Upwage exceeds the strictest standards for security & the ethical use of AI

Our mission is to revolutionize talent acquisition through advanced, ethical, and transparent AI solutions. We recognize the importance of complying with regulations to ensure the highest standards of data privacy, security, and fairness. The Trust Center walks through our AI governance framework along with our commitment to compliance with:

Local state and city regulations
OFCCP and EEOC guidelines
CCPA and GDPR requirements
SOC 2 Type 1 standards

These efforts underscore our dedication to protecting the information entrusted to us by our clients and users, fostering trust, and upholding the integrity of our AI systems.

Compliance summary

State-specific regulations

Regulation
Annual 3rd Party Bias Audit
Effective Date
3rd PartyAI Bias Audit
AI Bias Audit Findings Disclosure
Candidate Consent
AI Governance Framework
New York Local Law 144
New York City
July 5, 2023
Not required
The Artificial Intelligence Policy Act (Senate Bill 149)
Utah
May 1, 2024
Not required
Not required
Not required
The Colorado AI Act (Senate Bill 24-205)
Colorado
February 1, 2026
Not required

Employment regulations

Regulation
Annual 3rd Party Bias Audit
Quarterly Internal Bias Audit
Candidate Protected Attributes AI Guardrails
Candidate Data Anonymization
Customer Compliance Partnerships
Candidate Consent
Candidate Right to Access Data
Candidate Right to Rectify Data
Candidate Right to Delete Data
EEOC Requirements
OFCCP Requirements

Data protection measures

Regulation
Disclosed Privacy Policy
Disclosed Terms & Conditions
Data Security Policies & Controls
Data Protection Impact Assessments
Data Incident Response Protocols
Data Minimization
Consent
Right to Access Data
Right to Rectify Data
Right to Delete Data
"Opt-out" Option
CCPA
GDPR

Data security

Certification
Status
"As of" Date
3rd Party Audited Data Security Policies
3rd Party Audited Data Security Frameworks
3rd Party Audited Data Security Controls
3rd Party Audited Vendor Assessments
3rd Party Audited Data Security Risk Assessments
3rd Party Audited Personnel Data Security Controls
SOC 2 Type 1
Complete
Aug 9, 2024

Policies, reports, & audits

Upwage AI Governance Executive Summary

This executive summary highlights our AI governance framework along with our commitment to compliance with state and city regulations, OFCCP and EEOC guidelines, CCPA and GDPR requirements, and SOC 2 Type 1 guidelines.

3rd Party AI Bias Report

Data Action Partners (DAP) has performed an independent and impartial bias audit of Upwage’s SuperSorter tool following the guidelines defined in NYC Local Law 144, which establishes compliance and disclosure standards for Automated Employment Decision Tools (AEDTs).

Internal AI Bias Report

The Internal AI Bias Report on the Upwage AI recruiting platform reviews the suitability of its design and operating effectiveness relevant to automated employment decision tool bias and associated risks.

SOC2 Type 1 Report

This report evaluates and attests to the design and implementation of Upwage's security controls, based on the trust services criteria for security, availability, processing integrity, confidentiality, and privacy.

Upwage AI Transparency Report

This AI Transparency Report is designed to provide a comprehensive overview of our AI practices, ensuring our stakeholders have a clear understanding of how our AI systems operate, the principles guiding their development, and the measures we take to ensure they are used ethically and responsibly.

Upwage Data Privacy and Security Measures Report

This Data and Security Report is designed to provide a comprehensive overview of our data protection practices, ensuring our stakeholders understand the measures we take to safeguard their information and maintain the integrity of our systems.

Upwage Ethical AI Policy

Our Ethical AI Policy serves as a cornerstone of this mission, providing a clear framework to guide the responsible development and deployment of our AI technologies.

State & city compliance

Upwage complies with local AI regulations to ensure are products are available throughout the US. In New York, we follow Local Law 144 by conducting annual third-party bias audits and posting the results publicly. In Utah, we adhere to Senate Bill 149 by providing clear consumer disclosures at the start of AI interactions and upon request. For Colorado's Senate Bill 24-205, we implement thorough documentation, developer disclosures, and annual impact assessments.

Employment practice Compliance

Upwage complies with OFCCP and EEOC regulations by implementing measures to prevent discrimination in hiring. We conduct quarterly internal bias assessments and annual third-party audits to identify and mitigate biases in our AI models. Our AI products include EEOC compliance guardrails to avoid decisions based on protected attributes. Additionally, we anonymize candidate data to protect privacy and base assessments solely on qualifications and competencies.

Data protection compliance

Upwage complies with the CCPA and GDPR, ensuring transparency and user control over personal data. Our Privacy Policy and Terms & Conditions detail data collection, usage, and protection. We obtain explicit consent before collecting data and provide options for access, rectification, and erasure. Our data retention policies balance operational needs with privacy rights, and we use stringent access controls and encryption to safeguard personal data. We continuously monitor and update our practices to maintain compliance.

Security Compliance

Upwage has obtained SOC 2 Type 1 certification to enhance our data security and compliance framework. This certification evaluates our system's controls for security, availability, and confidentiality, demonstrating our commitment to high data protection standards. We use Drata, a compliance automation platform, to continuously monitor and maintain regulatory compliance. Additionally, we conduct bi-annual third-party penetration testing to identify and address potential security vulnerabilities.

Access our live monitors to review real-time security checks

See security monitors
What is Upwage's approach to AI transparency?
How does Upwage ensure ethical AI development?
How does Upwage protect data privacy & security?
How does Upwage comply with local AI regulations?
How does Upwage comply with OFCCP & EEOC regulations?
How does Upwage comply with GDPR & CCPA?
What is SOC 2 Type 1 certification & how did Upwage obtain it?
Does Upwage conduct bias audits on its AI?