What Blocks Other AI Vendors — And Why nodes Doesn’t
All processing—ingestion, scoring, interviews, sourcing—happens inside your VPC or on-prem. No outbound connections to external AI services.
Nodes is designed for regulated industries, strict legal teams, and security-first organizations. Your data stays protected, your models stay yours, and every part of the system is fully auditable.
SOC 2 Type II
Certified
Security, Availability, Confidentiality, Processing Integrity
HIPAA
Compliant
BAA available. Technical & administrative safeguards implemented.
FedRAMP
In Progress
Target: FedRAMP Moderate. Agency-specific ATO available now.
NIST 800-171
Aligned
Architecture supports all 110 controls. For defense contractors.
CMMC
Aligned
Supports Level 2+ requirements.
REGULATORY MAPPING
Financial Services (OCC, FDIC, SEC, FINRA)
Model risk management, vendor oversight, data governance, and AI explainability requirements addressed through single-tenant deployment, customer-owned models, and comprehensive audit trails.
Defense & Aerospace (DoD, DCSA)
CMMC alignment, NIST 800-171 controls, supply chain security, and air-gapped deployment options available for classified environments.
Healthcare (HIPAA, HITECH)
PHI protection through PII stripping, BAA available, encryption requirements met, and audit logging for compliance validation.
DATA PROTECTION
Before models see candidate data, protected attributes are automatically removed.
Attributes stripped
Name, email, phone, address, age, graduation year, photos, gender indicators, ethnicity-correlated markers, location
Encryption
Name, email, phone, address, age, graduation year, photos, gender indicators, ethnicity-correlated markers, location
Key ownership
Name, email, phone, address, age, graduation year, photos, gender indicators, ethnicity-correlated markers, location
ACCESS CONTROL
All authentication flows through your identity provider.
RBAC
System Admin, Recruiter, Hiring Manager, Interviewer, Auditor, Data Scientist, Custom Roles
Vendor access
NODES has no standing access to your environment. Support access is customer-initiated, time-limited, and fully logged.
SSO
Okta, Azure AD, OneLogin, Ping Identity, Google Workspace (SAML 2.0, OIDC)
BIAS & FAIRNESS
We've been through enterprise security reviews at Fortune 500 banks, insurers, healthcare systems, and defense contractors. Your documentation is ready.
Available under NDA
SOC 2 Type II Report, Penetration Test Results, Architecture Security Review
Available on request
Security Questionnaire (SIG, CAIQ, custom), HIPAA documentation, NIST 800-171 mapping, Model Risk package, Bias testing methodology
DOCUMENTATION
We’ve already passed enterprise security reviews at Fortune 500 banks, insurers, healthcare systems, and defense contractors. Documentation is ready when Legal asks.
Available Under NDA
SOC 2 Type II report, penetration test results, and architecture security review—prepared for enterprise legal and security teams.
Security Questionnaires Ready
Standard and custom questionnaires supported, including SIG, CAIQ, and customer-specific security reviews.
Regulatory & Risk Coverage
HIPAA documentation, NIST 800-171 mappings, and model risk packets available on request to accelerate approvals.
