Trust is the product. Every AI output at Zorvis has a plain-language explanation, a confidence band, and a contestability path for the person it describes. These are non-negotiable product requirements, not aspirations.
Part of Zorvis - the people platform for India and UAE companies.
OUR PHILOSOPHY
Most AI hiring products treat ethics as a marketing slide. We've built ours into the product schema, the API contracts, and the database constraints. If we wanted to violate one of these principles, we'd have to rewrite the system.
That isn't because we're better people than anyone else. It's because we serve SMEs in India and UAE — markets where data abuse, surveillance, and algorithmic discrimination have real and lasting consequences for candidates and employees. The trust gap with technology is already wide. We refuse to widen it further.
"AI ranks — human decides. Always. No candidate is rejected by an algorithm. Every decision is made by a person who can see the full context, override any score, and add their own judgment. The score is an input, not a verdict."
16 NON-NEGOTIABLE PRINCIPLES
These are not aspirational guidelines. They are product requirements baked into Zorvis at the schema layer. If a future feature would violate any of these, we won't ship it.
Strip name, photo, address, and graduation year before AI embedding. HR sees a ranked skills profile first; identity is revealed only when HR chooses to view.
Test composition is determined by role category. Blue-collar tests are not white-collar tests. Regional language options. Connection speed factored into timing tolerances.
Show 68–74, never 73. All four score components are always visible on the candidate card — never hidden in a hover tooltip. BGV minor flags do not permanently depress composite scores across roles.
Camera proctoring is genuine opt-in with plain-language explanation. Decline shows an 'unproctored' flag for HR context only — never auto-rejects, never feeds the composite score. Speed scoring removed from composite entirely. Camera snapshots auto-delete after 30 days.
Minimum 2-rater agreement before data enters ML training. Objective signals checked alongside subjective manager ratings. Manager anomaly detection. Quarterly demographic correlation audit on every model output.
Manager writes their own performance review draft first. AI suggestion is shown only after, clearly labelled 'AI suggested'. This prevents anchoring and preserves manager judgment.
Any non-CLEAR background verification result triggers a candidate notification and response window before HR makes a final decision. The candidate sees the flag and can contest it.
Every rejection message includes 'Reply DELETE to erase your data immediately.' Camera snapshots auto-delete after 30 days, always. All data is auto-deleted at the 12-month DPDP retention boundary.
Referral candidates enter the identical pipeline with identical scoring — no preferential treatment. HR is flagged when referrals exceed 40% of hires in any department in any rolling 3-month period.
Performance Improvement Plan templates require documenting the SUPPORT the company will provide alongside employee milestones. Both manager AND HR Admin must approve before issuance. Employee receives a copy immediately.
Always show ranges, never single averages. Demographic breakdowns where data exists. The benchmark itself is flagged when it shows internal variance suggesting historical pay bias.
Employees have full read access to their own digital twin at all times. Plain-language explanation for every score. 18-month signal decay. Employee annotation rights. Exit means individual scores are deleted.
NO individual attrition risk score. Ever. NO named person in any HR alert. Ever. NO risk score in any employee record. Team health score replaces individual risk score — a permanent product invariant.
Interviewer calibration data is shown only when n>20. Always with confidence interval. Coaching framing only — never used as performance evaluation of the interviewer.
Exit interview responses are visible to HR Admin only — never to direct manager. Trend data is shown without naming individuals. 90-day post-exit survey for honest data after the relationship is over.
Employees are informed if they are in a succession plan. Readiness labels are shared with the employee. Labels are reviewed every 6 months. 'Ready in 3 years' triggers development support, not deprioritisation.
SECURITY ARCHITECTURE
Every layer of the stack assumes your data is the most valuable thing on the platform — because it is.
AES-256 SSE on all S3 buckets — candidate documents, test data, recordings. PostgreSQL Transparent Data Encryption enabled by default at the database layer.
TLS 1.3 enforced for every API call and web request. Cloudflare SSL termination. HSTS headers site-wide. No plain HTTP anywhere in the stack.
Multi-tenancy enforced via PostgreSQL Row-Level Security. Every single table has an RLS policy. Company A cannot query Company B data even if the application layer has a bug.
Test invitation links use JWT RS256 signed tokens with a 48-hour expiry. Tokens are invalidated server-side on first use — they cannot be reused or replayed.
DATA RESIDENCY
The region flag is set when you sign up and is immutable. India data never touches UAE infrastructure. UAE data never touches Indian infrastructure.
All India company data stored exclusively in Mumbai. Indian candidate data never processed outside India. DPDP Act 2023 compliant.
All UAE company data stored exclusively in Bahrain. No cross-border data transfer without explicit consent. UAE PDPL compliant.
REGULATORY COMPLIANCE
Compliance isn't a feature we ticked off. It's how the database is structured, how consent is captured, and how data flows through the system.
PERMANENT BOUNDARIES
Some product decisions are permanent. These are ours.
Zorvis will never make autonomous hiring decisions. AI ranks with explainable scores. A human always makes the final call. EU AI Act, India DPDP, and UAE PDPL all require human oversight — and so do we.
Zorvis will never produce a 'flight risk' score for any individual employee. Not as an internal feature, not under enterprise pressure, not at any price. Surveillance creates fear, damages culture, and alienates the people you depend on. Team health scores at department level are the ceiling.
Candidate data collected for hiring assessment is used only for hiring assessment by the company that collected it. It is not shared with other companies, not sold to recruiters, not used for advertising. This is a structural commitment, not a marketing line.
Camera proctoring will always be opt-in. Declining will never auto-reject a candidate. Speed scoring will never be a composite component. We will not build proctoring features that punish candidates for honest declines.
We answer every privacy or security question publicly and in detail. No legal-team-runaround.