Your Data is Not Our Product.

We built Distill with a "Zero-Retention" architecture. We process your files in memory and delete them instantly. We never sell, store, or train AI models on your candidate data.

The Lifecycle of a Document.

Unlike traditional ATS platforms that hoard your data, Distill acts as a ephemeral processing pipe. Here is exactly what happens when you send us a resume:

1

Transmission

The file is uploaded via TLS 1.2+ encrypted tunnel.

2

Processing

The file is loaded into ephemeral memory (RAM) in an isolated, serverless environment.

3

Transformation

Our engine redacts PII or reformats the layout.

4

Delivery

The result is emailed back to you immediately.

5

Destruction

Both the original and the processed files are permanently deleted from our infrastructure.

"We do not maintain a database of your candidates. Once the work is done, the data is gone."

⚖️ Regulatory Compliance.

CCPA & CPRA (California Privacy Rights)

Distill is fully compliant with the California Consumer Privacy Act (CCPA). Since we act as a "Service Provider" and do not retain, sell, or share personal information for marketing purposes, using Distill helps agencies minimize their data footprint and liability under California law.

EEOC & OFCCP (Fair Hiring)

For US staffing agencies, Distill is a tool to ensure compliance with Equal Employment Opportunity Commission (EEOC) guidelines. By programmatically stripping protected class information (names, photos, zip codes) before a hiring manager sees the resume, we help you demonstrate a bias-free selection process.

🔒 Bank-Grade Security.

Encryption in Transit

All data sent to and from Distill is encrypted using TLS 1.2 (Transport Layer Security) or higher.

Encryption at Rest

During the brief seconds your data exists in our processing queue, it is encrypted using AES-256 standards.

Cloud Provider

Our infrastructure runs on AWS (Amazon Web Services), utilizing US-based data centers that adhere to SOC 2 Type II, ISO 27001, and FedRAMP standards.

Serverless Isolation

We use function-as-a-service architecture. Every resume is processed in its own isolated container, preventing cross-contamination of data between clients.

No Training on Your Data.

We do not use your submitted resumes to train public Large Language Models (LLMs). Your candidates remain your proprietary intellectual property. Our parsing models are pre-trained and fixed; they do not "learn" from your confidential uploads.

🚫

Authorized Sub-processors.

To provide our service, we rely on a minimal set of trusted infrastructure partners:

Amazon Web Services (AWS)

Cloud Hosting & Compute

Stripe

Payment Processing

AWS SES

Transactional Email Delivery

Report a Security Issue.

We take the security of our systems seriously. If you believe you have found a vulnerability in Distill.cv, please report it to us immediately. We practice responsible disclosure.

security@distill.cv