Security and compliance, built in.
Cleo handles identity, background, drug, and I-9 data — the most sensitive parts of hiring. We protect it with enterprise-grade security and run every check inside the rules that govern it.
How we protect the data.
Sensitive candidate data deserves more than a checkbox. Here's how Cleo keeps it safe.
Encrypted end to end
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Sensitive fields get additional protection.
SOC 2
Independently audited security controls covering security, availability, and confidentiality.
Least-privilege access
Role-based access controls, SSO, and audit logging — people see only what their job requires.
Hardened infrastructure
Hosted on enterprise cloud infrastructure with network isolation, backups, and continuous monitoring.
Tested & monitored
Regular penetration testing, vulnerability scanning, and 24/7 monitoring with a defined incident-response plan.
Vetted sub-processors
Every lab, screening, and infrastructure partner is reviewed and bound by data-protection agreements.
Every check, inside the rules that govern it.
Cleo is built around the laws that turn a hire into a liability — so a busy operator doesn't have to track them.
Background & FCRA
Standalone disclosure, authorization, and the full adverse-action workflow, run by the book.
See background checks →Biometric privacy
Consent before capture, defined retention and destruction, never sold — built around BIPA, CUBI, and state laws.
See identity verification →I-9 & E-Verify
Anti-discrimination safeguards, TNC due process, and audit-ready retention to federal rules.
See I-9 / E-Verify →Drug screening
DOT vs. non-DOT kept correct, MRO review, and state cannabis rules applied by work location.
See drug screening →Data privacy
Built to support CCPA/CPRA and state privacy laws, with candidate access and deletion rights.
Privacy policy →Fair chance & EEOC
Ban-the-box timing and individualized-assessment support, applied by state and locality.
Learn more →We protect the worker, not just the employer.
Frontline workers hand over their most sensitive information to get hired. We treat it like it matters — because it does.
Doing diligence? Here's everything you need.
For security and procurement teams reviewing Cleo, request our documentation and we'll share it under NDA.
- SOC 2 report →
- Data Processing Agreement (DPA) →
- Security whitepaper →
- Sub-processor list →
Verified hiring you can trust — and prove.
See how Cleo protects candidate data and keeps every check compliant, from a single sign-off to an enterprise security review.
Cleo is built to support compliance with the FCRA, BIPA and other biometric-privacy laws, I-9 / E-Verify, DOT, and applicable state and local rules. This page is informational and is not legal advice.