Security & Compliance
Built for the audit before it happens.
Kordis handles workforce data and automated outbound calls—two of the most heavily scrutinized categories in enterprise software. Here’s how we handle it.
- TCPA Approach
- Consent verification and opt-out handling built into every sweep
- Data Encryption
- Encryption in transit and at rest via our cloud infrastructure
- Compliance Documentation
- Detailed posture available under NDA during procurement
TCPA & consent handling
The Telephone Consumer Protection Act governs every automated outbound call Kordis places on behalf of the staffing firm that owns the candidate relationship. Before the Operator dials a candidate, Kordis checks that a consent record is on file. Without consent, the Operator does not dial.
Candidates can opt out at any point during a call. The Operator recognizes opt-out language and updates the candidate’s Do-Not-Call status in the Terminal. Opt-out changes propagate to every subsequent sweep—a candidate who opts out of a morning shift call will not be dialed by any later campaign.
Data handling
Candidate data, call transcripts, and extracted variables are encrypted in transit and at rest using standard mechanisms provided by our cloud infrastructure. Call recordings are retained for a configurable window to support dispute resolution, then permanently deleted. Customers control retention windows at the campaign level.
Multi-tenant architecture
Every customer’s data—candidate lists, transcripts, extracted variables, campaign history—is isolated from every other customer’s data at the database level. Cross-tenant access is not possible by design. Administrative actions in the Terminal generate audit log entries that are retained for the life of the account.
Compliance documentation & procurement
Kordis is early-stage and treats enterprise security as an ongoing commitment rather than a completed checklist. Detailed compliance documentation—our data handling practices, infrastructure architecture, incident response process, and data processing terms—is available under NDA during procurement.
For customers with specific compliance requirements (HIPAA for healthcare staffing, state-level consumer protection frameworks, custom DPAs), we work directly with your procurement and legal teams during onboarding. We’d rather have a real conversation with your security team than post generic claims on a public page.
Data processing addendum
A standard DPA covering data handling, sub-processor obligations, and breach notification is reviewed and executed during enterprise onboarding. Custom addenda are welcome during contract review.
Detailed posture available under NDA.