Access control
Access is decided in two layers: which products an organization has, and which role a person holds inside that organization.
Per-product entitlements
An organization is entitled to each product separately. If a product is not active, its whole area is replaced by an activation screen rather than partial access.
Role-based permissions
Within a product, a role decides which actions appear and which are disabled. Disabled actions are also blocked server-side, not just hidden.
Least privilege
New members start with a Viewer-style role. Owners and Admins grant more access deliberately.
Multi-organization
A person can belong to several organizations and switch between them. Each switch reloads only the data for the organization they moved into.
Data isolation
Tenancy is enforced at the database layer so isolation does not depend on application code remembering to filter.
Row-level security
Policies on every table restrict rows to the current organization. A query that forgets to filter still returns nothing from another tenant.
Standardized policies
The same isolation pattern is applied across Recruit, Assess and People, so there is one model to reason about, not three.
No cross-tenant joins
Shared candidate and employee records are resolved by reference within the caller's organization scope.
Identity & single sign-on
One identity spans the whole suite, so a person signs in once and moves between products without separate accounts.
One login
The same user and password, or SSO session, works across Recruit, Assess and People.
SSO ready
Single sign-on lets you manage access from your identity provider and remove someone in one place.
Session scope
A session is always tied to one current organization at a time, chosen with the organization switcher.
Candidate & employee data
The people records at the centre of the suite are handled with extra care because they are personal and shared.
Candidates have no login
Candidates take assessments and apply through secure links and access codes. They never create an account, which keeps their footprint small.
Shared by reference
Recruit owns hiring fields and Assess reads only what it needs to score. People reads the same record once a candidate is hired.
Field-level visibility
Sensitive employee fields are visible only to the roles that need them, such as HR Admins, not every manager.
Deletion & export
Organization owners can export their data and request deletion. Removing an entitlement does not silently retain the data behind it.
Infrastructure
DXPA runs on a managed cloud database and application layer with encryption and backups handled by that platform.
Encryption in transit
All traffic is served over TLS.
Encryption at rest
Stored data is encrypted at rest by the managed database layer.
Backups
The database platform takes regular automated backups with point-in-time recovery.
Separation of environments
Production is isolated from development and testing environments.
Roles across the suite
Shared roles apply everywhere; each product adds roles for the work it does. Actions a role cannot take are disabled in the interface and rejected by the API.
| Role | Product | Can do |
|---|
| Owner | Shared | Everything, including billing and entitlements. |
| Admin | Shared | Configure the org and manage users; no billing ownership. |
| Viewer | Shared | Read-only access to what the org exposes. |
| Recruiter | Recruit | Manage jobs, applications and pipeline. |
| Hiring Manager | Recruit | Review applications, give feedback, approve offers. |
| Interviewer | Recruit | Give interview feedback only. |
| HR Admin | People | Manage records, onboarding, leave and policies. |
| Manager | People | See and approve for their own team. |
Compliance posture
iDXPA is designed around access control, data isolation and auditability that support frameworks like GDPR and SOC 2. We describe our architecture and practices plainly here rather than listing badges. For a current list of certifications, audit reports or a security questionnaire,
contact our team and we will share what applies to your contract.