Transfer Impact Assessments (TIAs)
Summaries for Nova’s subprocessors to support customer restricted transfer assessments
Scope
We include providers that (a) may process candidate or user content and/or (b) involve transfers outside the EEA/UK. Hosting in AWS eu-west-2 is not a restricted transfer for UK Controllers but is listed for completeness.
OPENAI (API)
Data. Prompt text (CV excerpts), job context, model outputs (transient).
Purpose. Decision-support (scoring/explanations).
Locations. Primarily US.
Legal safeguards. SCCs (+ UK IDTA for UK data).
Technical/Org safeguards (Nova). TLS ≥1.2; at-rest encryption in Nova systems; least-privilege; PII scrubbing; presigned S3; no public S3 access; rate-limited egress; ATS-only boundary.
Provider posture. API data not used to train OpenAI models; retained ≤30 days for abuse monitoring unless ZDR is enabled.
Onward processors. OpenAI discloses subprocessors (e.g., cloud infrastructure).
Local-law note (US). Potential government-access under FISA 702/EO 12333 mitigated by: minimal necessary prompts, no long-term storage, no training, short retention, and encryption in transit.
Residual risk. Low for intended use. Conclusion: acceptable.
GOOGLE CLOUD VERTEX AI (GEMINI)
Data. Prompt text (CV excerpts), job context, outputs (transient; may include embeddings).
Purpose. Decision-support (scoring/explanations/embeddings).
Locations. EU/US depending on configured endpoints.
Legal safeguards. SCCs (+ IDTA for UK).
Technical/Org safeguards (Nova). As above.
Provider posture. Zero Data Retention configured; no training on customer data.
Onward processors. Google Cloud subprocessors per public list.
Local-law note (US endpoints, if used). Same analysis as OpenAI; mitigations as above.
Residual risk. Low with ZDR. Conclusion: acceptable.
MODAL.COM (serverless PDF→Markdown)
Data. Resume files in transit to the conversion function; markdown returned.
Purpose. Format conversion for indexing/search.
Locations. US/EU (per deployment).
Legal safeguards. SCCs via provider terms for cross-border transfers.
Technical/Org safeguards (Nova). TLS; no persistent volumes; ephemeral runtime only; outputs stored back in Nova systems; least-privilege service accounts.
Onward processors. Cloud infrastructure per Modal’s disclosures.
Local-law note (US). Same general analysis; mitigated by no persistent storage and transient processing.
Residual risk. Low. Conclusion: acceptable.
OPEN CAGE DATA (Geocoding) — optional
Data. Coarse location strings (e.g., city/country); no resume bodies.
Purpose. Geocoding for search filters.
Locations. EU/adequacy.
Legal safeguards. SCCs/adequacy as applicable.
Technical/Org safeguards (Nova). TLS; minimise inputs; short-TTL caching.
Onward processors. Per provider list.
Residual risk. Low. Conclusion: acceptable when enabled.
PROXYCURL (LinkedIn enrichment) — optional
Data. Public profile references or company/job IDs as configured; no resume bodies posted.
Purpose. Optional enrichment.
Locations. US/adequacy.
Legal safeguards. SCCs/adequacy as applicable.
Technical/Org safeguards (Nova). TLS; strict input minimisation; customer-enabled only.
Onward processors. Per provider list.
Local-law note (US). As above; mitigated by minimised inputs and no resume bodies.
Residual risk. Low. Conclusion: acceptable when enabled.
RESEND (Transactional email)
Data. Sender/recipient addresses; subject lines; transactional body content (e.g., invites). No ATS resume content.
Purpose. Email delivery.
Locations. US.
Legal safeguards. SCCs.
Technical/Org safeguards (Nova). TLS; DMARC/DKIM/SPF; minimal payloads; suppression-list hygiene.
Onward processors. Per provider list.
Local-law note (US). As above; low sensitivity data classes; mitigations as listed.
Residual risk. Low. Conclusion: acceptable.