Trust Center

Security Overview

Security and privacy are foundational to the design of Orvensa. The platform is built with a security-first architecture to protect candidate data and recruiting workflows while maintaining strict organizational isolation.

Operator: Kobenski BV

Brusselstraat 51, 2018 Antwerpen, Belgium

VAT / Enterprise number: BE0789853974

Last updated: March 2026

Security architecture

Orvensa is designed using a multi-tenant SaaS architecture where each organization operates within an isolated workspace.

  • API-based backend with authenticated request handling
  • Strict organization context resolution for API routes
  • Separation of organization data at the application layer
  • Dedicated billing infrastructure separated from applicant data

Organization data isolation

Each request to the API is evaluated within the context of a specific organization.

  • Requests include an organization identifier to determine workspace scope
  • Membership validation ensures users can only access organizations they belong to
  • Recruitment data such as applicants, jobs, and evaluations are always filtered by organization

Role-based access control

Access to sensitive actions is governed by role-based permissions.

  • Organization Owner – full administrative access
  • Administrators – manage team members and workflows
  • Members – limited operational access

Authentication and account protection

  • Email verification required for account activation
  • Secure password reset flows using expiring tokens
  • Email change confirmation with verification links
  • Security notifications for sensitive account changes

Audit logging and accountability

Important security-relevant actions within the platform are recorded for traceability.

  • Membership and organization changes
  • Account security actions
  • Sensitive operational events

Data protection controls

The platform includes mechanisms to support data protection obligations under GDPR.

  • Deletion of applicant records removes associated CV files
  • Support for rectification and restriction requests
  • Retention policies configurable by organizations
  • Scoped data exports for compliance workflows

AI governance and decision support

Orvensa includes AI-assisted evaluation tools intended to support recruiters.

  • AI outputs are advisory and do not represent automated hiring decisions
  • Recruiters remain responsible for final hiring decisions
  • Evaluation outputs are visible and reviewable by users

Infrastructure and service providers

Certain infrastructure services are provided by specialized vendors.

  • Stripe – billing and subscription management
  • SendGrid – transactional email delivery
  • AI inference providers used to generate evaluation insights
  • Cloud infrastructure providers for hosting and storage

Incident response

Security incidents are handled according to established response procedures.

  • Monitoring and logging used to detect abnormal activity
  • Affected organizations are notified when required
  • Incidents are documented and reviewed to improve system security