Interview notes or assessments
We only store decision metadata (hired/rejected, timestamp, rationale) linked to a hash. This protects candidate privacy while proving your compliance.
Q: Are you GDPR and CCPA compliant?
A: Yes. We comply with:
- ✅ GDPR (EU) - Right to access, deletion, portability
- ✅ CCPA (California) - No data selling, opt-out rights
- ✅ PIPEDA (Canada)
- ✅ 72-hour breach notification (GDPR requirement)
See our
Privacy Policy for full details.
Q: How long do you retain data?
A: Default:
7 years from the decision date. This aligns with employment law record-keeping requirements (EEOC, statute of limitations). You can:
- Configure custom retention periods (3-10 years)
- Flag records for "legal hold" during active litigation (prevents deletion)
- Export all data in JSON format when you cancel
After cancellation: 30-day grace period, then permanent deletion.
Q: Can I delete a hiring decision record?
A: No - that's the point! Immutability is what makes our audit trail defensible in court. If you could delete or edit records, they wouldn't be trustworthy evidence.
Exception: Legal hold flag prevents automatic deletion during litigation, but you can't retroactively edit past decisions.
Pricing & Plans
Q: How does pricing work?
A: We charge based on the number of hiring decisions you protect per month:
- Starter: $499/month (up to 1,000 decisions)
- Professional: $1,499/month (up to 10,000 decisions)
- Enterprise: Custom pricing (unlimited decisions)
Overage: $0.50 per decision beyond your plan limit.
Annual discount: Save 16% (2 months free) when you pay annually.
Q: What counts as a "decision"?
A: Each hiring outcome logged counts as one decision:
- Candidate rejected after AI screening = 1 decision
- Candidate hired after interview = 1 decision
- Candidate withdrew application = 1 decision (if you want to track it)
What doesn't count: Logging AI systems, recording disclosures, generating audit packs (unlimited at any tier).
Q: Do you offer a free trial?
A: No. We work with qualified companies who need compliance NOW, not those still exploring. After your demo request is approved, payment is required before receiving API credentials. This ensures we only work with serious clients who value defensible hiring practices.
Technical Questions
Q: What's your uptime SLA?
A:
- Starter: 99.0% monthly uptime (~7 hours downtime/month)
- Professional: 99.9% monthly uptime (~43 minutes downtime/month)
- Enterprise: 99.95% monthly uptime (~22 minutes downtime/month)
We monitor with Pingdom and provide a public status page.
Q: How do I get support?
A:
- Starter: Email support@defensiblehiringai.com (24-hour response)
- Professional: Email support (4-hour response, business hours)
- Enterprise: Dedicated Slack channel (1-hour response, 24/7)
All plans include access to documentation and API examples.
Q: What if your service goes down during a legal challenge?
A: We recommend:
- Proactive exports: Generate audit packs quarterly and save to your own storage
- Legal hold mode: When litigation starts, immediately export all relevant data
- Backup access: Enterprise customers get direct database backups
Our SLA includes 99.9%+ uptime, but you should never rely on ANY single system for legal defense.
Legal & Compliance
Q: Does using your service guarantee I won't get sued?
A: No. We provide documentation tools, not legal protection. If you discriminate in hiring, you can still be sued.
What we DO provide: When you're challenged, you'll have instant, complete evidence showing:
- You used properly audited AI systems
- You disclosed AI usage to candidates
- Humans reviewed decisions
- You had legitimate, documented rationales
This dramatically reduces legal costs and improves your defensibility - but it's not a legal shield. Consult employment lawyers for compliance advice.
Q: What regulations does this help me comply with?
A: Our service assists with:
- NYC Local Law 144: AI bias audits, candidate disclosures, record-keeping
- California AB 2013: Automated decision system documentation
- EU AI Act: High-risk AI system transparency requirements
- EEOC Requirements: Hiring record retention (Title VII)
See our
compliance guide for details.
🔒 Data Security & Privacy (ZERO-STORAGE)
Q: What candidate data do you store?
A: We DON'T store candidate data. This is our biggest differentiator.
❌ What we DON'T store:
- Candidate names, emails, phone numbers
- Resumes or CVs (no PDFs, no text)
- Interview recordings or transcripts
- Compensation data or salary history
- Any personally identifiable information (PII)
✅ What we DO store:
- Timestamps (when events happened)
- Hashed candidate IDs (anonymized references)
- AI scores & recommendations
- Decision justifications
- Links to records in YOUR ATS
Your candidate data stays in YOUR ATS (Greenhouse, Lever, Workday). We just prove what you did with it.
Q: How do you generate audit packs without storing candidate data?
A: When you request an audit pack, we:
- Fetch candidate data from YOUR ATS in real-time (using your API credentials)
- Combine it with our audit trail (timestamps, decisions, justifications)
- Generate the PDF report
- DELETE the fetched candidate data immediately
We store cryptographic references (hashes and ATS record IDs), not the actual data. This means:
- ✅ You get full lawsuit protection
- ✅ With ZERO data breach risk from our side
- ✅ Your ATS remains the single source of truth
Q: What happens if you get hacked?
A: Even if someone breaches our system, they get:
- Timestamps (when things happened)
- Hashed candidate IDs (irreversible SHA-256 hashes)
- Decision justifications ("Candidate lacked required Python experience")
- AI scores (42/100, 78/100, etc.)
They DON'T get:
- ❌ Candidate names or contact info
- ❌ Resumes or personal documents
- ❌ Any data they can sell on the dark web
Compare to other tools: If they get hacked, your full candidate database is exposed.
With us, your candidate data is SAFE in your ATS.
Q: Can your employees see our candidate data?
A: No. Our employees cannot see your candidate data by default.
Normal operations: Zero access. We don't store it.
Support requests: If you open a ticket asking us to debug an issue, we can request temporary access WITH YOUR WRITTEN APPROVAL. You get an email: "Support Engineer John Smith is requesting access to your tenant for 24 hours to debug [issue]." You click "Approve" or "Deny."
Every access is logged: If anyone at our company accesses your data, it's logged with timestamp, user ID, reason, and duration. You can review these logs anytime.
This is standard SOC 2 compliance (same model AWS, Google, Salesforce use).
Q: Is this GDPR compliant?
A: Yes. Since we don't store candidate PII, we're not a "data controller" under GDPR—your ATS is.
GDPR benefits of zero-storage:
- Data deletion requests: Handled by your ATS, not us
- Data portability: Your ATS provides candidate data exports
- Breach notification: We notify within 72 hours, but no PII at risk
- Data minimization: We only store what's needed for audit trails
We can provide a Data Processing Agreement (DPA) for audit trail data we DO store.
Q: What happens to my data if I cancel?
A:
- Day 1-30: Grace period. Data is read-only, you can export everything in JSON.
- Day 31+: Data is permanently deleted from all systems (backups included).
Exception: You can maintain a paid "Archive Mode" ($99/month) for read-only access if you have ongoing litigation.
Use Cases
Q: Who is this for?
A: Perfect for:
- ATS Vendors: Offer compliance as a feature to your customers (white-label available)
- Enterprises: Hiring 1,000+ candidates/year with AI screening
- Recruiting Agencies: Manage compliance for multiple client companies
- HR Tech Startups: Add compliance layer without building it yourself
If you use AI in hiring and care about legal risk, this is for you.
Q: Can I white-label this for my ATS customers?
A: Yes (Enterprise only). We offer:
- Custom branding (your logo, domain)
- Revenue sharing (70/30 split)
- Dedicated integration support
- Co-marketing opportunities
Contact sales@defensiblehiringai.com for partnership details.
← Return to Home •
API Documentation •
Terms •
Privacy