FAIRNESS

FAIRNESS · LIVE ON 3 ROLES

Fairness is server-side. The product can't opt out.

Anonymisation runs in the database view, not the UI. Audit logs cannot be edited by anyone in the org — only the service role can mutate them, and only for GDPR erasure.

100%

Anonymised through shortlist

Demographic joins to scorecards

6 days

Median time-to-decision

183 / 183

Written outcomes sent

ANONYMISATION RULES · PROGRAMMES MANAGER

5 fields hidden through shortlist

Locked

Name

Replaced with Applicant A/B/C…

HIDDEN

Photo

Hidden in all reviewer surfaces

HIDDEN

Prior employers

Sector + size shown, names hidden

HIDDEN

School / university

Field shown, institution hidden

HIDDEN

Postcode

Region shown, full postcode hidden

HIDDEN

Pronouns

Shown — disclosed by the candidate

VISIBLE

Languages spoken

Shown — relevant to the scorecard

VISIBLE

AUDIT LOG · WRITE-ONCE

Today · 23 events

17:42

Receipt published

Finance Lead — hash 0x9c1f…ab27e3

14:08

Anonymisation rules updated

Postcode → region · by Priya N.

11:30

Unmask requested

Applicant B · approved at panel · by Mohamed B.

09:55

Scorecard locked

Comms Officer · 4 must-haves · by Mohamed B.

Yesterday

GDPR erasure

1 record · processed by service role

K-ANONYMITY · LIVE

Aggregate reporting only when k ≥ 5

Cohort breakdowns suppress rows where fewer than 5 respondents share a combination of attributes. You'll see “—” instead of a number you could re-identify from.

Min k

Re-id risk

Suppressed rows

DATA ISOLATION

DemographicResponse

Separate table · separate RLS

audit_event

No update or delete grants to app role

application_with_anonymisation

View, not raw table

CV storage

Signed URLs only · 5 min TTL