Guide
Guide is the ultimate AI-powered interview scheduling assistant, designed to help recruiting teams streamline coordination, eliminate scheduling conflicts, and enhance the candidate experience—all within Slack.With Guide, you can effortlessly schedule interviews, resolve meeting conflicts in real time, and ensure seamless coordination between recruiters, hiring managers, and interviewers. Our intelligent automation takes care of the back-and-forth, so your team can focus on what truly matters: building great relationships with top talent.Key Features::white_check_mark: Automated Interview Scheduling – Instantly find the best available times for interviews, taking into account interviewer availability, time zones, and scheduling preferences.:white_check_mark: Conflict Resolution – Detect and resolve scheduling conflicts before they become a problem, ensuring a smooth interview process.:white_check_mark: Day-of Interview Reminders – Send automated reminders to candidates and interviewers, reducing no-shows and last-minute confusion.:white_check_mark: Seamless Coordination – Effortlessly manage interviewer assignments, reschedule interviews when needed, and keep everyone informed—all without leaving Slack.:white_check_mark: Candidate-Centric Experience – Provide a frictionless and professional interview process that reflects positively on your employer brand.By integrating Guide into Slack, your recruiting team can move faster, reduce manual scheduling work, and create a world-class hiring experience—without the hassle.To learn more about Guide's pricing or book a demo, visit our pricing page: https://www.guide.co/pricing-3
Guide will be able to view:
Guide will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Privacy & data governance
Data retention policy
Guide retains customer data, including Personally Identifiable Information (PII), only as long as necessary to fulfill service requirements and contractual obligations.
Retention timelines may vary based on the type of data and its use; however, customer data is not stored beyond what is needed for the purpose of providing services or as required by law.
// Compliance and Legal Hold
In cases where data must be retained to comply with specific legal requirements or litigation holds, Guide will securely retain this data beyond standard periods until such obligations are met.
// Security Measures for Retention
All data stored by Guide, including during its retention period, is encrypted in transit and at rest, according to Guide's Encryption Policy
Data archiving and removal policy
// Data Deletion and Disposal
Customer-Initiated Deletion: Customers can delete data within Guide's platform, triggering the safe and complete removal of this data from all active systems within a reasonable time.
Automated Deletion: Certain data, particularly data that is no longer actively used, may be purged automatically as per the system's maintenance cycles to ensure data minimalism and security.
Request-Based Deletion: In compliance with GDPR, upon request, Guide will delete user records, including PII, from active databases within 30 days of receiving the request. Any associated data within sub-processor platforms will be removed in accordance with GDPR obligations.
// Archived Data and Backups
Guide maintains periodic backups to ensure data integrity and disaster recovery. Data from these backups is retained temporarily, strictly for backup and recovery purposes, and is subject to a maximum retention period of 30 days unless otherwise mandated by regulatory requirements.
Archived data retained beyond this period is stored in anonymized form where feasible, ensuring no identifiable PII is retained.
Data storage policy
Guide policy requires that:
- Data must be handled and protected according to its classification requirements and following approved encryption standards, if applicable.
- All Production Systems must disable services that are not required to achieve the business purpose or function of the system.
- All access to Production Systems must be logged.
/** Data Protection Implementation and Processes **/
// Customer Data Protection
Guide hosts on Amazon Web Services (AWS) in the us-east region by default.
All Guide employees adhere to the following processes to reduce the risk of compromising Production Data:
- Implement and/or review controls designed to protect Production Data from improper alteration or destruction.
- Ensure that confidential data is stored in a manner that supports user access logs and automated monitoring for potential security incidents.
- Ensure Guide Customer Production Data is segmented and only accessible to Customers authorized to access data.
- All Production Data at rest is stored on encrypted volumes using encryption keys managed by Guide.
- Volume encryption keys and machines that generate volume encryption keys are protected from unauthorized access. Volume encryption key material is protected with access controls such that the key material is only accessible by privileged accounts.
// Access
Guide employee access to production is guarded by an approval process and by default is disabled. Production access is reviewed by the CTO on a case by case basis.
// Separation
Customer data will be logically separated at the database/datastore level using a unique identifier for the customer. The separation is enforced at the API layer where the client must authenticate with a chosen account and then the customer unique identifier is included in the access token and used by the API to restrict access to data to the account. All database/datastore queries then include the account identifier.
// Data Leakage Prevention
Guide uses monitoring tools on Production Systems to identify and report unusual data movement in critical systems. These mechanisms will be configured to prevent data leakage (e.g., through email or other messaging technologies) and generate audit logs and alerts.
// Monitoring
Guide uses AWS CloudWatch, DataDog and Sentry to monitor the entire cloud service operation (monitoring and internal reporting capabilities are used to report on cryptographic operations, encryption, and key management policies, processes, procedures, and controls). If a system failure and alarm is triggered, key personnel are notified by Slack and/or email message in order to take appropriate corrective action.
Guide uses a security agent to monitor production systems. The agents monitor system activities, generate alerts on suspicious activities and report on vulnerability findings to a centralized management console.
/** Data At Rest **/
// Encryption
All databases, data stores, and file systems are encrypted according to Guide's Encryption Policy.
// Retention
Stored data will follow Guide’s Data Retention Policy, Asset Management Policy and Data Classification Policy in compliance with statutory, regulatory, and business requirements.
// Data Deletion
Stored sensitive data that is no longer required will be properly deleted in accordance with Guide's business objectives, retention policies, applicable laws and regulations, and relevant third-party agreements.
Guide will securely delete sensitive data in line with its data retention policy and use secure disposal methods as appropriate for the data type.
Data center location(s)
United States
Data hosting details
Cloud hosted
Data hosting company
AWS
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
no
Certifications & compliance
GDPR commitment
Data deletion request procedure
Occasionally, users or prospects may reach out with a request to be ‘forgotten’ per GDPR. These requests are made to the privacy@guide.co email address. The procedure is as follows:
A security officer is assigned deletion of the candidate in Linear, with a 30 day due date. The security officer will take the following steps:
- Create an entry in the GDPR Recordkeeping Log
- Record Deletions:
- Delete records from the user table based on the unique keys of the user (where applicable)
- Additionally, delete the relevant Candidate and associated Guides based on the unique keys of this candidates PII (candidateId, email, social profile urls).
- Request subprocessor removal per GDPR to Greenhouse. Once they update their records, we will propagate the changes to our mirrored tables
- Record the following in the Recordkeeping Log
- PII removed
- Subprocessors notified
- Date requested
- Date removed
- Requested By
- Requested on Behalf Of (prospects only)
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2024-10-07
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Okta, Google Workspace
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
no
Contact for security issues
security@guide.co
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
no
Requires third party authorization/connections
yes
Uses token rotation
no