Engineered for the most sensitive data your HR team handles.
ConductPath processes conduct allegations, witness testimony, mitigating circumstances and protected-characteristic data. Our posture is structurally engineered to meet that bar.
Non-negotiable defaults on every deployment.
UK-region hosting
Hosted on AWS eu-west-2 (London). No data transfer outside the UK without customer-specific consent.
UK GDPR by design
You are the data controller. ConductPath is your data processor under an Article 28 DPA executed at contracting.
Encryption
TLS 1.3 in transit and AES-256 at rest. Access on a least-privilege principle, logged and auditable.
Tenant isolation
Enforced at the application layer with per-request scoping. Logged access by ConductPath personnel is auditable.
No training on your data
Frontier-model API use governed by commercial DPAs with explicit no-training-on-customer-data clauses.
Export and deletion
Full customer-data export and deletion supported at termination per MSA Section 5.
On a defined path to the standards mid-market procurement expects.
Standard baseline for UK public-sector-adjacent procurement.
Target for scale-tier and enterprise procurement processes.
Independent testing published to customers on request.