SOC 2-ready / ISO 27001-aligned
Security readiness
Role-based access, audit logs, least-privilege service access, encrypted transport, retention jobs, and administrator review flows are implemented as product controls.
TRUST & COMPLIANCE
Trust Center
Last updated: 2026-04-18
Intrvio is designed for structured AI-assisted interviews where humans remain accountable for hiring decisions. This page describes the controls available today and the compliance posture we use in sales materials. We do not claim SOC 2, ISO 27001, or ISO 42001 certification unless a signed third-party report or certificate is available.
Security and privacy contact: hello@intrvio.com
Intrvio by FORLYZE LTD
Current readiness posture
GDPR / UK GDPR / KVKK supporting
Privacy workflows
Candidate notices, DPA support, data deletion requests, retention settings, privacy contact fields, and sub-processor transparency are available for customer review.
ISO 42001 / EU AI Act readiness
AI governance
GAIA outputs are advisory. Employer reviewers see transcripts, score rationale, and human review controls before making any hiring decision.
NYC LL144 / EEOC-oriented export support
Fairness evidence
Bias audit exports and review logs support independent auditors when a customer or jurisdiction requires external validation.
Compliance artifacts
How to read our claims
- • Certified means a current external report or certificate exists.
- • Ready or aligned means the product and internal controls are designed around that framework, but external certification is not being claimed.
- • Compliant is only used for customer-configurable workflows where the employer remains responsible for its own legal use.
- • Hiring decisions must remain with the employer's human reviewers, not with GAIA.
Current sub-processors
| Vendor | Purpose | Region | DPA | Status |
|---|---|---|---|---|
| Affinda2026-04-27 | Candidate CV parsing and document extraction | US/EU/AU | View | Active |
| ElevenLabs2026-04-27 | AI voice interview agent, speech processing, and interview conversation handling | US/EU | View | Active |
| OpenRouter2026-04-27 | LLM routing for evaluator and analysis workflows | US | View | Active |
| Resend2026-04-27 | Transactional email delivery | US | View | Active |
| Supabase2026-04-27 | Database, authentication, storage, and application backend infrastructure | US/EU | View | Active |
| Twilio2026-04-27 | SMS and phone verification delivery | US/EU | View | Active |
| Vercel2026-04-27 | Application hosting, edge middleware, and deployment infrastructure | US/EU | View | Active |
How we notify of changes
We provide 30 days advance notice before adding or replacing any sub-processor. Notifications are sent via email to billing/admin contacts on the account and published via RSS. Customers may object to a new sub-processor in writing within the notice period; where the objection cannot be resolved, customers may terminate the affected services.
Subscribe to changes
To receive sub-processor change notifications, subscribe by email. We only use this list for sub-processor announcements.
Subscribe via emailIntrvio by FORLYZE LTD · Company number 16937650 · Registered in England and Wales