Karat Trust Center
Karat places the highest priority on the integrity of our platform and assessment processes, inclusive of the security and privacy of customer and candidate information. The resources below address the most common questions across our legal, privacy, security, and delivery functions.
Frequently Asked Questions
Data Privacy
Compliance
Legal
Interview Engineer (IVE) Community
Assessment Integrity
Information Security
As outlined in Karat’s DPA, customers share with Karat personal information regarding candidates as necessary to schedule an interview and provide the services. Customers are required to provide a candidate’s full name and email address; they may also optionally share a candidate’s phone number, resume data and outcome of the candidate’s application (aka candidate disposition data). The customer is a controller with respect this candidate personal information.
Karat also collects personal information directly from candidates or in connection with their use of the services pursuant to the Karat Privacy Policy. With respect to these instances of a candidate’s personal information, Karat is a controller. Candidates determine how Karat processes that information, particularly their interview results. Karat’s use of this candidate personal information is outlined in our Privacy Policy which is acknowledged and accepted by all candidates prior to scheduling an interview or other assessment. Candidates can request access to or deletion of their interview results or other personal data as outlined in the Privacy Policy.
Karat serves as controller of candidate data so that we can provide the highest quality service to customers and candidates. Candidates may be assessed by Karat multiple times, and we need to keep candidate data so we can match candidates to their prior history with Karat. We want to ensure that candidates do not see the same content in any subsequent interview so that we can provide the strongest possible hiring signal. Additionally, this allows us to accelerate candidates in a customer’s funnel that we are able to identify as having already met the customer’s hiring bar.
When scheduling a Karat Core interview, Karat requests the following information from candidates:
- First and last name
- Gender/Pronouns
- Phone
- Disability accommodation needs
- Race/ethnicity (optional)
- Resume (optional)
- Links to social media & GitHub profiles (optional)
Generally the data is collected so that we can schedule and perform the interview and provide an effective recommendation to the customer/potential employer. Data like name, pronouns and disability status are used to personalize the interview experience; we use phone numbers to call candidates experiencing technical issues during their interview. Emails are used for communications/scheduling purposes and as unique identifiers for each candidate in the Karat environment (including ensuring candidates are not given the same content on multiple occasions). Demographic data such as gender and race/ethnicity is voluntarily collected so that we can conduct audits and impact assessments as may be required by law or our customers. Resume and social media profile data is purely optional for those candidates wishing to build a more robust profile with Karat.
It is always optional for candidates to provide demographic data such as gender, race/ethnicity or disability status. That said, Karat does not customize its data collection or processing practices on a customer-by-customer basis. Karat and candidates are forming a direct data subject to controller relationship which exists outside of any one customer request to perform an interview or assessment. As such, Karat and customers need a consistent experience and set of terms (the Karat Privacy Policy) to apply to all their interactions, particularly as candidates build a profile with Karat as they complete multiple assessments over time. More specifically, demographic data such as gender and race/ethnicity is voluntarily collected so that we can conduct audits and impact assessments as may be required by law or our customers.
No. The video and audio of Karat interviews are exclusively available for viewing on our platform, but not for download.
Candidate demographic data (such as gender/race/ethnicity/disability status) is available to IVEs only to the extent such information is observable through the interview process. Such information is not available to customer end users or incorporated into interview reports which are accessible to the customer following an interview.
Karat strongly encourages candidates to turn on their camera and allow for video recording during Karat interviews to provide the best possible outcome for candidates and employers. Many employers seek to evaluate a candidate’s communication skills, attitude, and professionalism, in addition to a candidate’s technical abilities (which is the focus of the Karat assessment), and a video recording allows for the prospective employer to better evaluate these attributes. Lack of video recording may also inhibit Karat’s ability to complete its quality control process to both ensure fair treatment for candidates and identify any instances of cheating.
That said, Karat respects candidates’ privacy and right to control the use of their personal information. In the event a candidate does not wish to use their camera during the interview, they may simply turn off their camera during the interview. If a candidate is comfortable with a camera on during the live interview, but does not wish to have the interview recording used or shared in certain ways, candidates should inform the IVE performing the interview and immediately following the interview email privacy@karat.com.
Under our current product design, it is not possible to completely disable interview recording, but if a candidate does not wish to have the interview recording shared with the prospective employer or otherwise wishes to have it deleted, that request can be made by emailing privacy@karat.com. Employers are not able/not permitted to download or retain their own copies of interview recordings; they must view videos through the Karat platform.
Candidates can request that any or all of their personal information be deleted by emailing such a request to privacy@karat.com. For identification purposes, candidates must use the same email address originally provided to Karat when scheduling the applicable interview.
Karat deletes candidate data upon the request of the candidate or after a maximum of 5 years from the date of the interview.
Our cloud storage provider, AWS, is trusted by some of the most security-conscious organizations in the world. AWS data centers are also ISO 27001 certified and SOC 3 security reports are available. All data is hosted in Amazon AWS US West-2 (N. California) and East (N. Virginia) (entirely within the United States).
Karat has employees and contractors with access to customer data and candidate data in several countries outside of the US. Karat is happy to provide a current list of countries during our contracting and due diligence process. Karat IVEs are located around the world; however, IVEs do not have access to customer data.
Karat complies with global data privacy regulations, including but not limited to EU, UK and Swiss GDPR and applicable US state privacy laws including CCPA and VCDPA. Karat is also certified under the EU – US Data Privacy Framework, with our certification most recently renewed in July 2024. Our DPA details our responsibilities under these privacy laws as a processor of customer data, and the technical, organizational, and administrative procedures we have put in place to protect the personal data we process on behalf of our customers. Our security and privacy measures are continuously monitored and enhanced by our privacy information security teams in accordance with the ever-evolving global privacy and cybersecurity threat landscape.
While Karat does not operate an OFAC compliance search program, we do not work with individuals or subcontractors in countries restricted by the US Office of Foreign Assets Control (OFAC). Additionally, we will not work with subcontractors who have active OFAC complaints against them or are in violation of OFAC sanctions programs. We require subcontractors to warrant as such in their agreements with us.
Karat is a remote-first organization. Our corporate headquarters in Seattle is LEED GOLD certified. For employees using the space for in-person collaboration, Karat provides environmentally friendly features such as bicycle storage, electric car charges, and vanpools. Our green roof absorbs stormwater to water plantings and filters runoff which reduces pollution of Portage Bay while drought-resistant plants reduce the amount of potable water used for irrigation by 79%. We participate in electronics recycling and limit the use of paper products and printing.
Yes, on an annual basis, Karat personnel complete mandatory training on and agree to comply with Karat’s code of conduct. The code of conduct is reviewed and updated annually. Karat is happy to review customer codes of conduct and other customer policies during our contracting and due diligence process.
Karat is an equal employment/affirmative action employer and is LGBTQIA+ friendly. We are committed to providing a workplace that is free of discrimination of all types and abusive, offensive, or harassing behavior. Karat is happy to review customer diversity and equity or diverse supplier policies during our contracting and due diligence process.
Customers have the ability to leverage several AI features in the review and summarization of Karat Core and Karat Focus interviews. Specifically, Karat uses an LLM to synthesize data from the IVE interview report and the final recommendation, resulting in a written interview summary for the customer. Candidate PII is not shared with the LLM and the LLM does not train on the data inputs. This AI summary feature can be toggled on or off at a customer’s direction.
Karat Qualify is a top-of-funnel screening assessment that leverages item response theory (IRT). Certain jurisdictions consider IRT to fall within the definition of AI or machine learning. Karat is ready to assist customers operating in those jurisdictions with compliance needs.
At Karat, we work to provide a fair interview experience for everyone. Candidates have an opportunity to request specific accommodations prior to their interview. Our support team will then schedule the candidate with an IVE that can provide the most ideal experience based on the candidate’s needs (for example, IVEs that speak American Sign Language). Typical accommodations include extended interview time, use of a screen reader, or use of an interpreter. We will never require a candidate to disclose their personal medical information as a part of an accommodation request.
Our in-house coding environment and video conferencing software were designed with accessibility in mind. Karat Studio has a high accessibility score, simple to use interface, support for High Contrast and large fonts, and text chat functionality.
Karat’s intellectual property includes all the elements of our assessment tools that customers encounter during their relationship with Karat. This includes assessment questions, interview methodologies, scoring rubrics, and any other content developed by our team to provide services to customers.
If a customer chooses to provide their own content or interview questions, this content will be considered the customer’s intellectual property. Results of the services, such as interview video, audio and reports, become Karat intellectual property. Karat grants customers a perpetual license to interview results and any other reports or insights they may receive through the use of Karat.
We will fully indemnify and hold harmless customers with respect to third party claims that our products or services infringe a copyright or patent. For other types of liability, it is a fundamental principle of Karat’s business operations that liability be capped in proportion to the fees paid. Our liability cap is in line with standard market practice and reflects a fair risk allocation to guarantee fair and proportionate liability for both parties. Karat requires all customers to indemnify us if Karat becomes part of a third-party claim arising from a customer’s hiring decisions. The ultimate decision regarding whether to advance a candidate in the hiring process (or other employment related actions) belongs to the customer. Karat has no control over how its customers use interview results and analytics.
Where an active order form is in effect, a customer may terminate the master agreement and related order form in the event of Karat’s incurable material breach of its obligations. Karat does not provide termination for convenience because a great deal of our work is front loaded prior to the completion of any interviews. As such, order forms are non-cancelable and fees are non-refundable.
Karat interviews are conducted by an Interview Engineer. Interview Engineers (or “IVEs”) are a global community of experienced software engineers available to conduct high quality interviews 24/7. To join the Karat IVE community, an engineer must have a minimum of 3 years of experience and a degree in computer science or engineering, as well as fluent English language skills. Collectively, Karat’s IVE community has conducted hundreds of thousands of interviews, possessing expertise in a wide range of coding languages and environments.
IVEs undergo a rigorous screening process before conducting Karat interviews that includes evaluation of their coding and soft skills and training in Karat’s interview methodology. They continue to receive evaluations during their tenure as an IVE, and must qualify for each new skill area and question set for which they perform assessments. IVEs are managed and closely monitored by Karat’s community operations team.
IVEs are assigned to interviews only when they meet the specific requirements of the applicable interview content and coding languages. Selected IVEs must also meet any specific requirements dictated by the customer and as agreed by Karat.
Karat has a quality control program to ensure that interviews meet customer requirements and are performed to the highest standard. Karat requires IVEs to participate in ongoing mentoring and frequent continuing education. Additionally, interviews are subject to quality control reviews both at random as well as in response to concerns about IVE performance raised by candidates or Karat community operations team members. Our community operations team oversees IVEs and will directly address any performance concerns raised during quality control review.
IVEs are required to report any possible conflict of interest that may prevent them fairly conducting an interview. If it is determined that the IVE has a conflict of interest with respect to an assigned interview, the interview will be assigned to a new IVE. Examples of conflicts of interest include, but are not limited to the following:
- The IVE has previously worked with or currently works with the candidate, or knows them personally;
- The IVE currently works at the company the candidate is interviewing for; or
- The IVE is also planning to interview or has interviewed with the customer for a position.
Karat cares deeply about providing a fair playing field to all candidates and conducting interviews that provide an accurate signal with respect to a candidate’s abilities.
Prior to beginning an assessment, candidates have an opportunity to review our candidate terms and conditions and interview preparation materials, which describe what resources are allowed during the interview. Unless otherwise directed by a customer and explicitly communicated to a candidate by an IVE, Karat prohibits behaviors such as:
- using code or language that is not the candidate’s original work;
- using unauthorized third-party assistance to answer questions; and
- copying questions outside of the Karat coding environment into search engines or a GPT.
Each IVE is trained to monitor for and report abnormal candidate behaviors which may indicate cheating, such as typing outside of the browser window without explanation, frequently looking between monitors, or writing code in an unusual top-down or line-by-line manner. When an IVE identifies such behaviors and suspects cheating, they report this behavior as part of their post-interview report and flag the interview for quality control review by a second IVE.
When an IVE flags suspected cheating in their post-interview report, the interview will be rewatched and reviewed in its entirety by a second IVE specifically trained in Karat’s quality control standards. If quality control does reveal suspicious behavior, our community operations team will communicate with the customer and discussion possible solutions.
Karat is hosted in the AWS US region and is designed with multiple availability zones to ensure resilience against potential outages.
Karat adheres to the AICPA standards under the SOC 2 framework. Each year, a third-party auditor conducts a comprehensive review of our security and privacy controls. We are pleased to provide our SOC 2 Type II Attestation report upon request.
All customer data is encrypted in transit (using TLS 1.2 or higher) and at rest (through AES-256).
Karat operates according to the principle of least privilege and need-to-know. At a minimum, Karat conducts monthly access control reviews to ensure that Karat personnel are only granted the permissions they need to perform their job functions.
All Karat personnel are required to complete compliance training on info security and privacy upon hire and annually thereafter.
Karat conducts penetration testing at least annually and conducts bi-weekly vulnerability testing to proactively identify and remediate security vulnerabilities.
Karat Supports two types of Single Sign-On (SSO) methods:
- Service Provider (SP)-initiated SSO, and
- Identity Provider (IDP)-initiated SSO
Karat is fully compliant with SAML 2.0 and is happy to provide documentation to assist customers in setting up SSO according to their needs.
Data is securely stored in a logically separated database hosted within the AWS cloud environment.
Karat is hosted in geographically diverse AWS data centers, ensuring robust physical security and environmental controls.
Karat has a comprehensive backup strategy with defined RTO and RPO objectives, and we conduct annual backup tests and restores.
No, the Karat service model does not require a direct connection to a customer’s infrastructure.
Logs are collected, aggregated and retained for a minimum of one year.
Karat data protection policies cover information security, cloud security, cryptography, data retention, business continuity and privacy. Policies may be provided upon request under an NDA.
Customers should reach out to their Karat sales representative who can connect them to Karat’s legal, information security and content/delivery teams as applicable.
Data Privacy
As outlined in Karat’s DPA, customers share with Karat personal information regarding candidates as necessary to schedule an interview and provide the services. Customers are required to provide a candidate’s full name and email address; they may also optionally share a candidate’s phone number, resume data and outcome of the candidate’s application (aka candidate disposition data). The customer is a controller with respect this candidate personal information.
Karat also collects personal information directly from candidates or in connection with their use of the services pursuant to the Karat Privacy Policy. With respect to these instances of a candidate’s personal information, Karat is a controller. Candidates determine how Karat processes that information, particularly their interview results. Karat’s use of this candidate personal information is outlined in our Privacy Policy which is acknowledged and accepted by all candidates prior to scheduling an interview or other assessment. Candidates can request access to or deletion of their interview results or other personal data as outlined in the Privacy Policy.
Karat serves as controller of candidate data so that we can provide the highest quality service to customers and candidates. Candidates may be assessed by Karat multiple times, and we need to keep candidate data so we can match candidates to their prior history with Karat. We want to ensure that candidates do not see the same content in any subsequent interview so that we can provide the strongest possible hiring signal. Additionally, this allows us to accelerate candidates in a customer’s funnel that we are able to identify as having already met the customer’s hiring bar.
When scheduling a Karat Core interview, Karat requests the following information from candidates:
- First and last name
- Gender/Pronouns
- Phone
- Disability accommodation needs
- Race/ethnicity (optional)
- Resume (optional)
- Links to social media & GitHub profiles (optional)
Generally the data is collected so that we can schedule and perform the interview and provide an effective recommendation to the customer/potential employer. Data like name, pronouns and disability status are used to personalize the interview experience; we use phone numbers to call candidates experiencing technical issues during their interview. Emails are used for communications/scheduling purposes and as unique identifiers for each candidate in the Karat environment (including ensuring candidates are not given the same content on multiple occasions). Demographic data such as gender and race/ethnicity is voluntarily collected so that we can conduct audits and impact assessments as may be required by law or our customers. Resume and social media profile data is purely optional for those candidates wishing to build a more robust profile with Karat.
It is always optional for candidates to provide demographic data such as gender, race/ethnicity or disability status. That said, Karat does not customize its data collection or processing practices on a customer-by-customer basis. Karat and candidates are forming a direct data subject to controller relationship which exists outside of any one customer request to perform an interview or assessment. As such, Karat and customers need a consistent experience and set of terms (the Karat Privacy Policy) to apply to all their interactions, particularly as candidates build a profile with Karat as they complete multiple assessments over time. More specifically, demographic data such as gender and race/ethnicity is voluntarily collected so that we can conduct audits and impact assessments as may be required by law or our customers.
No. The video and audio of Karat interviews are exclusively available for viewing on our platform, but not for download.
Candidate demographic data (such as gender/race/ethnicity/disability status) is available to IVEs only to the extent such information is observable through the interview process. Such information is not available to customer end users or incorporated into interview reports which are accessible to the customer following an interview.
Karat strongly encourages candidates to turn on their camera and allow for video recording during Karat interviews to provide the best possible outcome for candidates and employers. Many employers seek to evaluate a candidate’s communication skills, attitude, and professionalism, in addition to a candidate’s technical abilities (which is the focus of the Karat assessment), and a video recording allows for the prospective employer to better evaluate these attributes. Lack of video recording may also inhibit Karat’s ability to complete its quality control process to both ensure fair treatment for candidates and identify any instances of cheating.
That said, Karat respects candidates’ privacy and right to control the use of their personal information. In the event a candidate does not wish to use their camera during the interview, they may simply turn off their camera during the interview. If a candidate is comfortable with a camera on during the live interview, but does not wish to have the interview recording used or shared in certain ways, candidates should inform the IVE performing the interview and immediately following the interview email privacy@karat.com.
Under our current product design, it is not possible to completely disable interview recording, but if a candidate does not wish to have the interview recording shared with the prospective employer or otherwise wishes to have it deleted, that request can be made by emailing privacy@karat.com. Employers are not able/not permitted to download or retain their own copies of interview recordings; they must view videos through the Karat platform.
Candidates can request that any or all of their personal information be deleted by emailing such a request to privacy@karat.com. For identification purposes, candidates must use the same email address originally provided to Karat when scheduling the applicable interview.
Karat deletes candidate data upon the request of the candidate or after a maximum of 5 years from the date of the interview.
Our cloud storage provider, AWS, is trusted by some of the most security-conscious organizations in the world. AWS data centers are also ISO 27001 certified and SOC 3 security reports are available. All data is hosted in Amazon AWS US West-2 (N. California) and East (N. Virginia) (entirely within the United States).
Karat has employees and contractors with access to customer data and candidate data in several countries outside of the US. Karat is happy to provide a current list of countries during our contracting and due diligence process. Karat IVEs are located around the world; however, IVEs do not have access to customer data.
Karat complies with global data privacy regulations, including but not limited to EU, UK and Swiss GDPR and applicable US state privacy laws including CCPA and VCDPA. Karat is also certified under the EU – US Data Privacy Framework, with our certification most recently renewed in July 2024. Our DPA details our responsibilities under these privacy laws as a processor of customer data, and the technical, organizational, and administrative procedures we have put in place to protect the personal data we process on behalf of our customers. Our security and privacy measures are continuously monitored and enhanced by our privacy information security teams in accordance with the ever-evolving global privacy and cybersecurity threat landscape.
Compliance
While Karat does not operate an OFAC compliance search program, we do not work with individuals or subcontractors in countries restricted by the US Office of Foreign Assets Control (OFAC). Additionally, we will not work with subcontractors who have active OFAC complaints against them or are in violation of OFAC sanctions programs. We require subcontractors to warrant as such in their agreements with us.
Karat is a remote-first organization. Our corporate headquarters in Seattle is LEED GOLD certified. For employees using the space for in-person collaboration, Karat provides environmentally friendly features such as bicycle storage, electric car charges, and vanpools. Our green roof absorbs stormwater to water plantings and filters runoff which reduces pollution of Portage Bay while drought-resistant plants reduce the amount of potable water used for irrigation by 79%. We participate in electronics recycling and limit the use of paper products and printing.
Yes, on an annual basis, Karat personnel complete mandatory training on and agree to comply with Karat’s code of conduct. The code of conduct is reviewed and updated annually. Karat is happy to review customer codes of conduct and other customer policies during our contracting and due diligence process.
Karat is an equal employment/affirmative action employer and is LGBTQIA+ friendly. We are committed to providing a workplace that is free of discrimination of all types and abusive, offensive, or harassing behavior. Karat is happy to review customer diversity and equity or diverse supplier policies during our contracting and due diligence process.
Customers have the ability to leverage several AI features in the review and summarization of Karat Core and Karat Focus interviews. Specifically, Karat uses an LLM to synthesize data from the IVE interview report and the final recommendation, resulting in a written interview summary for the customer. Candidate PII is not shared with the LLM and the LLM does not train on the data inputs. This AI summary feature can be toggled on or off at a customer’s direction.
Karat Qualify is a top-of-funnel screening assessment that leverages item response theory (IRT). Certain jurisdictions consider IRT to fall within the definition of AI or machine learning. Karat is ready to assist customers operating in those jurisdictions with compliance needs.
At Karat, we work to provide a fair interview experience for everyone. Candidates have an opportunity to request specific accommodations prior to their interview. Our support team will then schedule the candidate with an IVE that can provide the most ideal experience based on the candidate’s needs (for example, IVEs that speak American Sign Language). Typical accommodations include extended interview time, use of a screen reader, or use of an interpreter. We will never require a candidate to disclose their personal medical information as a part of an accommodation request.
Our in-house coding environment and video conferencing software were designed with accessibility in mind. Karat Studio has a high accessibility score, simple to use interface, support for High Contrast and large fonts, and text chat functionality.
Legal
Karat’s intellectual property includes all the elements of our assessment tools that customers encounter during their relationship with Karat. This includes assessment questions, interview methodologies, scoring rubrics, and any other content developed by our team to provide services to customers.
If a customer chooses to provide their own content or interview questions, this content will be considered the customer’s intellectual property. Results of the services, such as interview video, audio and reports, become Karat intellectual property. Karat grants customers a perpetual license to interview results and any other reports or insights they may receive through the use of Karat.
We will fully indemnify and hold harmless customers with respect to third party claims that our products or services infringe a copyright or patent. For other types of liability, it is a fundamental principle of Karat’s business operations that liability be capped in proportion to the fees paid. Our liability cap is in line with standard market practice and reflects a fair risk allocation to guarantee fair and proportionate liability for both parties. Karat requires all customers to indemnify us if Karat becomes part of a third-party claim arising from a customer’s hiring decisions. The ultimate decision regarding whether to advance a candidate in the hiring process (or other employment related actions) belongs to the customer. Karat has no control over how its customers use interview results and analytics.
Where an active order form is in effect, a customer may terminate the master agreement and related order form in the event of Karat’s incurable material breach of its obligations. Karat does not provide termination for convenience because a great deal of our work is front loaded prior to the completion of any interviews. As such, order forms are non-cancelable and fees are non-refundable.
Interview Engineer (IVE) Community
Karat interviews are conducted by an Interview Engineer. Interview Engineers (or “IVEs”) are a global community of experienced software engineers available to conduct high quality interviews 24/7. To join the Karat IVE community, an engineer must have a minimum of 3 years of experience and a degree in computer science or engineering, as well as fluent English language skills. Collectively, Karat’s IVE community has conducted hundreds of thousands of interviews, possessing expertise in a wide range of coding languages and environments.
IVEs undergo a rigorous screening process before conducting Karat interviews that includes evaluation of their coding and soft skills and training in Karat’s interview methodology. They continue to receive evaluations during their tenure as an IVE, and must qualify for each new skill area and question set for which they perform assessments. IVEs are managed and closely monitored by Karat’s community operations team.
IVEs are assigned to interviews only when they meet the specific requirements of the applicable interview content and coding languages. Selected IVEs must also meet any specific requirements dictated by the customer and as agreed by Karat.
Karat has a quality control program to ensure that interviews meet customer requirements and are performed to the highest standard. Karat requires IVEs to participate in ongoing mentoring and frequent continuing education. Additionally, interviews are subject to quality control reviews both at random as well as in response to concerns about IVE performance raised by candidates or Karat community operations team members. Our community operations team oversees IVEs and will directly address any performance concerns raised during quality control review.
IVEs are required to report any possible conflict of interest that may prevent them fairly conducting an interview. If it is determined that the IVE has a conflict of interest with respect to an assigned interview, the interview will be assigned to a new IVE. Examples of conflicts of interest include, but are not limited to the following:
- The IVE has previously worked with or currently works with the candidate, or knows them personally;
- The IVE currently works at the company the candidate is interviewing for; or
- The IVE is also planning to interview or has interviewed with the customer for a position.
Assessment Integrity
Karat cares deeply about providing a fair playing field to all candidates and conducting interviews that provide an accurate signal with respect to a candidate’s abilities.
Prior to beginning an assessment, candidates have an opportunity to review our candidate terms and conditions and interview preparation materials, which describe what resources are allowed during the interview. Unless otherwise directed by a customer and explicitly communicated to a candidate by an IVE, Karat prohibits behaviors such as:
- using code or language that is not the candidate’s original work;
- using unauthorized third-party assistance to answer questions; and
- copying questions outside of the Karat coding environment into search engines or a GPT.
Each IVE is trained to monitor for and report abnormal candidate behaviors which may indicate cheating, such as typing outside of the browser window without explanation, frequently looking between monitors, or writing code in an unusual top-down or line-by-line manner. When an IVE identifies such behaviors and suspects cheating, they report this behavior as part of their post-interview report and flag the interview for quality control review by a second IVE.
When an IVE flags suspected cheating in their post-interview report, the interview will be rewatched and reviewed in its entirety by a second IVE specifically trained in Karat’s quality control standards. If quality control does reveal suspicious behavior, our community operations team will communicate with the customer and discussion possible solutions.
Information Security
Karat is hosted in the AWS US region and is designed with multiple availability zones to ensure resilience against potential outages.
Karat adheres to the AICPA standards under the SOC 2 framework. Each year, a third-party auditor conducts a comprehensive review of our security and privacy controls. We are pleased to provide our SOC 2 Type II Attestation report upon request.
All customer data is encrypted in transit (using TLS 1.2 or higher) and at rest (through AES-256).
Karat operates according to the principle of least privilege and need-to-know. At a minimum, Karat conducts monthly access control reviews to ensure that Karat personnel are only granted the permissions they need to perform their job functions.
All Karat personnel are required to complete compliance training on info security and privacy upon hire and annually thereafter.
Karat conducts penetration testing at least annually and conducts bi-weekly vulnerability testing to proactively identify and remediate security vulnerabilities.
Karat Supports two types of Single Sign-On (SSO) methods:
- Service Provider (SP)-initiated SSO, and
- Identity Provider (IDP)-initiated SSO
Karat is fully compliant with SAML 2.0 and is happy to provide documentation to assist customers in setting up SSO according to their needs.
Data is securely stored in a logically separated database hosted within the AWS cloud environment.
Karat is hosted in geographically diverse AWS data centers, ensuring robust physical security and environmental controls.
Karat has a comprehensive backup strategy with defined RTO and RPO objectives, and we conduct annual backup tests and restores.
No, the Karat service model does not require a direct connection to a customer’s infrastructure.
Logs are collected, aggregated and retained for a minimum of one year.
Karat data protection policies cover information security, cloud security, cryptography, data retention, business continuity and privacy. Policies may be provided upon request under an NDA.
Customers should reach out to their Karat sales representative who can connect them to Karat’s legal, information security and content/delivery teams as applicable.
Additional questions?
Customers should reach out to their Karat sales representative who can connect them to Karat’s legal, security and content/delivery departments as applicable.
Contact
Karat has obtained the following certifications reflecting our commitment to the protection of customer and candidate data.
SOC 2.
Type II report covering Security, Availability, Integrity, Confidentiality, and Privacy
U.S. Data Privacy Framework (DPF).
A framework for complying with EU, UK, and Swiss privacy requirements