We're committed to keeping your data safe. This means robust security measures that safeguard the storage, transmission and sharing of data across our suite of tools.
Our state-of-the-art privacy and security practices ensure your user and candidate data remain private.
With SSO and 2FA support your identity and credentials remain secure.
Our services are hosted with world-class providers to ensure strict compliance and industry-best standards.
Guide’s candidate experience platform helps organizations personalize the interview experience and automate candidate preparation.
Guide protects user data throughout the data flows of the Guide product, from account creation and integration through Google’s OAuth service to encryption of data in transit to Guide servers (using browser-based TLS 1.3+) and encryption of sensitive access tokens at rest (using AES-256) to a variety of administrative, physical and technical safeguards designed to create a secure environment for our customers’ data.
We build security into our services to protect your information. Guide is built with robust security features that continuously protect your information. The insights we gain from maintaining our services help us detect and automatically block security threats from ever reaching the client. And if we detect something risky that we think the client should know about, we’ll notify and guide the clients through steps to stay better protected.
We work hard to protect the client’s data from unauthorized access, alteration, disclosure, or destruction of information we hold by:
Please contact security@guide.co to request a copy of our Security and Compliance Whitepaper, or to report vulnerabilities with the Guide application.
If customers choose to enable key functionality on a per-account basis, two additional G Suite OAuth Scopes may be requested:
Guide optionally allows sending emails to candidates from within our application. We use the Gmail API, requesting the gmail.send scope, and send directly from the user’s email account to ensure that emails do not end up in the Updates or Promotions folder of your candidates’ inboxes. Sending within the application allows us to replace variables such as the candidate’s name and the candidate’s unique Guide URL.
When scheduling interviews in your ATS, the candidate is not typically included on the calendar events. Once all interviews have been scheduled, the candidate is typically sent separate calendar invites (or they are sent an email with a text version of the schedule and expected to create their own calendar invites).
Guide uses the gmail.send API to send ICS files via email, where Guide is the organizer so that we get notifications of candidate RSVPs. There is no additional G Suite permission necessary for us to sync calendar invites. We do not have read or write access to your users’ calendars
When a 1-on-1 interview is being scheduled with a candidate, it is often simpler to send the candidate the interviewer’s availability (for instance, the recruiter or hiring manager’s availability), and let the candidate book directly on their calendar. This bypasses the back-and-forth of requesting availability and confirming times over email.
Optionally, Guide can insert the interviewer’s availability directly in the candidate’s guide. The candidate is able to book, and we will automatically send calendar invites to both the interviewer and the candidate.
Guide’s use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Connecting Guide with your ATS enables you to automatically create, send, and update the content candidates see in their guides based on their current interview stage in your ATS. This also enables the automatic syncing of key information for candidates, such as interviewer profiles and interview schedules.
The General Data Protection Regulation (GDPR), is a European privacy law that went into effect on May 25th 2018. It is based upon the European understanding that privacy is a fundamental human right. Established by the EU Parliament, the GDPR regulates how individuals and organizations can obtain, use, store, and remove personal data. It gives EU citizens and residents control over their personal data, and simplifies the regulatory environment for international business that takes place in the EU.
The GDPR defines personal data as any information that can be used to directly or indirectly identify a person, such as a name, photograph, email address, or even an IP address.
GDPR adds new requirements regarding how companies should protect the personal data they collect and process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. Beyond these facts, it’s simply the right thing to do. At Guide we respect your data privacy and we have solid security and privacy practices in place that go beyond the requirements of this new regulation.
Here is an overview how Guide has prepared to meet the new regulation requirements.
Guide requires that all employees learn about and follow GDPR regulations, and ensures that all employees participate in the necessary training. Â
We’ve updated our cookie policy to provide you with transparency into the cookies that are set when you visit our site, and how each cookie is used. Our cookie policy page includes information about steps you can take to control how your browser handles cookies.
We reviewed and identified all the areas of Guide where we collect and process customer data. We validated our legal basis for collecting and processing personal data, and we ensured that we apply the appropriate security and privacy safeguards across our infrastructure and software ecosystem. Our Privacy Policy identifies what we do with the data we collect and how we manage consent.
We reviewed the 3rd party vendors that we use to provide our products and services, and we performed a comprehensive review of their GDPR compliance.
Transparency is important to us at Guide — both internally and with our customers. We are in the process of updating our Terms of Service and Privacy Policy to describe how we respect and protect your personal data. These documents will clearly describe the types of personal data we collect and process, why we collect the data, how we use it, who we share it with, and how long we store it.
We are committed to helping our customers meet the data subject rights requirements of GDPR. Guide processes or stores all personal data with fully vetted vendors with whom we have a DPA in place. We dispose of all data in accordance with our Terms of Service and Privacy Policy.
One of the GDPR requirements is a managed data protection impact assessment (DPIA) process. A DPIA process is a way to help us identify and minimize the data protection risks of a project. The Guide engineering team has always undergone security and privacy due diligence when choosing tools and making implementation decisions, so this requirement is easy for us. Any time we introduce a change to the way we handle personal data, we discuss the potential impact on Guide customers and explore possible privacy and security risks to personal data. If any risk is identified, no matter how small, our product and engineering teams collaborate on a solution to mitigate the data privacy and security risk to anyone who interacts with the Guide platform. We will continue to execute this risk assessment process as we expand Guide’s offerings.
We updated our existing breach management and communication plan to comply with the GDPR regulations concerning the escalation process and requirements for data subject notification.
We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data. If you have any questions, please don’t hesitate to reach out.
