Compliance
Built for enterprise data protection
MADITA was designed for European privacy and AI compliance requirements from day one — not bolted on after the fact.
We protect your data at enterprise level — through full sovereignty, transparent compliance, and thoughtful governance built directly into MADITA's architecture.
- GDPR
- EU AI Act
- AES-256
- TLS 1.2+
GDPR Compliance
- Data processing agreement (DPA) available on request under Art. 28 GDPR
- Personal data is processed exclusively for conducting the interview and for anonymisation — never used for model training or improvement
- Candidates provide explicit consent before each interview
- Full data subject rights: all interview data is exportable and deletable on request
- Right to access, rectification, erasure, and data portability honoured on request
EU AI Act Compliance
- MADITA is classified as a high-risk AI system under Annex III of the EU AI Act and built accordingly
- Human-in-the-loop: every hiring decision rests with a human — no automated rejections
- Complete audit trail: all interviews are documented with full traceability
- Candidate transparency: candidates are informed before every interview that they are speaking with an AI
- Bias monitoring: scoring patterns are continuously monitored for fairness
Encryption
- All data in transit is encrypted using TLS 1.2 or higher
- All data at rest is encrypted using AES-256
- Cryptographic keys are securely managed and rotated regularly
Certifications & Roadmap
- ISO 27001 certification in preparation (target: Q3/Q4 2026)
- SOC 2 Type II: planning in progress
- Vulnerability disclosure policy: report security issues to security@madita.ai
Security questions & DPA
For security reviews, privacy questions, or to request our data processing agreement, reach out directly.
Further details are available in our Data Protection Declaration, Data Processing Agreement — steps to full compliance.
legal@madita.ai