Welcome to the TechWolf Trust and Security Center
Comprehensive information about TechWolf's security practices, compliance certifications, data protection policies, and responsible AI governance.
Compliance and certifications
Independent audits and compliance certifications
SOC 2 Type 1
Certified
SOC 2 Type 2
Certified
ISO 27001
Certified
ISO 42001
Certified
Security & Infrastructure
Technical security controls and infrastructure safeguards
Data Encryption
All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Encryption keys are managed through AWS Key Management Service (KMS) with HSM-backed key protection.
Infrastructure Security
Infrastructure hosted on Amazon Web Services (AWS) with SOC 2 Type II certified data centers in the United States and European Union. Multi-region deployment with configurable data residency options.
Access Controls
Role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO) support via SAML 2.0 and OAuth 2.0 protocols.
API Documentation
Technical API documentation including authentication protocols, rate limiting policies, endpoint specifications, and integration examples.
Security Monitoring
24/7 security monitoring with real-time threat detection and automated incident response. Annual penetration testing by independent third-party security firms, with continuous vulnerability scanning.
Vulnerability Management
Continuous security scanning, regular security audits, and a responsible disclosure program. Critical patches deployed within 24 hours of discovery.
Security Policies
Comprehensive security policies including incident response plans, business continuity procedures, and employee security training programs.
Data Residency
Customer data is stored in AWS data centers located in the United States and European Union. Data residency options are available to meet regional compliance requirements including GDPR.
Privacy and Data Protection
Data processing practices and privacy controls
%201.svg){kind=icon}
Data usage
Data processing limited to service delivery and contractual obligations. No sale of customer data to third parties. Processing activities detailed in Data Processing Agreement.
%201.svg){kind=icon}
Data Retention
Documented retention schedules with automated deletion procedures. Data subject rights including erasure requests processed within 30 days. Backup retention aligned with operational requirements.
%201.svg){kind=icon}
User Rights
GDPR compliance including data subject rights: access, rectification, erasure, portability, restriction, and objection.
Availability and uptime
Service availability and disaster recovery capabilities
High Availability
Multi-region deployment architecture with automatic failover capabilities. Load balancing across availability zones with redundant infrastructure components.
%201.svg){kind=icon}
Disaster Recovery
Comprehensive disaster recovery plan with Recovery Time Objective (RTO) of 4 hours and Recovery Point Objective (RPO) of 24 hours. Regular DR drills conducted periodically to ensure readiness.
Status Page
Public status page with real-time system metrics, historical uptime data, scheduled maintenance windows, and incident reports. Multiple notification channels available.
Responsible AI principles
Ethical frameworks and governance for AI systems
ISO/IEC 42001: 2023 Certified
TechWolf is certified to ISO/IEC 42001:2023, the international standard for Artificial Intelligence Management Systems (AIMS), demonstrating systematic governance of AI development, deployment, and lifecycle management.
Fairness & Bias Mitigation
Rigorous testing for bias across protected characteristics. Diverse training data sets and regular fairness audits. Transparent documentation of model limitations and potential biases.
Transparency & Explainability
Clear documentation of AI model decisions. Explainable AI techniques to provide insight into recommendations. Users can understand how and why decisions are made.
Privacy by Design
AI models built with privacy-preserving techniques including differential privacy, federated learning, and data minimization. No personal data used in model training without explicit consent.
Human Oversight
Human-in-the-loop validation for critical decisions. AI augments human judgment rather than replacing it. Clear escalation paths for challenging or uncertain cases.
Accountability
Clear governance structure with defined roles and responsibilities. Regular ethics reviews and impact assessments. Third-party audits of AI systems for bias and fairness.
Social Impact
Consideration of broader societal implications of AI deployment. Commitment to beneficial AI that supports human welfare and dignity. Ongoing dialogue with stakeholders and civil society.
Our AI model lifecycle
Model development and operational procedures
Development & Training
Curated, diverse, and representative training datasets
Version control and reproducibility standards
Rigorous data quality and bias assessments
Documented model architecture decisions
Testing & Validation
Comprehensive test suites for accuracy and fairness
A/B testing and controlled rollouts
Adversarial testing for robustness
Performance monitoring across demographics
Deployment
Staged rollout with monitoring at each phase
Real-time performance tracking and alerting
Automated rollback capabilities
Clear incident response procedures
Monitoring & Maintenance
Continuous monitoring for drift and degradation
Feedback loops for continuous improvement
Regular retraining with updated data
Quarterly model audits and reviews
Frequently asked questions
Technical details on AI implementation and controls
Does TechWolf engage in automated decision-making?
No, TechWolf's AI is not used for fully automated decision-making. AI insights augment human decision-making processes, as part of existing processes within the customer organization, ensuring data-enhanced decision-making with human oversight and accountability.
How does TechWolf avoid bias in its AI systems?
TechWolf's system is split into skill inference and skill-based recommendations, with bias mitigation in place for both. The models are trained on manually curated in-house datasets void of PII. We do not train models on resumes or personal data, and we don't train based on historical employment decisions to mitigate the risk of learning societal bias. The system undergoes an end-to-end bias audit before each AI update, encompassing (but not limited to) New York City Local Law 144. Each AI update requires a positive audit outcome before it can be released.
What tools are available to customers for bias testing?
Upon request, TechWolf provides a Bias Testing Toolkit that allows customers to evaluate fairness in specific use cases, performs fairness metric calculations and generates detailed reports, and aligns with regulations like NYC Local Law 144.
Can TechWolf provide examples of explainability?
Yes. For each AI recommendation – such as suggesting a candidate for a job – the system displays the specific skill overlaps and missing skills that led to the match. This ensures users can understand and trust the reasoning behind every suggestion. For each suggested skill in an employee or job profile, the system presents evidence of where it was identified, in the form of a list of input documents.
How does TechWolf maintain human control over AI?
TechWolf maintains human control through transparency and human-in-the-loop processes. AI outputs are explainable, enabling users to understand the reasoning behind recommendations. Decisions, including skill validation and governance, are made by humans, with AI acting as a supportive tool to do the heavy lifting.
How does TechWolf monitor AI performance after deployment?
TechWolf uses an AI Health Map to continuously track performance metrics such as accuracy, fairness, and drift. If anomalies are detected, they are flagged for immediate review, and updates are deployed as necessary. Customers are informed of major updates that may affect functionality.
What types of data are used to train TechWolf's models?
TechWolf's models are trained on: (1) publicly available vacancy data; and (2) curated datasets created in-house to represent various industries and roles. This ensures the models are unbiased, fair, and relevant across different applications. We do not train models on customer data without using proper anonymization and aggregation.
