Security

This page describes how we handle data submitted through truelevel. If you have specific security requirements or need to complete a vendor questionnaire, contact us directly.

Data handling

When you submit an evaluation, you provide an artefact—typically a link to a code repository or an uploaded archive. This artefact is the primary data we process.

  • Artefacts are stored in isolated environments during the evaluation process.
  • Data is encrypted in transit using TLS.
  • You control what data you submit. We recommend removing unnecessary personal information from artefacts before submission.

We do not use submitted artefacts to train models or for purposes beyond delivering your evaluation.

Access controls

Access to evaluation data is restricted based on role and need.

Client console

Your team accesses evaluations through an authenticated dashboard. Each user authenticates individually, and access is scoped to your organisation's submissions only.

Reviewer console

Reviewers access a separate interface that shows only the artefact and evaluation criteria. They do not see your organisation name, candidate names, or other identifying information.

Administrative access to infrastructure follows a least-privilege model. Access is logged for audit purposes.

Retention

We aim to retain data only as long as necessary for the service.

  • Artefacts are deleted after evaluation completion, typically within 30 days. Exact timing may be configurable based on your requirements.
  • Evaluation reports are retained so you can access them from your dashboard. You may request deletion of specific reports at any time.
  • Deletion requests can be submitted via email. We process these promptly and confirm once complete.

If you have specific retention requirements (shorter or longer), discuss this with us during onboarding.

Confidentiality

Reviewers are bound by confidentiality obligations. They are contractually prohibited from:

  • Copying, downloading, or retaining artefact content beyond the review session
  • Discussing evaluation content with anyone outside the truelevel review process
  • Attempting to identify candidates or client organisations

Our review interface is designed to minimise data exposure. Reviewers see only what is necessary to complete the evaluation.

Logging and auditability

We maintain logs of key actions: submission events, reviewer assignments, report generation, and data access. These logs support internal review and can be referenced if you have questions about a specific evaluation.

Security questionnaire?

If your procurement or security team requires a formal questionnaire or additional documentation, contact us. We're happy to work through your requirements.

security@truelevel.devRequest pilot