Karat Customer FAQs
Karat places the highest priority on the integrity of our platform and assessment processes, inclusive of the security and privacy of customer and candidate information. The resources below address the most common questions across our legal, privacy, security, and delivery functions.
Frequently Asked Questions
- Data Privacy 
- Compliance 
- Legal 
- Interview Engineer (IVE) Community 
- Assessment Integrity 
- Information Security 
- As outlined in Karat’s DPA, customers share with Karat personal information regarding candidates as necessary to schedule an interview and provide the services. Customers are required to provide a candidate’s full name and email address; they may also optionally share a candidate’s phone number, resume data and outcome of the candidate’s application (aka candidate disposition data). The customer is a controller with respect to this candidate personal information. - Karat also collects personal information directly from candidates or in connection with their use of the services pursuant to the Karat Privacy Policy. With respect to these instances of a candidate’s personal information, Karat is a controller. Candidates determine how Karat processes that information, particularly their interview results. Karat’s use of this candidate personal information is outlined in our Privacy Policy which is acknowledged and accepted by all candidates prior to scheduling an interview or other assessment. Candidates can request access to or deletion of their interview results or other personal data as outlined in the Privacy Policy. 
- Karat serves as controller of candidate data so that we can provide the highest quality service to customers and candidates. Candidates may be assessed by Karat multiple times, and we need to keep candidate data so we can match candidates to their prior history with Karat. We want to ensure that candidates do not see the same content in any subsequent interview so that we can provide the strongest possible hiring signal. Additionally, this allows us to accelerate candidates in a customer’s funnel that we are able to identify as having already met the customer’s hiring bar. 
- When scheduling a Karat Core interview, Karat collects the following information from candidates: - Candidate Data - Why do we collect the data? - To whom is it visible? - Required/Optional - First name - To personalize the interview experience - Karat, customer, interviewer - Required - Last name - To personalize the interview experience - Karat, customer - Required - Email - Email interview confirmation, scheduling reminders, as a unique identifier in the Karat environment - Karat, customer - Required - Phone - SMS scheduling reminders, to troubleshoot technical issues during the interview - Karat, customer - Optional - Pronouns - To personalize the interview experience - Karat, interviewer - Optional - Disability accommodation needs - To personalize the interview experience - Karat, interviewer - Optional - Race/Ethnicity - To conduct audits and impact assessments - Karat - Optional - Gender - To conduct audits and impact assessments - Karat - Optional - Links to social media & GitHub profiles - To build the candidate profile - Karat - Optional - In addition, in the course of performing a Core interview, Karat generates (a) a video recording; (b) a code playback recording; and (c) interview report including an overall recommendation and a quantitative score plus written feedback on the candidate’s response to each question within the interview. (The interview report may optionally include a comprehensive interview summary). The video recording and code playback are accessible only within the Karat platform and not downloadable by customers. Karat licenses the interview report to a customer during the term of their relationship with Karat; following the termination or expiration of any relationship, a customer may retain the Karat recommendation and quantitative interview scores in their environment. 
- It is always optional for candidates to provide demographic data such as gender, race/ethnicity or disability status. That said, Karat does not customize its data collection or processing practices on a customer-by-customer basis. Karat and candidates are forming a direct data subject to controller relationship which exists outside of any one customer request to perform an interview or assessment. As such, Karat and customers need a consistent experience and set of terms (the Karat Privacy Policy) to apply to all their interactions, particularly as candidates build a profile with Karat as they complete multiple assessments over time. More specifically, demographic data such as gender and race/ethnicity is voluntarily collected so that we can conduct audits and impact assessments as may be required by law or our customers. 
- No. The video and audio of Karat interviews are exclusively available for viewing on our platform, but not for download. 
- The IVE is provided with only the candidate first name, candidate pronouns and disability accommodation needs in order to personalize the interview experience for the candidate. Candidate pronouns and disability accommodation needs are never explicitly shared with customers via the Karat platform or interview report. Furthermore, candidate responses to questions about race/ethnicity and gender are never shared with IVEs or customers. 
- Karat strongly encourages candidates to turn on their camera during Karat interviews to provide the best possible outcome for candidates and customers. Live video allows the IVE conducting the interview to better engage with the candidate in order to get the best possible assessment of the candidate’s technical skills. Additionally, lack of candidate video may inhibit Karat’s ability to complete its quality control process to both ensure fair treatment for candidates and identify any instances of cheating. That said, in the event a candidate does not wish to appear on camera during the interview, they may simply turn off their camera during the interview. - Regardless of a candidate’s decision to appear on camera, all Karat interviews (including the interview audio and code playback) are recorded. A recording of the interview environment, particularly the audio and code playback, is essential to our ability to align with customers on their talent quality expectations and to provide a comprehensive, consistent assessment of each candidate. 
- Candidates can request that any or all of their personal information be deleted by emailing such a request to privacy@karat.com. For identification purposes, candidates must use the same email address originally provided to Karat when scheduling the applicable interview. 
- Karat deletes candidate data upon the request of the candidate or after a maximum of 5 years from the date of the interview. 
- Our cloud storage provider, AWS, is trusted by some of the most security-conscious organizations in the world. AWS data centers are also ISO 27001 certified and SOC 3 security reports are available. All data is hosted in Amazon AWS US West-2 (N. California) and East (N. Virginia) (entirely within the United States). 
- Karat has employees and contractors with access to customer data and candidate data in several countries outside of the US. Karat is happy to provide a current list of countries during our contracting and due diligence process. Karat IVEs are located around the world; however, IVEs do not have access to customer data. 
- Karat complies with global data privacy regulations, including but not limited to EU, UK and Swiss GDPR and applicable US state privacy laws including CCPA and VCDPA. Karat is also certified under the EU – US Data Privacy Framework. Our DPA details our responsibilities under these privacy laws as a processor of customer data, and the technical, organizational, and administrative procedures we have put in place to protect the personal data we process on behalf of our customers. Our security and privacy measures are continuously monitored and enhanced by our privacy information security teams in accordance with the ever-evolving global privacy and cybersecurity threat landscape. 
- Karat retains customer data as agreed to under its contract with the customer, typically deleting or anonymizing and aggregating all data provided by a client within 30 days after they become inactive. Karat retains candidate personal data for as long as a candidate has an active account (but in no event longer than five years from the candidate’s last date of activity). In certain cases, we may retain data longer to comply with legal obligations, resolve disputes, or as permitted by applicable law. 
- Karat implements and maintains commercially reasonable and industry-standard administrative, physical, organizational, and technical safeguards. These measures are designed to prevent unauthorized use, access, processing, destruction, loss, alteration, or disclosure of personal data. Access is restricted to individuals with a “need to know” basis. Please see the Information Security subsection of the Trust Center for more information. 
- Karat maintains records to demonstrate compliance with data protection obligations and allows for customer audits as agreed to under contract. Privacy reviews and DPIAs are conducted as needed to ensure ongoing compliance. 
- Karat collects demographic data such as gender, race, ethnicity, and disability status from candidates. This information is used to provide and improve our Services, including to comply with regulatory requirements applicable to employers and their vendors. Karat is committed to handling all personal data, including sensitive data, in accordance with applicable data protection laws. 
- Karat complies with global data privacy regulations, including by not limited to UE, UK and Swiss GDPR and India’s DPDPA. With respect to the cross-border transfer of data, Karat certified under the EU – US, UK – US, and Swiss – US Data Privacy Framework. We will also transfer data to the US and other jurisdictions pursuant to the EU or UK standard contractual clauses as detailed in our Data Processing Addendum. 
- Karat’s proven methodologies systematically reduce bias from the interview process. These methods include: - Consistent pool of equivalent content sets presented to all candidates
- Detailed scoring rubrics ensuring all candidates are evaluated equivalently
- Deeply trained interviewers (including training on anti-bias) held to clear and strict guidelines
- Quality control process with a second interviewer validating scoring
- Recommendation based exclusively on objective technical performance
 - In addition, Karat’s content governance team regularly conducts statistical analyses and other research to evaluate the validity, reliability and fairness of Karat assessments and adjust our content library as needed. Karat will share such reports under an NDA upon request or will partner with customers to perform specific analyses as needed. 
- Yes, Karat leverages AI in two key aspects of its offering. First, Karat uses a third-party LLM to organize and format data such as candidate geography, industry, employment history and educational history pulled from candidate resumes. This data forms the foundation of the strategic talent insights we provide our customers. Second, Karat customers have the ability to leverage AI interview summarization for Karat Core and Karat Focus assessments. Specifically, Karat uses an LLM to synthesize data from the IVE’s interview report and the final recommendation, resulting in a written interview summary for the customer. Candidate PII is not shared with the LLM, and the LLM does not train on the data inputs. This AI summary feature can be toggled on or off at a customer’s direction. - Additionally, for those customers using Karat Qualify as a top-of-funnel screening assessment, certain jurisdictions consider item response theory (IRT) tools like Qualify as within the definition of AI or machine learning. Karat is ready to assist customers operating in those jurisdictions with compliance needs regarding the use of AI in employment decision making. 
- While Karat does not operate an OFAC compliance search program, we do not work with individuals or subcontractors in countries restricted by the US Office of Foreign Assets Control (OFAC). Additionally, we will not work with subcontractors who have active OFAC complaints against them or are in violation of OFAC sanctions programs. We require subcontractors to warrant as such in their agreements with us. 
- Karat is a remote-first organization. Our corporate headquarters in Seattle is LEED GOLD certified. For employees using the space for in-person collaboration, Karat provides environmentally friendly features such as bicycle storage, electric car charges, and vanpools. Our green roof absorbs stormwater to water plantings and filters runoff which reduces pollution of Portage Bay while drought-resistant plants reduce the amount of potable water used for irrigation by 79%. We participate in electronics recycling and limit the use of paper products and printing. 
- Yes, on an annual basis, Karat personnel complete mandatory training on and agree to comply with Karat’s code of conduct. The code of conduct is reviewed and updated annually. Karat is happy to review customer codes of conduct and other customer policies during our contracting and due diligence process. 
- Karat is an equal employment/affirmative action employer and is LGBTQIA+ friendly. We are committed to providing a workplace that is free of discrimination of all types and abusive, offensive, or harassing behavior. Karat is happy to review customer diversity and equity or diverse supplier policies during our contracting and due diligence process. 
- At Karat, we work to provide a fair interview experience for everyone. Candidates have an opportunity to request specific accommodations prior to their interview. Our support team will then schedule the candidate with an IVE that can provide the most ideal experience based on the candidate’s needs (for example, IVEs that speak American Sign Language). Typical accommodations include extended interview time, use of a screen reader, or use of an interpreter. We will never require a candidate to disclose their personal medical information as a part of an accommodation request. 
- Our in-house coding environment and video conferencing software were designed with accessibility in mind. Karat Studio has a high accessibility score, simple to use interface, support for High Contrast and large fonts, and text chat functionality. 
- Karat’s intellectual property includes all the elements of our assessment tools that customers encounter during their relationship with Karat. This includes assessment questions, interview methodologies, scoring rubrics, and any other content developed by our team to provide services to customers. - If a customer chooses to provide their own content or interview questions, this content will be considered the customer’s intellectual property. Results of the services, such as interview video, audio and reports, become Karat intellectual property. Karat grants customers a perpetual license to interview results and any other reports or insights they may receive through the use of Karat. 
- We will fully indemnify and hold harmless customers with respect to third party claims that our products or services infringe a copyright or patent. For other types of liability, it is a fundamental principle of Karat’s business operations that liability be capped in proportion to the fees paid. Our liability cap is in line with standard market practice and reflects a fair risk allocation to guarantee fair and proportionate liability for both parties. Karat requires all customers to indemnify us if Karat becomes part of a third-party claim arising from a customer’s hiring decisions. The ultimate decision regarding whether to advance a candidate in the hiring process (or other employment related actions) belongs to the customer. Karat has no control over how its customers use interview results and analytics. 
- Where an active order form is in effect, a customer may terminate the master agreement and related order form in the event of Karat’s incurable material breach of its obligations. Karat does not provide termination for convenience because a great deal of our work is front loaded prior to the completion of any interviews. As such, order forms are non-cancelable and fees are non-refundable. 
- Karat interviews are conducted by an Interview Engineer. Interview Engineers (or “IVEs”) are a global community of experienced software engineers available to conduct high quality interviews 24/7. To join the Karat IVE community, an engineer must have a minimum of 3 years of experience and a degree in computer science or engineering, as well as fluent English language skills. Collectively, Karat’s IVE community has conducted hundreds of thousands of interviews, possessing expertise in a wide range of coding languages and environments. 
- IVEs undergo a rigorous screening process before conducting Karat interviews that includes evaluation of their coding and soft skills and training in Karat’s interview methodology. They continue to receive evaluations during their tenure as an IVE, and must qualify for each new skill area and question set for which they perform assessments. IVEs are managed and closely monitored by Karat’s community operations team. 
- IVEs are assigned to interviews only when they meet the specific requirements of the applicable interview content and coding languages. Selected IVEs must also meet any specific requirements dictated by the customer and as agreed by Karat. 
- Karat has a quality control program to ensure that interviews meet customer requirements and are performed to the highest standard. Karat requires IVEs to participate in ongoing mentoring and frequent continuing education. Additionally, interviews are subject to quality control reviews both at random as well as in response to concerns about IVE performance raised by candidates or Karat community operations team members. Our community operations team oversees IVEs and will directly address any performance concerns raised during quality control review. 
- IVEs are required to report any possible conflict of interest that may prevent them fairly conducting an interview. If it is determined that the IVE has a conflict of interest with respect to an assigned interview, the interview will be assigned to a new IVE. Examples of conflicts of interest include, but are not limited to the following: - The IVE has previously worked with or currently works with the candidate, or knows them personally;
- The IVE currently works at the company the candidate is interviewing for; or
- The IVE is also planning to interview or has interviewed with the customer for a position.
 
- Our IVE community is located around the globe (excluding OFAC sanctioned countries and other locations forbidden by US law) to allow for 24/7 interview scheduling by candidates. However, specialized IVE cohorts may be created in consultation with Karat’s delivery team. 
- Karat cares deeply about providing a fair playing field to all candidates and conducting interviews that provide an accurate signal with respect to a candidate’s abilities. - Prior to beginning an assessment, candidates have an opportunity to review our candidate terms and conditions and interview preparation materials, which describe what resources are allowed during the interview. Unless otherwise directed by a customer and explicitly communicated to a candidate by an IVE or by the interview type and instructions, Karat prohibits behaviors such as: - using code or language that is not the candidate’s original work unless derived from the provided AI Assistant (if applicable);
- using unauthorized third-party assistance to answer questions; and
- copying questions outside of the Karat coding environment into search engines or a GPT.
 
- Each IVE is trained to monitor for and report abnormal candidate behaviors which may indicate cheating, such as typing outside of the browser window without explanation, frequently looking between monitors, or writing code in an unusual top-down or line-by-line manner. When an IVE identifies such behaviors and suspects cheating, they report this behavior as part of their post-interview report and flag the interview for quality control review by a second IVE. 
- When an IVE flags suspected cheating in their post-interview report, the interview will be rewatched and reviewed in its entirety by a second IVE specifically trained in Karat’s quality control standards. If quality control does reveal suspicious behavior, our community operations team will communicate with the customer and discussion possible solutions. 
- Karat offers a variety of interview modules which may be used depending on Customer preferences and the requirements for the role. Some of these modules involve the use of a built-in AI Assistant, others allow for the use of external resources which may include genAI tools, while the remaining modules do not allow the use of external resources. In modules which do not permit the use of external resources, our interviewers are taught to flag suspected use of any AI tools. In modules that allow the use of AI tools for non-generative uses like syntax correction, our interviewers will flag any inappropriate use of allowed tools. 
- Karat is hosted in the AWS US region and is designed with multiple availability zones to ensure resilience against potential outages. 
- Karat adheres to the AICPA standards under the SOC 2 framework. Each year, a third-party auditor conducts a comprehensive review of our security and privacy controls. We are pleased to provide our SOC 2 Type II Attestation report upon request. 
- All customer data is encrypted in transit (using TLS 1.2 or higher) and at rest (through AES-256). 
- Karat operates according to the principle of least privilege and need-to-know. At a minimum, Karat conducts monthly access control reviews to ensure that Karat personnel are only granted the permissions they need to perform their job functions. 
- All Karat personnel are required to complete compliance training on info security and privacy upon hire and annually thereafter. 
- Karat conducts penetration testing at least annually and conducts bi-weekly vulnerability testing to proactively identify and remediate security vulnerabilities. 
- Karat Supports two types of Single Sign-On (SSO) methods: - Service Provider (SP)-initiated SSO, and
- Identity Provider (IDP)-initiated SSO
 - Karat is fully compliant with SAML 2.0 and is happy to provide documentation to assist customers in setting up SSO according to their needs. 
- Data is securely stored in a logically separated database hosted within the AWS cloud environment. 
- Karat is hosted in geographically diverse AWS data centers, ensuring robust physical security and environmental controls. 
- Karat has a comprehensive backup strategy with defined RTO and RPO objectives, and we conduct annual backup tests and restores. 
- No, the Karat service model does not require a direct connection to a customer’s infrastructure. 
- Logs are collected, aggregated and retained for a minimum of one year. 
- Karat data protection policies cover information security, cloud security, cryptography, data retention, business continuity and privacy. Policies may be provided upon request under an NDA. 
- Karat allows the use of open source tools and libraries in our environment under certain conditions and only in compliance with our Information Security Policy. All open-source software is subject to a thorough approval process prior to use, ensuring it meets our security and compliance standards. This process is strictly followed before any open-source software is integrated into our production environment. Additionally, we perform a recurring codebase scan to identify and patch any potential vulnerability. 
- Data Privacy - As outlined in Karat’s DPA, customers share with Karat personal information regarding candidates as necessary to schedule an interview and provide the services. Customers are required to provide a candidate’s full name and email address; they may also optionally share a candidate’s phone number, resume data and outcome of the candidate’s application (aka candidate disposition data). The customer is a controller with respect to this candidate personal information. - Karat also collects personal information directly from candidates or in connection with their use of the services pursuant to the Karat Privacy Policy. With respect to these instances of a candidate’s personal information, Karat is a controller. Candidates determine how Karat processes that information, particularly their interview results. Karat’s use of this candidate personal information is outlined in our Privacy Policy which is acknowledged and accepted by all candidates prior to scheduling an interview or other assessment. Candidates can request access to or deletion of their interview results or other personal data as outlined in the Privacy Policy. 
- Karat serves as controller of candidate data so that we can provide the highest quality service to customers and candidates. Candidates may be assessed by Karat multiple times, and we need to keep candidate data so we can match candidates to their prior history with Karat. We want to ensure that candidates do not see the same content in any subsequent interview so that we can provide the strongest possible hiring signal. Additionally, this allows us to accelerate candidates in a customer’s funnel that we are able to identify as having already met the customer’s hiring bar. 
- When scheduling a Karat Core interview, Karat collects the following information from candidates: - Candidate Data - Why do we collect the data? - To whom is it visible? - Required/Optional - First name - To personalize the interview experience - Karat, customer, interviewer - Required - Last name - To personalize the interview experience - Karat, customer - Required - Email - Email interview confirmation, scheduling reminders, as a unique identifier in the Karat environment - Karat, customer - Required - Phone - SMS scheduling reminders, to troubleshoot technical issues during the interview - Karat, customer - Optional - Pronouns - To personalize the interview experience - Karat, interviewer - Optional - Disability accommodation needs - To personalize the interview experience - Karat, interviewer - Optional - Race/Ethnicity - To conduct audits and impact assessments - Karat - Optional - Gender - To conduct audits and impact assessments - Karat - Optional - Links to social media & GitHub profiles - To build the candidate profile - Karat - Optional - In addition, in the course of performing a Core interview, Karat generates (a) a video recording; (b) a code playback recording; and (c) interview report including an overall recommendation and a quantitative score plus written feedback on the candidate’s response to each question within the interview. (The interview report may optionally include a comprehensive interview summary). The video recording and code playback are accessible only within the Karat platform and not downloadable by customers. Karat licenses the interview report to a customer during the term of their relationship with Karat; following the termination or expiration of any relationship, a customer may retain the Karat recommendation and quantitative interview scores in their environment. 
- It is always optional for candidates to provide demographic data such as gender, race/ethnicity or disability status. That said, Karat does not customize its data collection or processing practices on a customer-by-customer basis. Karat and candidates are forming a direct data subject to controller relationship which exists outside of any one customer request to perform an interview or assessment. As such, Karat and customers need a consistent experience and set of terms (the Karat Privacy Policy) to apply to all their interactions, particularly as candidates build a profile with Karat as they complete multiple assessments over time. More specifically, demographic data such as gender and race/ethnicity is voluntarily collected so that we can conduct audits and impact assessments as may be required by law or our customers. 
- No. The video and audio of Karat interviews are exclusively available for viewing on our platform, but not for download. 
- The IVE is provided with only the candidate first name, candidate pronouns and disability accommodation needs in order to personalize the interview experience for the candidate. Candidate pronouns and disability accommodation needs are never explicitly shared with customers via the Karat platform or interview report. Furthermore, candidate responses to questions about race/ethnicity and gender are never shared with IVEs or customers. 
- Karat strongly encourages candidates to turn on their camera during Karat interviews to provide the best possible outcome for candidates and customers. Live video allows the IVE conducting the interview to better engage with the candidate in order to get the best possible assessment of the candidate’s technical skills. Additionally, lack of candidate video may inhibit Karat’s ability to complete its quality control process to both ensure fair treatment for candidates and identify any instances of cheating. That said, in the event a candidate does not wish to appear on camera during the interview, they may simply turn off their camera during the interview. - Regardless of a candidate’s decision to appear on camera, all Karat interviews (including the interview audio and code playback) are recorded. A recording of the interview environment, particularly the audio and code playback, is essential to our ability to align with customers on their talent quality expectations and to provide a comprehensive, consistent assessment of each candidate. 
- Candidates can request that any or all of their personal information be deleted by emailing such a request to privacy@karat.com. For identification purposes, candidates must use the same email address originally provided to Karat when scheduling the applicable interview. 
- Karat deletes candidate data upon the request of the candidate or after a maximum of 5 years from the date of the interview. 
- Our cloud storage provider, AWS, is trusted by some of the most security-conscious organizations in the world. AWS data centers are also ISO 27001 certified and SOC 3 security reports are available. All data is hosted in Amazon AWS US West-2 (N. California) and East (N. Virginia) (entirely within the United States). 
- Karat has employees and contractors with access to customer data and candidate data in several countries outside of the US. Karat is happy to provide a current list of countries during our contracting and due diligence process. Karat IVEs are located around the world; however, IVEs do not have access to customer data. 
- Karat complies with global data privacy regulations, including but not limited to EU, UK and Swiss GDPR and applicable US state privacy laws including CCPA and VCDPA. Karat is also certified under the EU – US Data Privacy Framework. Our DPA details our responsibilities under these privacy laws as a processor of customer data, and the technical, organizational, and administrative procedures we have put in place to protect the personal data we process on behalf of our customers. Our security and privacy measures are continuously monitored and enhanced by our privacy information security teams in accordance with the ever-evolving global privacy and cybersecurity threat landscape. 
- Karat retains customer data as agreed to under its contract with the customer, typically deleting or anonymizing and aggregating all data provided by a client within 30 days after they become inactive. Karat retains candidate personal data for as long as a candidate has an active account (but in no event longer than five years from the candidate’s last date of activity). In certain cases, we may retain data longer to comply with legal obligations, resolve disputes, or as permitted by applicable law. 
- Karat implements and maintains commercially reasonable and industry-standard administrative, physical, organizational, and technical safeguards. These measures are designed to prevent unauthorized use, access, processing, destruction, loss, alteration, or disclosure of personal data. Access is restricted to individuals with a “need to know” basis. Please see the Information Security subsection of the Trust Center for more information. 
- Karat maintains records to demonstrate compliance with data protection obligations and allows for customer audits as agreed to under contract. Privacy reviews and DPIAs are conducted as needed to ensure ongoing compliance. 
- Karat collects demographic data such as gender, race, ethnicity, and disability status from candidates. This information is used to provide and improve our Services, including to comply with regulatory requirements applicable to employers and their vendors. Karat is committed to handling all personal data, including sensitive data, in accordance with applicable data protection laws. 
- Karat complies with global data privacy regulations, including by not limited to UE, UK and Swiss GDPR and India’s DPDPA. With respect to the cross-border transfer of data, Karat certified under the EU – US, UK – US, and Swiss – US Data Privacy Framework. We will also transfer data to the US and other jurisdictions pursuant to the EU or UK standard contractual clauses as detailed in our Data Processing Addendum. 
 
- Compliance - Karat’s proven methodologies systematically reduce bias from the interview process. These methods include: - Consistent pool of equivalent content sets presented to all candidates
- Detailed scoring rubrics ensuring all candidates are evaluated equivalently
- Deeply trained interviewers (including training on anti-bias) held to clear and strict guidelines
- Quality control process with a second interviewer validating scoring
- Recommendation based exclusively on objective technical performance
 - In addition, Karat’s content governance team regularly conducts statistical analyses and other research to evaluate the validity, reliability and fairness of Karat assessments and adjust our content library as needed. Karat will share such reports under an NDA upon request or will partner with customers to perform specific analyses as needed. 
- Yes, Karat leverages AI in two key aspects of its offering. First, Karat uses a third-party LLM to organize and format data such as candidate geography, industry, employment history and educational history pulled from candidate resumes. This data forms the foundation of the strategic talent insights we provide our customers. Second, Karat customers have the ability to leverage AI interview summarization for Karat Core and Karat Focus assessments. Specifically, Karat uses an LLM to synthesize data from the IVE’s interview report and the final recommendation, resulting in a written interview summary for the customer. Candidate PII is not shared with the LLM, and the LLM does not train on the data inputs. This AI summary feature can be toggled on or off at a customer’s direction. - Additionally, for those customers using Karat Qualify as a top-of-funnel screening assessment, certain jurisdictions consider item response theory (IRT) tools like Qualify as within the definition of AI or machine learning. Karat is ready to assist customers operating in those jurisdictions with compliance needs regarding the use of AI in employment decision making. 
- While Karat does not operate an OFAC compliance search program, we do not work with individuals or subcontractors in countries restricted by the US Office of Foreign Assets Control (OFAC). Additionally, we will not work with subcontractors who have active OFAC complaints against them or are in violation of OFAC sanctions programs. We require subcontractors to warrant as such in their agreements with us. 
- Karat is a remote-first organization. Our corporate headquarters in Seattle is LEED GOLD certified. For employees using the space for in-person collaboration, Karat provides environmentally friendly features such as bicycle storage, electric car charges, and vanpools. Our green roof absorbs stormwater to water plantings and filters runoff which reduces pollution of Portage Bay while drought-resistant plants reduce the amount of potable water used for irrigation by 79%. We participate in electronics recycling and limit the use of paper products and printing. 
- Yes, on an annual basis, Karat personnel complete mandatory training on and agree to comply with Karat’s code of conduct. The code of conduct is reviewed and updated annually. Karat is happy to review customer codes of conduct and other customer policies during our contracting and due diligence process. 
- Karat is an equal employment/affirmative action employer and is LGBTQIA+ friendly. We are committed to providing a workplace that is free of discrimination of all types and abusive, offensive, or harassing behavior. Karat is happy to review customer diversity and equity or diverse supplier policies during our contracting and due diligence process. 
- At Karat, we work to provide a fair interview experience for everyone. Candidates have an opportunity to request specific accommodations prior to their interview. Our support team will then schedule the candidate with an IVE that can provide the most ideal experience based on the candidate’s needs (for example, IVEs that speak American Sign Language). Typical accommodations include extended interview time, use of a screen reader, or use of an interpreter. We will never require a candidate to disclose their personal medical information as a part of an accommodation request. 
- Our in-house coding environment and video conferencing software were designed with accessibility in mind. Karat Studio has a high accessibility score, simple to use interface, support for High Contrast and large fonts, and text chat functionality. 
 
- Legal - Karat’s intellectual property includes all the elements of our assessment tools that customers encounter during their relationship with Karat. This includes assessment questions, interview methodologies, scoring rubrics, and any other content developed by our team to provide services to customers. - If a customer chooses to provide their own content or interview questions, this content will be considered the customer’s intellectual property. Results of the services, such as interview video, audio and reports, become Karat intellectual property. Karat grants customers a perpetual license to interview results and any other reports or insights they may receive through the use of Karat. 
- We will fully indemnify and hold harmless customers with respect to third party claims that our products or services infringe a copyright or patent. For other types of liability, it is a fundamental principle of Karat’s business operations that liability be capped in proportion to the fees paid. Our liability cap is in line with standard market practice and reflects a fair risk allocation to guarantee fair and proportionate liability for both parties. Karat requires all customers to indemnify us if Karat becomes part of a third-party claim arising from a customer’s hiring decisions. The ultimate decision regarding whether to advance a candidate in the hiring process (or other employment related actions) belongs to the customer. Karat has no control over how its customers use interview results and analytics. 
- Where an active order form is in effect, a customer may terminate the master agreement and related order form in the event of Karat’s incurable material breach of its obligations. Karat does not provide termination for convenience because a great deal of our work is front loaded prior to the completion of any interviews. As such, order forms are non-cancelable and fees are non-refundable. 
 
- Interview Engineer (IVE) Community - Karat interviews are conducted by an Interview Engineer. Interview Engineers (or “IVEs”) are a global community of experienced software engineers available to conduct high quality interviews 24/7. To join the Karat IVE community, an engineer must have a minimum of 3 years of experience and a degree in computer science or engineering, as well as fluent English language skills. Collectively, Karat’s IVE community has conducted hundreds of thousands of interviews, possessing expertise in a wide range of coding languages and environments. 
- IVEs undergo a rigorous screening process before conducting Karat interviews that includes evaluation of their coding and soft skills and training in Karat’s interview methodology. They continue to receive evaluations during their tenure as an IVE, and must qualify for each new skill area and question set for which they perform assessments. IVEs are managed and closely monitored by Karat’s community operations team. 
- IVEs are assigned to interviews only when they meet the specific requirements of the applicable interview content and coding languages. Selected IVEs must also meet any specific requirements dictated by the customer and as agreed by Karat. 
- Karat has a quality control program to ensure that interviews meet customer requirements and are performed to the highest standard. Karat requires IVEs to participate in ongoing mentoring and frequent continuing education. Additionally, interviews are subject to quality control reviews both at random as well as in response to concerns about IVE performance raised by candidates or Karat community operations team members. Our community operations team oversees IVEs and will directly address any performance concerns raised during quality control review. 
- IVEs are required to report any possible conflict of interest that may prevent them fairly conducting an interview. If it is determined that the IVE has a conflict of interest with respect to an assigned interview, the interview will be assigned to a new IVE. Examples of conflicts of interest include, but are not limited to the following: - The IVE has previously worked with or currently works with the candidate, or knows them personally;
- The IVE currently works at the company the candidate is interviewing for; or
- The IVE is also planning to interview or has interviewed with the customer for a position.
 
- Our IVE community is located around the globe (excluding OFAC sanctioned countries and other locations forbidden by US law) to allow for 24/7 interview scheduling by candidates. However, specialized IVE cohorts may be created in consultation with Karat’s delivery team. 
 
- Assessment Integrity - Karat cares deeply about providing a fair playing field to all candidates and conducting interviews that provide an accurate signal with respect to a candidate’s abilities. - Prior to beginning an assessment, candidates have an opportunity to review our candidate terms and conditions and interview preparation materials, which describe what resources are allowed during the interview. Unless otherwise directed by a customer and explicitly communicated to a candidate by an IVE or by the interview type and instructions, Karat prohibits behaviors such as: - using code or language that is not the candidate’s original work unless derived from the provided AI Assistant (if applicable);
- using unauthorized third-party assistance to answer questions; and
- copying questions outside of the Karat coding environment into search engines or a GPT.
 
- Each IVE is trained to monitor for and report abnormal candidate behaviors which may indicate cheating, such as typing outside of the browser window without explanation, frequently looking between monitors, or writing code in an unusual top-down or line-by-line manner. When an IVE identifies such behaviors and suspects cheating, they report this behavior as part of their post-interview report and flag the interview for quality control review by a second IVE. 
- When an IVE flags suspected cheating in their post-interview report, the interview will be rewatched and reviewed in its entirety by a second IVE specifically trained in Karat’s quality control standards. If quality control does reveal suspicious behavior, our community operations team will communicate with the customer and discussion possible solutions. 
- Karat offers a variety of interview modules which may be used depending on Customer preferences and the requirements for the role. Some of these modules involve the use of a built-in AI Assistant, others allow for the use of external resources which may include genAI tools, while the remaining modules do not allow the use of external resources. In modules which do not permit the use of external resources, our interviewers are taught to flag suspected use of any AI tools. In modules that allow the use of AI tools for non-generative uses like syntax correction, our interviewers will flag any inappropriate use of allowed tools. 
 
- Information Security - Karat is hosted in the AWS US region and is designed with multiple availability zones to ensure resilience against potential outages. 
- Karat adheres to the AICPA standards under the SOC 2 framework. Each year, a third-party auditor conducts a comprehensive review of our security and privacy controls. We are pleased to provide our SOC 2 Type II Attestation report upon request. 
- All customer data is encrypted in transit (using TLS 1.2 or higher) and at rest (through AES-256). 
- Karat operates according to the principle of least privilege and need-to-know. At a minimum, Karat conducts monthly access control reviews to ensure that Karat personnel are only granted the permissions they need to perform their job functions. 
- All Karat personnel are required to complete compliance training on info security and privacy upon hire and annually thereafter. 
- Karat conducts penetration testing at least annually and conducts bi-weekly vulnerability testing to proactively identify and remediate security vulnerabilities. 
- Karat Supports two types of Single Sign-On (SSO) methods: - Service Provider (SP)-initiated SSO, and
- Identity Provider (IDP)-initiated SSO
 - Karat is fully compliant with SAML 2.0 and is happy to provide documentation to assist customers in setting up SSO according to their needs. 
- Data is securely stored in a logically separated database hosted within the AWS cloud environment. 
- Karat is hosted in geographically diverse AWS data centers, ensuring robust physical security and environmental controls. 
- Karat has a comprehensive backup strategy with defined RTO and RPO objectives, and we conduct annual backup tests and restores. 
- No, the Karat service model does not require a direct connection to a customer’s infrastructure. 
- Logs are collected, aggregated and retained for a minimum of one year. 
- Karat data protection policies cover information security, cloud security, cryptography, data retention, business continuity and privacy. Policies may be provided upon request under an NDA. 
- Karat allows the use of open source tools and libraries in our environment under certain conditions and only in compliance with our Information Security Policy. All open-source software is subject to a thorough approval process prior to use, ensuring it meets our security and compliance standards. This process is strictly followed before any open-source software is integrated into our production environment. Additionally, we perform a recurring codebase scan to identify and patch any potential vulnerability. 
 
Additional questions?
Customers should reach out to their Karat sales representative who can connect them to Karat’s legal, security and content/delivery departments as applicable.
Contact
Karat has obtained the following certifications reflecting our commitment to the protection of customer and candidate data.

SOC 2.
Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy

U.S. Data Privacy Framework (DPF).
A framework for complying with EU, UK, and Swiss privacy requirements