1c:["$","$L28",null,{"allArticles":[{"slug":"fairness-audit-and-the-4-5ths-rule","title":"The fairness audit and the 4/5ths rule.","dek":"How we apply the 4/5ths rule per protected group per role, how often we audit, and what we publish.","category":"compliance","tags":["fairness","bias","4/5ths","audit"],"lastReviewed":"2026-09-30","readingTime":"3 min read","related":["eu-ai-act-posture","right-to-human-review","bias-audit-in-full"],"body":[{"type":"paragraph","text":"The 4/5ths rule says: the selection rate for any protected group should be at least 80% of the selection rate for the highest-selected group. We apply it per protected group, per role family, per stage of the pipeline. Not as a single sitewide number."},{"type":"heading","level":2,"text":"Cadence."},{"type":"list","ordered":false,"items":["Per-customer fairness report: weekly, automatic. Visible in the hiring-manager dashboard, exportable as PDF.","Sitewide aggregate report: quarterly. Published on /trust/fairness.","Per-role-family flag: any ratio under 0.80 pauses automated advancement on the role and triggers an engineering investigation."]},{"type":"heading","level":2,"text":"Protected groups in scope."},{"type":"paragraph","text":"Gender (self-reported, optional), race and ethnicity where legally collectable, age band (under 25, 25 to 34, 35 to 44, 45 to 54, 55 plus), disability status (self-reported, optional, UK Equality Act 2010 categories), country of education. We do not infer protected characteristics from voice, video, or written content; the only data we use is the optional, self-reported demographic data captured on a separate consent screen at the start of the candidate experience."},{"type":"callout","tone":"neutral","text":"The full method is on the blog at /resources/blog/bias-audit-in-full and the per-quarter aggregate is on /trust/fairness."},{"type":"paragraph","text":"What to do next: export the workspace fairness report on the first of the month and share it with your works council, HR, or DE&I lead."}]},{"slug":"right-to-human-review","title":"Right to human review.","dek":"Every Picked candidate can request human review of a non-advancement. How it works, how long it takes, and who reviews.","category":"compliance","tags":["human review","Article 22","appeal","oversight"],"lastReviewed":"2026-09-29","readingTime":"3 min read","related":["eu-ai-act-posture","fairness-audit-and-the-4-5ths-rule","candidate-data-and-deletion"],"body":[{"type":"paragraph","text":"Every Picked candidate has the right to request human review of a non-advancement decision. The right is surfaced to the candidate at the point of decision, not buried in a privacy policy."},{"type":"heading","level":2,"text":"How it works."},{"type":"list","ordered":true,"items":["The candidate clicks Request human review on the decision note. The window is seven days from the original decision.","A human reviewer (a member of the hiring-company side, not Picked) is notified via email and Slack. The reviewer is the role owner by default, configurable per workspace.","The reviewer reads the full transcript, the score sheet, and the original rationale. They have ten working days to respond.","The response is structured: either an override of the original decision, or a confirmation with a brief explanation. The candidate receives the response in the same dashboard surface."]},{"type":"heading","level":2,"text":"Why this is in the product, not the policy."},{"type":"paragraph","text":"EU AI Act Article 14 (human oversight) and GDPR Article 22 (right not to be subject to a solely automated decision) both require this. We build it in rather than gating it behind a written-and-mailed request because that is the only way the right is practically exercised. About 6% of non-advanced candidates request review in beta; about 12% of those reviews change the decision."},{"type":"callout","tone":"neutral","text":"Customers in regulated industries (financial services, healthcare) can route human-review responses through a compliance reviewer before they return to the candidate; configure this on Settings, Compliance, Human review."},{"type":"paragraph","text":"What to do next: confirm the human-review reviewer assignment in the workspace settings before any role goes live."}]},{"slug":"uk-gdpr-and-data-residency","title":"UK GDPR and data residency.","dek":"Where data lives, who the controller is, and how the Picked-as-processor contract is set up.","category":"compliance","tags":["GDPR","data residency","controller","processor","DPA"],"lastReviewed":"2026-09-28","readingTime":"3 min read","related":["eu-ai-act-posture","candidate-data-and-deletion","invoices-and-vat"],"body":[{"type":"paragraph","text":"Neuroworx Ltd is ICO-registered as a data controller for the candidate-side relationship and as a data processor for the hiring-company-side relationship. UK GDPR applies; EU GDPR applies on the EU candidate base."},{"type":"heading","level":2,"text":"Where data lives."},{"type":"list","ordered":false,"items":["Structured data: Supabase in London (eu-west-2).","Application hosting: Vercel London (lhr1).","Transcript audio and large blobs: Cloudflare R2 EU.","Voice infra: LiveKit EU.","Outbound mail: Resend EU.","Reasoning model: Anthropic Claude. Transcription only: OpenAI Whisper."]},{"type":"paragraph","text":"No data leaves UK or EU regions for the core hiring workflow. Sub-processor regions and purpose are listed on /trust/sub-processors and updated on every quarterly review."},{"type":"heading","level":2,"text":"The DPA."},{"type":"paragraph","text":"A standard data-processing agreement is in place for every workspace by default; the customer accepts it on sign-up. A custom DPA can be reviewed under Settings, Legal, DPA. Sign-off turnaround for a custom DPA is inside five working days."},{"type":"paragraph","text":"The DPA covers the categories of personal data we process, the security measures in place, sub-processor disclosure, retention, deletion, and the assistance we provide on data-subject requests. Procurement-grade addenda (international data transfer addendum, UK ICO addendum, EU SCCs) are linked from the DPA panel."},{"type":"callout","tone":"neutral","text":"For US-specific data flows when the V2 US tier ships, the Standard Contractual Clauses adendum will be added under the same screen."},{"type":"paragraph","text":"What to do next: accept the default DPA on sign-up; flag a custom DPA only if your procurement requires one."}]},{"slug":"eu-ai-act-posture","title":"EU AI Act posture.","dek":"Why hiring is high-risk under Annex III, what conformity Picked has, and what the customer is on the hook for.","category":"compliance","tags":["EU AI Act","Annex III","high-risk","conformity"],"lastReviewed":"2026-09-26","readingTime":"3 min read","related":["uk-gdpr-and-data-residency","fairness-audit-and-the-4-5ths-rule","right-to-human-review"],"body":[{"type":"paragraph","text":"Hiring AI is high-risk under Annex III of the EU AI Act. Picked is built to spec for the high-risk regime, not retrofitted. The conformity work was done before V1 ships."},{"type":"heading","level":2,"text":"What Picked provides."},{"type":"list","ordered":false,"items":["Technical documentation per Article 11 (system description, data governance, accuracy, robustness, cybersecurity).","Risk management system per Article 9, reviewed quarterly.","Data governance documentation per Article 10 (training data, validation data, fairness datasets, bias-source audit).","Logging per Article 12. Every decision logged, every override logged, every model card versioned.","Human oversight per Article 14. Every automated advancement decision has a human-review path.","Accuracy and robustness reporting per Article 15. Published on /trust/model-cards.","Post-market monitoring per Article 17."]},{"type":"heading","level":2,"text":"What the customer is on the hook for."},{"type":"paragraph","text":"The customer is the deployer under the Act. The deployer has obligations around informing the candidate, recording the use, and assigning human oversight responsibility within the organisation. Picked surfaces these obligations in the dashboard and provides the templated notice text; the customer signs off on the deployment."},{"type":"callout","tone":"neutral","text":"See /trust/compliance for the full conformity documentation set and the per-customer template pack."},{"type":"paragraph","text":"What to do next: read the conformity documentation before procurement and assign a named human-oversight contact in the workspace settings."}]},{"slug":"invoices-and-vat","title":"Invoices, VAT, and company details.","dek":"Where to find invoices, how to add your VAT number, and what address appears on the bill.","category":"billing-and-spend-caps","tags":["invoice","VAT","tax","billing details"],"lastReviewed":"2026-09-25","readingTime":"3 min read","related":["how-billing-works","setting-a-spend-cap","uk-gdpr-and-data-residency"],"body":[{"type":"paragraph","text":"Invoices are issued by Neuroworx Ltd, the UK company that runs the service. The invoice address on file appears on every bill. You can download every invoice as a PDF from Settings, Billing, History."},{"type":"heading","level":2,"text":"VAT and tax."},{"type":"list","ordered":false,"items":["UK customers: VAT charged at the prevailing UK rate. Add your company VAT number under Settings, Billing, Company details.","EU customers: reverse-charge applies. Add your EU VAT number under the same screen; once verified via VIES, VAT will not be charged on subsequent invoices.","US and rest-of-world customers: no VAT. State and local sales tax is not collected by Picked at V1."]},{"type":"heading","level":2,"text":"The bill-from details."},{"type":"paragraph","text":"Every invoice shows: Neuroworx Ltd, UK company number 14612373, VAT GB 480543686, 22 Charterhouse Square, London EC1M 6DX. ICO-registered data controller."},{"type":"paragraph","text":"Purchase-order numbers, cost-centre codes, and a custom invoice reference can all be added under Settings, Billing, Company details. Once set, they appear on every subsequent invoice and on the PDF export. Past invoices are not retroactively re-issued."},{"type":"paragraph","text":"Payment is by card on file at V1. Bank transfer and SEPA Direct Debit are scheduled for the first 90 days post-launch; for procurement-mandated bank transfer today, write to billing@picked.ai and we will manually invoice on a 30-day net term."},{"type":"callout","tone":"neutral","text":"If you need a quote for procurement before signing up, write to billing@picked.ai. We turn around quotes inside 24 hours."},{"type":"paragraph","text":"What to do next: add the VAT number now if you want it on the first invoice. Once an invoice is issued, the VAT figure is fixed."}]},{"slug":"how-billing-works","title":"How billing works.","dek":"99 cents per vetted candidate, first 50 free, billed monthly in arrears. No seats, no minimums, no annual contract.","category":"billing-and-spend-caps","tags":["billing","pricing","invoice","usage"],"lastReviewed":"2026-09-22","readingTime":"3 min read","related":["setting-a-spend-cap","invoices-and-vat","the-99-cent-unit"],"body":[{"type":"paragraph","text":"We bill 99 cents per AI-vetted candidate. The first 50 are free, across the lifetime of the account. We bill monthly in arrears on the 1st, for the prior calendar month, in USD."},{"type":"heading","level":2,"text":"What counts as a billable candidate."},{"type":"list","ordered":false,"items":["Triage complete plus AI screen complete plus role-fit assessment complete plus first-round interview complete. All four. A candidate who drops off mid-flow is not billed.","Counted once per role per candidate. A candidate who applies to two of your roles is billed twice; we run the screen and the assessment separately for each role, because the rubric is different.","Counted on completion, not on application. Friday morning candidates count on the Friday they finish, not the Monday they applied."]},{"type":"heading","level":2,"text":"When the invoice arrives."},{"type":"paragraph","text":"On the 1st of every month, by email to the billing-contact address on the workspace. We charge the card on file the same day. If a card payment fails, we retry over five days and then pause new candidate-vetting until billing is current. Live candidates already in flight complete and are billed on the next invoice."},{"type":"callout","tone":"accent","text":"$$0.99 per AI-vetted candidate. First 50 free."},{"type":"paragraph","text":"What to do next: set a spend cap if you want a hard ceiling, and confirm the billing-contact email is right."}]},{"slug":"parking-a-candidate","title":"Parking a candidate.","dek":"How to keep a strong candidate alive for a future role without locking up a finalist slot now.","category":"decision-engine","tags":["parked","future role","talent pool","archive"],"lastReviewed":"2026-09-19","readingTime":"2 min read","related":["overriding-a-rank","closing-a-role","candidate-data-and-deletion"],"body":[{"type":"paragraph","text":"Park a candidate from the finalist card, Park. The candidate is removed from the active finalist set without being told \"not advanced\". They are kept warm for a future role."},{"type":"heading","level":2,"text":"What parking does."},{"type":"list","ordered":false,"items":["Moves the candidate from active to parked status on the role.","Sends the candidate a \"we are not advancing you on this specific role, but we would like to talk again on a future role\" message. The wording is editable.","Surfaces the candidate on the workspace Talent pool view, scoped to the role family.","Does not trigger an automatic invite to other live roles in the workspace. Re-invites are opt-in per candidate, logged."]},{"type":"heading","level":2,"text":"How a parked candidate is reactivated."},{"type":"paragraph","text":"From the Talent pool view, find the candidate, click Invite. Pick the role you want them reconsidered on. They get a one-line note: \"We are re-opening this for you on the .\" That invite counts as a new vetting cycle for billing if the candidate completes the new role-fit assessment."},{"type":"callout","tone":"neutral","text":"Parked candidates obey the same retention rule as everyone else. After 24 months without activity, the candidate is auto-erased."},{"type":"paragraph","text":"What to do next: park, do not \"not advance\", any candidate who scored within five points of a finalist."}]},{"slug":"seniority-and-rubric","title":"Seniority and the rubric.","dek":"How the seniority field drives the assessment difficulty and the interview script. What \"senior\" means, in our terms.","category":"posting-a-role","tags":["seniority","rubric","levels","assessment"],"lastReviewed":"2026-09-18","readingTime":"3 min read","related":["writing-a-good-role-brief","post-your-first-role","reading-the-finalist-card"],"body":[{"type":"paragraph","text":"Seniority is the second-most load-bearing field on the role form, after the free-text brief. It drives the assessment item set, the interview question depth, and the rubric weighting."},{"type":"heading","level":2,"text":"The five levels, in our terms."},{"type":"list","ordered":false,"items":["Associate. 0 to 2 years in role family. Assessment items are scenario-pattern based. Interview probes for reasoning rather than experience.","Mid. 2 to 5 years. Assessment items mix scenarios with tradeoff calls. Interview probes for ownership of a finished body of work.","Senior. 5 to 9 years. Assessment items are tradeoff-heavy. Interview probes for a hard call made and a quantified outcome.","Staff. 9 plus years, cross-team scope. Assessment items add system-level scenarios. Interview probes for cross-team influence and a written artefact (RFC, post-mortem, design doc).","Principal. 12 plus years, organisation-level scope. Assessment items add organisation-level scenarios. Interview probes for a multi-year bet and the evidence behind it."]},{"type":"heading","level":2,"text":"What to do when the title and the level disagree."},{"type":"paragraph","text":"A title like \"Engineering manager\" can map to mid, senior, or staff depending on the team size. Pick the seniority that matches what the person will own at six months, not the title on the org chart. The rubric will track that."},{"type":"callout","tone":"neutral","text":"If you change seniority on a live role, the rubric regenerates for new applicants only. Already-vetted candidates keep their original scores; the comparison stays apples-to-apples within the role."},{"type":"paragraph","text":"What to do next: open the rubric preview before publishing and check the top three competency weights match the brief."}]},{"slug":"overriding-a-rank","title":"Overriding a rank.","dek":"When to override the AI ranking, how to log the rationale, and what the override means for the candidate and the audit trail.","category":"decision-engine","tags":["override","rank","human-in-the-loop","audit"],"lastReviewed":"2026-09-15","readingTime":"3 min read","related":["reading-the-finalist-card","parking-a-candidate","right-to-human-review"],"body":[{"type":"paragraph","text":"Override the AI rank from the finalist card, Override. The override prompts you to log a rationale before it commits. The rationale is logged to the audit trail and to the candidate-side decision note."},{"type":"heading","level":2,"text":"When to override."},{"type":"list","ordered":false,"items":["The evidence span on a top-three competency does not support the score. The transcript reads weaker than the rubric called.","A deal-breaker check was passed by the rubric but the candidate-side answer flagged a hidden constraint (right-to-work change, salary expectation drift, location change).","Domain context the rubric cannot model: the candidate is fluent in a specific tool you require, the candidate has worked at a directly relevant prior company, and the rubric did not weight that strongly enough."]},{"type":"heading","level":2,"text":"What the override does."},{"type":"paragraph","text":"It changes the rank within the finalist set, and it logs a structured rationale. The candidate-side decision note shows the rationale (paraphrased to remove protected-characteristic mentions, if any). The override is visible to admins and owners on the audit log. Override patterns across the workspace are summarised on the workspace fairness report."},{"type":"callout","tone":"neutral","text":"Overriding does not adjust the rubric weighting on the role. To change the rubric, edit it on the role page; that does not retro-rank existing candidates."},{"type":"paragraph","text":"What to do next: override sparingly. Two overrides per role is healthy. Five overrides per role is a sign the rubric needs an edit."}]},{"slug":"writing-a-good-role-brief","title":"Writing a good role brief.","dek":"The 150 to 300 word template we use internally. Three paragraphs, in this order.","category":"posting-a-role","tags":["role brief","writing","template","rubric"],"lastReviewed":"2026-09-12","readingTime":"3 min read","related":["post-your-first-role","seniority-and-rubric","closing-a-role"],"body":[{"type":"paragraph","text":"A good role brief is 150 to 300 words. Anything shorter and the rubric proposal is too generic. Anything longer and the candidate-facing page reads like a marketing post."},{"type":"heading","level":2,"text":"The three-paragraph template."},{"type":"list","ordered":true,"items":["The work. Two to four sentences on what the person will actually do in the first 90 days. Specific projects, specific systems, specific stakeholders. Not \"drive results across the business\".","The shape of the person. Two to four sentences on the senior-level skill, the mid-level skill, and the trait the team needs. Not a skills checklist; a description.","The constraints. One or two sentences on what is non-negotiable: location, timezone, salary band, must-have technology, must-have certification. The deal-breakers belong here, not in must-haves bullets."]},{"type":"heading","level":2,"text":"A worked example."},{"type":"paragraph","text":"\"Senior backend engineer, payments. You will own the ledger service that processes 4M transactions per month, lead the migration from Stripe Connect to our in-house balance ledger over Q3 and Q4, and pair with two mid-level engineers and one staff. Strong Postgres and Go background. Has shipped a financial primitive in production and can explain the consistency tradeoffs in plain English. Comfortable on-call one week in five. London hybrid, three days in office, salary 110 to 140k.\""},{"type":"paragraph","text":"That brief is 84 words and works. It will produce a tighter rubric than 800 words of generic copy."},{"type":"callout","tone":"neutral","text":"Edit the brief any time. The rubric regenerates; you can accept the new one or keep the old."},{"type":"paragraph","text":"What to do next: write the three paragraphs in a doc first, then paste them into the role form."}]},{"slug":"reading-the-finalist-card","title":"Reading the finalist card.","dek":"The eight to twelve competency scores, the evidence spans, the rubric weighting. What to look at first.","category":"decision-engine","tags":["finalist","score","rubric","evidence"],"lastReviewed":"2026-09-08","readingTime":"3 min read","related":["overriding-a-rank","parking-a-candidate","what-vetted-means"],"body":[{"type":"paragraph","text":"The finalist card is the deliverable. One page per candidate. Three finalists per role. Reading the card takes about three minutes per candidate."},{"type":"heading","level":2,"text":"What is on the card."},{"type":"list","ordered":false,"items":["The eight to twelve competency scores. Each one is a 0 to 100 number with the rubric weighting next to it.","The evidence spans. Each score links to the place in the transcript where the answer landed. Click the score, open the transcript on the right context.","The rank within the role. 1 of 3, 2 of 3, 3 of 3, with the gap on each adjacent rank.","The override-history bar. Any prior overrides on this candidate, who logged them, when.","The candidate-side profile: contact, salary expectation, location, deal-breakers cleared."]},{"type":"heading","level":2,"text":"What to look at first."},{"type":"paragraph","text":"The three highest-weighted competencies. The rubric weighting is set when the role is posted; the top three competencies are the ones that drive the overall rank the most. Open the evidence span on each of those three before reading anything else. If the evidence supports the score, the rank is calibrated. If the evidence feels thin, that is the override candidate."},{"type":"callout","tone":"neutral","text":"Reading time per card is about three minutes if you start with the top three competencies. Reading from the top of the card is closer to seven."},{"type":"paragraph","text":"What to do next: open the finalist card on a live role, read the top three competencies first, and only then decide whether to read the full transcript."}]},{"slug":"setting-a-spend-cap","title":"Setting a spend cap.","dek":"How to put a hard ceiling on vetting spend, per role or per workspace. What happens when the cap is reached.","category":"billing-and-spend-caps","tags":["spend cap","limit","budget","safeguard"],"lastReviewed":"2026-09-05","readingTime":"3 min read","related":["how-billing-works","invoices-and-vat","closing-a-role"],"body":[{"type":"paragraph","text":"A spend cap is a hard ceiling on vetting spend. You can set one per role, one per workspace, or both. Caps are in USD and reset on the 1st of every month."},{"type":"heading","level":2,"text":"How caps behave."},{"type":"list","ordered":false,"items":["Per-role cap. When the role is within 10% of the cap, we email the role owner. When it hits the cap, the role pauses syndication and the in-flight vetting completes.","Per-workspace cap. Same behaviour but the email goes to the billing contact and every owner. When it hits, every role pauses syndication.","Soft cap (advisory). We email only; vetting continues. Useful for forecasting without throttling.","Hard cap (default). Vetting pauses on cap. New applicants land on a waitlist on the candidate page and are invited back when the cap resets or is raised."]},{"type":"heading","level":2,"text":"What the candidate sees on cap."},{"type":"paragraph","text":"A candidate who lands on a role at cap sees a short note: \"This role is paused for this month. Leave your email and we will write back when the next slot opens.\" We do not show the cap amount; we say \"paused\" and route the candidate to the company-wide careers page. The candidate-facing message is configurable from Settings, Candidate experience."},{"type":"callout","tone":"neutral","text":"The default first-role spend cap is $50 to align with the 50 free vetted candidates. You can lift it during role creation."},{"type":"paragraph","text":"What to do next: pick a per-workspace cap that matches your monthly hiring budget, then leave per-role caps off unless a specific role needs throttling."}]},{"slug":"onboarding","title":"Onboarding: the first eight minutes.","dek":"What you do in the first sitting after you sign up. Post the role, set the rubric, hand off the rest.","category":"getting-started","tags":["onboarding","first role","rubric","sign up"],"lastReviewed":"2026-09-04","readingTime":"3 min read","related":["post-your-first-role","writing-a-good-role-brief","inviting-teammates"],"body":[{"type":"paragraph","text":"Onboarding is a single sitting. About eight minutes if you have a role brief ready, twelve if you do not. You will not finish on a setup wizard. You will finish on a posted role with the AI screen already collecting applicants."},{"type":"heading","level":2,"text":"What happens, in order."},{"type":"list","ordered":true,"items":["You sign in with email and a magic link. There is no password to set.","You confirm the workspace name and the timezone. Both can be edited later.","You post the first role. The role form is six fields: title, seniority, location policy, salary band, must-haves, and a free-text brief.","You confirm the rubric. We propose one based on the role title and seniority; you accept it or edit it inline.","You set a spend cap. The default is $50 for a first role, equivalent to the 50 free vetted candidates that every new account gets.","You publish. The role goes live across the syndication network and on your public role page."]},{"type":"heading","level":2,"text":"What happens next, without you."},{"type":"paragraph","text":"Applicants arrive on a rolling basis. Each one runs through the AI screen, the role-fit assessment, and the first-round interview. Three vetted finalists are surfaced to you on Friday morning. You read the finalist card, override or accept the ranking, and either advance to a human round or close the role."},{"type":"callout","tone":"neutral","text":"Onboarding takes about eight minutes. If you get stuck on the role brief itself, see \"Writing a good role brief\"."},{"type":"paragraph","text":"What to do next: post the role, even if the brief is rough. You can edit the brief without resetting the AI screen."}]},{"slug":"what-the-candidate-sees","title":"What the candidate sees.","dek":"The candidate-side experience, end to end. Apply, screen, assess, interview, decision. No 90 percent silence.","category":"candidate-experience","tags":["candidate","experience","apply","visibility"],"lastReviewed":"2026-08-28","readingTime":"3 min read","related":["rescheduling-the-ai-interview","candidate-data-and-deletion","inbound-funnel-broken"],"body":[{"type":"paragraph","text":"The candidate sees five states, in order: applied, screened, assessed, interviewed, decision. Every transition is communicated. The 90 percent no-response problem does not exist on our side of the funnel because the system never goes silent."},{"type":"heading","level":2,"text":"The five states, in order."},{"type":"list","ordered":true,"items":["Applied. The candidate completes the triage on the apply page. They get a confirmation email and a dashboard URL.","Screened. The candidate runs the 12 to 15 minute AI screen. The dashboard updates in real time; the next step unlocks within minutes of completion.","Assessed. The candidate runs the 12 to 18 item role-fit assessment. Average completion time is 22 minutes.","Interviewed. The candidate runs the 20 to 25 minute first-round interview with the voice agent. The transcript is published to their own dashboard for download.","Decision. The candidate sees the decision inside 48 hours of completing the interview. Advance, not advance with structured feedback, or pause."]},{"type":"heading","level":2,"text":"What the not-advanced candidate gets."},{"type":"paragraph","text":"A candidate who is not advanced gets a structured note: which competencies were assessed, the score breakdown, the role-fit ranking, and the right to a human-review path. Every Picked candidate can request human review within seven days of the decision."},{"type":"callout","tone":"neutral","text":"Candidate-side data is portable. See \"Candidate data and deletion\" for export and erasure."},{"type":"paragraph","text":"What to do next: read the candidate microsite at /candidates to see the exact wording the candidate sees on every transition."}]},{"slug":"post-your-first-role","title":"Posting your first role.","dek":"The six fields on the role form, what each one drives, and what you can leave blank.","category":"getting-started","tags":["first role","role form","posting","fields"],"lastReviewed":"2026-08-21","readingTime":"3 min read","related":["onboarding","writing-a-good-role-brief","seniority-and-rubric"],"body":[{"type":"paragraph","text":"The role form has six fields. None of them are optional, but the free-text brief is the only one that takes longer than 30 seconds."},{"type":"heading","level":2,"text":"The six fields."},{"type":"list","ordered":false,"items":["Title. Plain English. \"Senior backend engineer\" beats \"Software engineer III\". The title drives the role family and the default rubric.","Seniority. One of: associate, mid, senior, staff, principal. Drives the question difficulty in the AI screen and the assessment item set.","Location policy. Remote, hybrid, or on-site. Where hybrid or on-site, pick the city. Drives candidate eligibility and timezone match.","Salary band. A range, in your headline currency. Drives the salary-expectation question in the AI screen and the candidate-side filter.","Must-haves. Up to five short bullets. Drives the deal-breaker check at the start of the screen.","Free-text brief. A paragraph or two. Drives the rubric proposal and the candidate-facing role page."]},{"type":"heading","level":2,"text":"What drives what."},{"type":"paragraph","text":"The free-text brief is the load-bearing field. Everything downstream (rubric, assessment, interview script, candidate page) starts from the brief. If the brief is vague, the rubric is vague, and the finalists will be too. If the brief is specific, the rubric will be specific, and the finalists will be a better match."},{"type":"paragraph","text":"You can edit any field after posting except the role family. Edits to the brief regenerate the rubric proposal; you can accept or keep the prior one."},{"type":"callout","tone":"neutral","text":"A good brief is 150 to 300 words. See \"Writing a good role brief\" for the template we use internally."},{"type":"paragraph","text":"What to do next: post the role, then review the proposed rubric before any candidate arrives."}]},{"slug":"candidate-data-and-deletion","title":"Candidate data and deletion.","dek":"What we store on a candidate, how long, how the candidate can export or delete it, and what the hiring side keeps.","category":"candidate-experience","tags":["data","deletion","GDPR","export","retention"],"lastReviewed":"2026-08-20","readingTime":"3 min read","related":["uk-gdpr-and-data-residency","what-the-candidate-sees","right-to-human-review"],"body":[{"type":"paragraph","text":"Candidate data is stored in EU and UK regions (Supabase London for structured data, Cloudflare R2 EU for transcript audio, Resend EU for outbound mail). The candidate is the data subject; the hiring company is the data controller for the role-specific data they hold."},{"type":"heading","level":2,"text":"What we store, by data class."},{"type":"list","ordered":false,"items":["Profile: name, contact, work eligibility, salary expectation, optional self-reported demographics on the fairness consent screen.","Application history: which roles the candidate applied to, the state at each role, the timestamps.","Vetting artefacts: AI screen transcript, role-fit assessment answers, first-round interview transcript, score sheet.","System metadata: device, browser, IP at sign-up (for fraud prevention), audit-log entries."]},{"type":"heading","level":2,"text":"Retention and deletion."},{"type":"paragraph","text":"Default retention is 24 months from the last application activity, then automatic erasure. The candidate can export everything as a single zip from their dashboard at any time, and request immediate erasure under UK GDPR Article 17. Erasure removes the candidate from every hiring company that held them."},{"type":"paragraph","text":"The hiring company can keep its own copy of the data it pulled out via ATS export, subject to its own retention policy. We are not the controller of data held by the hiring company in its own systems."},{"type":"callout","tone":"neutral","text":"See /trust/privacy for the full data-subject rights catalogue and the request flow."},{"type":"paragraph","text":"What to do next: nothing on the hiring side. Erasure requests are handled by Picked under the GDPR timeline."}]},{"slug":"rescheduling-the-ai-interview","title":"Rescheduling the AI interview.","dek":"The window the candidate has, what happens when they no-show, and how the rescheduling flow handles timezones.","category":"candidate-experience","tags":["reschedule","interview","no-show","timezone"],"lastReviewed":"2026-08-15","readingTime":"3 min read","related":["what-the-candidate-sees","connecting-google-calendar","candidate-data-and-deletion"],"body":[{"type":"paragraph","text":"The AI interview is scheduled by the candidate on their own dashboard. The default window is 14 days from completing the role-fit assessment."},{"type":"heading","level":2,"text":"Rescheduling."},{"type":"list","ordered":false,"items":["The candidate can reschedule up to four times within the 14-day window, from their dashboard, with no human in the loop.","A fifth reschedule prompts a confirmation that the candidate is still actively interested. We do not auto-close the candidate; we ask.","Reschedules outside the 14-day window require a one-line note from the candidate; the role owner is notified."]},{"type":"heading","level":2,"text":"No-shows."},{"type":"paragraph","text":"If the candidate misses an interview without rescheduling, we send a follow-up at 24 hours and another at 72 hours. After seven days of no contact, the candidate is moved to \"incomplete\" and the role advances without them. Incomplete candidates are not billed."},{"type":"heading","level":2,"text":"Timezones."},{"type":"paragraph","text":"The booking surface shows times in the candidate dashboard timezone (detected from the browser at sign-up, editable on the candidate profile). The voice agent runs in EU infrastructure (LiveKit EU) and supports candidates worldwide; the latency budget is generous enough that a candidate in Lagos or Singapore gets a conversation that feels local."},{"type":"callout","tone":"neutral","text":"No accommodation request is logged for a single reschedule. For accessibility accommodations, see \"Right to human review\"."},{"type":"paragraph","text":"What to do next: trust the default 14-day window. Most candidates schedule within the first 48 hours."}]},{"slug":"what-vetted-means","title":"What \"vetted\" actually means.","dek":"The four checks every candidate goes through before they reach the finalist card. No keyword filters, no CV ranking.","category":"getting-started","tags":["vetted","screen","assessment","interview","definitions"],"lastReviewed":"2026-08-12","readingTime":"3 min read","related":["how-we-test-engineers","reading-the-finalist-card","fairness-audit-and-the-4-5ths-rule"],"body":[{"type":"paragraph","text":"A vetted candidate has been through four checks. The CV is not one of them. We do not keyword-filter, we do not rank by school, and we do not score on tone of voice."},{"type":"heading","level":2,"text":"The four checks."},{"type":"list","ordered":true,"items":["Triage. A short structured intake: timezone, work eligibility, salary range, deal-breakers, motivation. Built so any qualified candidate clears it; built to catch obvious mismatches early.","AI screen. A 12 to 15 minute voice conversation with the candidate. The agent asks role-specific motivation questions, probes on the answers, and produces a structured screen report.","Role-fit assessment. 12 to 18 short scenario items from the Neuroworx item bank, scored on the reasoning more than the answer. Fairness-audited per role family.","First-round interview. A 20 to 25 minute live voice conversation, adaptive against the rubric. Transcript published in full to the hiring manager."]},{"type":"paragraph","text":"A vetted candidate is one who has completed all four. A candidate who drops off mid-screen is marked \"incomplete\" and is not in the finalist pool. We do not pay you for them and you do not pay us for them."},{"type":"heading","level":2,"text":"What \"vetted\" does not mean."},{"type":"paragraph","text":"It does not mean a final hire recommendation. The system surfaces three finalists in a calibrated rank, with the audit trail. The decision is yours. The override is logged."},{"type":"callout","tone":"accent","text":"$$0.99 per AI-vetted candidate. First 50 free."},{"type":"paragraph","text":"What to do next: read the finalist card on a live role and follow a single candidate from triage to decision."}]},{"slug":"re-opening-a-role","title":"Re-opening a role.","dek":"When the hire falls through or the headcount opens back up. How to re-open without confusing the candidate pool.","category":"posting-a-role","tags":["reopen","paused","hire fell through","pool"],"lastReviewed":"2026-08-11","readingTime":"2 min read","related":["closing-a-role","parking-a-candidate","overriding-a-rank"],"body":[{"type":"paragraph","text":"Re-open a closed role from the role page menu, Re-open. The role goes live again under the same slug, the same rubric, and the same brief. Anything you change at re-open time is logged in the role history."},{"type":"heading","level":2,"text":"What re-opens with the role."},{"type":"list","ordered":false,"items":["The role page on your own careers page and on the public job board.","The syndication to all channels except those that flagged the original close (LinkedIn is one; the role gets a new posting ID).","The rubric and the seniority. Edit before re-open if either has changed."]},{"type":"heading","level":2,"text":"What does not re-open automatically."},{"type":"paragraph","text":"The prior candidate pool stays archived. Already-vetted candidates from the prior run are visible in the role history but do not re-enter the active pool. If you want a prior candidate to be reconsidered, you re-invite them from the candidate card, which sends a one-line note: \"We are re-opening this role and we would like to talk again\". That invite is logged and counts as a new vetting cycle for billing."},{"type":"callout","tone":"neutral","text":"If the role closed under a year ago, the candidate-facing page shows \"re-opened\" in the eyebrow. After a year, it presents as a fresh role."},{"type":"paragraph","text":"What to do next: re-open the role, edit the brief if the scope has changed, and invite the one or two prior candidates worth revisiting."}]},{"slug":"closing-a-role","title":"Closing a role.","dek":"When you make the hire, how to close cleanly, what happens to the candidate pool, and what the in-flight candidates see.","category":"posting-a-role","tags":["close","hired","pool","communication"],"lastReviewed":"2026-08-04","readingTime":"3 min read","related":["re-opening-a-role","parking-a-candidate","candidate-data-and-deletion"],"body":[{"type":"paragraph","text":"Close a role from the role page, top-right menu, Close. We will ask you for the close reason (hired, paused, cancelled) and whether you want to send a final note to the in-flight candidates."},{"type":"heading","level":2,"text":"What happens to in-flight candidates."},{"type":"list","ordered":false,"items":["Candidates who have not started the AI screen are notified the role is closed. They are invited to opt into Picked Verified (V3) when it ships.","Candidates mid-screen are paused. The screen ends gracefully; nobody is mid-question when the role closes.","Candidates who completed the screen but were not advanced get a structured \"not advanced\" note with the competency breakdown and the right to a human-review path.","Candidates who completed all four checks but were not picked as a finalist get a \"stronger fit elsewhere\" note. We do not auto-route them to other roles in your workspace; that is opt-in per candidate."]},{"type":"heading","level":2,"text":"Billing on close."},{"type":"paragraph","text":"You are billed for the vetted candidates who completed all four checks. Incomplete candidates are free. The first 50 are free across the lifetime of the account, not per role; if you have used your free tier on a prior role, this role is billed from the first vetted candidate."},{"type":"callout","tone":"neutral","text":"Closing is reversible: see \"Re-opening a role\"."},{"type":"paragraph","text":"What to do next: close the role, write a one-line internal close reason, and let the candidate-side messages send."}]},{"slug":"inviting-teammates","title":"Inviting teammates and setting roles.","dek":"Who you invite, what each role can do, and how to keep candidate data on a need-to-know footing.","category":"getting-started","tags":["team","roles","permissions","invite"],"lastReviewed":"2026-07-30","readingTime":"3 min read","related":["roles-and-permissions","sso-availability","onboarding"],"body":[{"type":"paragraph","text":"You can invite teammates from Settings, Team, Invite. There is no per-seat cost; the price is per vetted candidate, not per user."},{"type":"heading","level":2,"text":"The four roles, in plain terms."},{"type":"list","ordered":false,"items":["Owner. Billing, workspace settings, every role, every candidate. Two owners maximum.","Admin. Every role, every candidate, integrations, security policy. No billing.","Hiring manager. The roles they own, the candidates on those roles. Read-only on the workspace policy.","Recruiter. Pipeline view across roles, scheduling, candidate communication. No decision-engine override rights."]},{"type":"paragraph","text":"Roles are assigned at invite time and editable later. A teammate without an assigned role cannot read any candidate data."},{"type":"heading","level":2,"text":"Inviting from outside the company."},{"type":"paragraph","text":"You can invite a domain that is not your own (e.g. an external recruiter or a hiring partner), but the invite is flagged in the audit log and the invited user is rate-limited to two active roles. SSO-enforced workspaces cannot invite outside the SSO domain."},{"type":"paragraph","text":"A pending invite expires after seven days. The invite link is single-use and tied to the email address it was sent to; forwarding the link to a different address will fail at sign-in. Re-issuing a fresh invite is one click and does not consume any prior invite slot."},{"type":"callout","tone":"neutral","text":"For SSO, SCIM, and finer-grained role mapping, see \"SSO availability\"."},{"type":"paragraph","text":"What to do next: invite the hiring manager who will read the finalist cards, and keep the recruiter role for whoever schedules the human rounds."}]},{"slug":"linkedin-and-indeed-mirroring","title":"LinkedIn and Indeed mirroring.","dek":"How the mirror posts behave, where the applicant lands, and what the candidate-side experience looks like.","category":"channel-syndication","tags":["linkedin","indeed","mirror","apply"],"lastReviewed":"2026-07-25","readingTime":"3 min read","related":["where-we-syndicate","your-own-careers-page","what-the-candidate-sees"],"body":[{"type":"paragraph","text":"We mirror your role on LinkedIn and Indeed at the free-tier level. The mirror is a standard listing with an Apply button that sends the candidate to the Picked screen, not back to your inbox."},{"type":"heading","level":2,"text":"What the candidate sees."},{"type":"list","ordered":false,"items":["A LinkedIn or Indeed listing with your company name, your logo, the role title, the salary band, and the brief.","An Apply button that opens a tab on picked.ai/apply/.","The Picked screen flow: triage, AI screen, role-fit assessment, first-round interview. Same flow as any other channel."]},{"type":"heading","level":2,"text":"What does not happen."},{"type":"paragraph","text":"We do not push the candidate back to a LinkedIn message thread. We do not collect CV uploads through the mirror. We do not ingest the LinkedIn \"Easy Apply\" CV either; the screen is the source of truth on candidate signal."},{"type":"paragraph","text":"LinkedIn promotes mirrored roles in their algorithm at a lower priority than native paid postings. If you want premium placement on LinkedIn, you can buy a paid slot through them directly; we do not resell it."},{"type":"callout","tone":"neutral","text":"You can opt out of LinkedIn or Indeed individually from the role page, Syndication, Channels."},{"type":"paragraph","text":"What to do next: post a role, wait five minutes, and check the LinkedIn listing on a private browser to see what the candidate sees."}]},{"slug":"where-we-syndicate","title":"Where we syndicate your role.","dek":"The channels your role appears on when you post. What ships at V1, what is on the roadmap.","category":"channel-syndication","tags":["syndication","channels","job boards","reach"],"lastReviewed":"2026-07-18","readingTime":"3 min read","related":["linkedin-and-indeed-mirroring","your-own-careers-page","post-your-first-role"],"body":[{"type":"paragraph","text":"A posted role appears in three places by default. You can opt out of any of them at role-creation time or later."},{"type":"heading","level":2,"text":"The three default channels."},{"type":"list","ordered":false,"items":["Your own careers page at picked.ai/c/. Live within a minute of posting. SEO-clean, no chrome from us beyond a small \"Powered by Picked\" footer.","The Picked public job board at picked.ai/jobs. Indexed by the major search engines and by Google for Jobs. All Picked-vetted live roles appear here.","LinkedIn and Indeed as mirrored postings, free tier. The mirror creates a \"Easy Apply\" style listing that links the applicant back to the Picked screen."]},{"type":"heading","level":2,"text":"What is on the roadmap."},{"type":"paragraph","text":"Hacker News Who is Hiring (monthly, auto-formatted), Otta, Wellfound, and Glassdoor are scheduled for the first 90 days post-launch. ATS-side syndication (Greenhouse, Ashby, Workable feed in) is V2."},{"type":"paragraph","text":"Regional boards (e.g. Honeypot in DACH, Welcome to the Jungle in France, Tech Nation jobs in the UK) are evaluated on demand. If you have a board that matters in your region and it is not on the V1 list, write to support and we will add it to the public roadmap."},{"type":"callout","tone":"neutral","text":"See \"LinkedIn and Indeed mirroring\" for the specifics on how the mirror behaves and where the applicant lands."},{"type":"paragraph","text":"What to do next: post a role and watch the syndication status on the role page. Each channel goes from \"pending\" to \"live\" within five minutes."}]},{"slug":"your-own-careers-page","title":"Your own careers page at picked.ai/c/.","dek":"How the careers page is generated, what is editable, and how to point your own subdomain at it.","category":"channel-syndication","tags":["careers page","custom domain","subdomain","branding"],"lastReviewed":"2026-07-08","readingTime":"3 min read","related":["where-we-syndicate","post-your-first-role","your-own-careers-page"],"body":[{"type":"paragraph","text":"Every workspace gets a careers page at picked.ai/c/. It lists every live role in your workspace and links each one to its public application page."},{"type":"heading","level":2,"text":"What you can edit."},{"type":"list","ordered":false,"items":["Workspace name, slug, and logo.","A 1-paragraph company description shown above the role list.","Up to four call-out links (handbook, blog, About, Glassdoor) shown in a sub-nav row.","A primary brand colour, applied to the Apply button only. We do not theme the whole page."]},{"type":"heading","level":2,"text":"Pointing your own subdomain."},{"type":"paragraph","text":"You can point careers.your-domain.com at the page via a CNAME to careers.picked.ai. The setup is in Settings, Workspace, Custom domain. We provision the TLS certificate; you do not need to upload one. Custom domains are available on every plan."},{"type":"paragraph","text":"The original picked.ai/c/ URL keeps working alongside the custom domain. Both serve the same content; the canonical link is whichever one you set in the Custom domain panel."},{"type":"paragraph","text":"DNS propagation takes between five minutes and an hour, depending on your registrar. The custom-domain panel polls every minute and switches to a green status once the CNAME resolves and the certificate is issued."},{"type":"callout","tone":"neutral","text":"If you embed the role list on your own marketing site, see the Embed widget guide in the next batch."},{"type":"paragraph","text":"What to do next: set the workspace logo and the company description before the first role goes live."}]},{"slug":"ats-export","title":"Exporting a finalist to your ATS.","dek":"What the export contains, which ATSes ship at V1, and what the export looks like inside Greenhouse or Ashby.","category":"integrations","tags":["ATS","export","greenhouse","ashby","workable"],"lastReviewed":"2026-07-02","readingTime":"3 min read","related":["why-no-ats-view","slack-notifications","connecting-google-calendar"],"body":[{"type":"paragraph","text":"Picked does not present an ATS view inside the product. The export is how a finalist crosses over into your existing ATS for the human rounds, the offer letter, and the records of decision."},{"type":"heading","level":2,"text":"What the export contains."},{"type":"list","ordered":false,"items":["The candidate record: name, contact, work eligibility, salary expectation, location, deal-breakers cleared.","The score sheet: 8 to 12 competency scores with evidence spans from the transcript.","The transcript: full AI screen and first-round interview transcripts as plain text.","The override log: any rank overrides, who logged them, and the rationale."]},{"type":"heading","level":2,"text":"Which ATSes ship at V1."},{"type":"paragraph","text":"Greenhouse, Ashby, and Workable are the V1 export targets. The export uses each ATSs native candidate-import API; the finalist arrives in the ATS as a new candidate on the matching role, with the Picked transcript attached as a stage note. Lever and Teamtailor are scheduled for the first 90 days post-launch."},{"type":"paragraph","text":"Role mapping is one-to-one: a Picked role maps to a single ATS role at export time. If your ATS organises roles by department or by req-number, the mapping is set on first connect and saved per role. The export does not push back to Picked; once the finalist is in the ATS, the source of truth on subsequent stages is the ATS."},{"type":"callout","tone":"neutral","text":"If your ATS is not on the V1 list, you can export the finalist as a structured JSON file from the candidate card menu."},{"type":"paragraph","text":"What to do next: connect your ATS under Settings, Integrations, before you decide on a finalist, so the export is one click rather than two."}]},{"slug":"slack-notifications","title":"Slack notifications.","dek":"What we post to Slack, how to scope the channel, and how to keep candidate-identifying data out.","category":"integrations","tags":["slack","notifications","channel","integrations"],"lastReviewed":"2026-06-30","readingTime":"3 min read","related":["connecting-google-calendar","ats-export","reading-the-finalist-card"],"body":[{"type":"paragraph","text":"The Slack integration posts a single message per event into a channel of your choice. By default the message contains role-level data only; candidate names and identifying details are hidden behind a link to the dashboard."},{"type":"heading","level":2,"text":"The events we post on."},{"type":"list","ordered":false,"items":["Role posted. \" posted . Live on syndication.\"","First applicant. \" has its first applicant.\"","Three finalists ready. \" has three finalists. Read the cards in the dashboard.\"","Override logged. \" overrode the rank on . Rationale logged.\"","Cap warning, cap hit, billing event. Routed to the billing channel if separately configured."]},{"type":"heading","level":2,"text":"What we never post."},{"type":"paragraph","text":"We never post candidate names, candidate transcripts, candidate scores, or any protected characteristic to Slack. The dashboard link in the message takes the authenticated user to the candidate card; the candidate data lives in the dashboard, not in the chat surface."},{"type":"paragraph","text":"Per-event opt-outs are available under Settings, Integrations, Slack, Events. A common setup is \"finalists only\", which silences the role-posted and first-applicant pings and keeps the higher-signal events on. Microsoft Teams parity ships in the first 90 days post-launch."},{"type":"callout","tone":"neutral","text":"You can scope the integration to a private channel and restrict the install to admins. The audit log records every install and uninstall."},{"type":"paragraph","text":"What to do next: install the integration, pick a private channel for the finalist alerts, and pick a separate channel for billing if you want it siloed."}]},{"slug":"connecting-google-calendar","title":"Connecting Google Calendar.","dek":"How the calendar integration schedules human rounds, what permissions we ask for, and what we never write back.","category":"integrations","tags":["google calendar","scheduling","oauth","permissions"],"lastReviewed":"2026-06-22","readingTime":"3 min read","related":["slack-notifications","ats-export","rescheduling-the-ai-interview"],"body":[{"type":"paragraph","text":"Google Calendar is the scheduling integration we ship at V1. It is used to book human rounds with finalists, and to surface a hiring-manager availability hint to the candidate before the AI interview."},{"type":"heading","level":2,"text":"Permissions we ask for."},{"type":"list","ordered":false,"items":["Read free-busy data on the connected calendars. We do not read event titles, attendees, or descriptions.","Create events on the connected calendar (the human-round invite, with the candidate attached).","Update or cancel events we created (for reschedules)."]},{"type":"paragraph","text":"We never read calendar events we did not create. We never write to a different calendar than the one the user authorised. Tokens are stored encrypted at rest and rotated on the standard Google refresh cycle."},{"type":"heading","level":2,"text":"What appears on the candidate side."},{"type":"paragraph","text":"Once a finalist is advanced, the candidate sees a Calendly-style picker showing the next two weeks of available slots, drawn from the connected hiring-manager calendars. The slots are filtered to working hours and to the role timezone. When the candidate picks one, we create the event and send the calendar invite to both sides."},{"type":"callout","tone":"neutral","text":"Microsoft 365 Calendar ships in the first 90 days post-launch. iCloud Calendar is not on the V1 roadmap."},{"type":"paragraph","text":"What to do next: connect the calendar of every teammate who runs human rounds, and confirm the working-hours setting per teammate."}]},{"slug":"sso-availability","title":"SSO, SCIM, SAML, BYOK: what ships when.","dek":"Single sign-on availability at V1, the procurement-grade controls that ship with V2, and what you can do today instead.","category":"security-and-access","tags":["SSO","SCIM","SAML","BYOK","procurement"],"lastReviewed":"2026-06-18","readingTime":"3 min read","related":["roles-and-permissions","two-factor-and-session-policy","eu-ai-act-posture"],"body":[{"type":"paragraph","text":"Picked at V1 supports email plus magic-link sign-in and Google Workspace SSO. SAML, SCIM, and BYOK are on the V2 enterprise tier in mid 2027."},{"type":"heading","level":2,"text":"What is on at V1."},{"type":"list","ordered":false,"items":["Email plus magic-link. Default. No password.","Google Workspace SSO. Enforce a domain on the workspace; sign-in is restricted to that domain.","Two-factor (TOTP). Enforce per workspace under Security policy.","Session-length policy. Configurable from 8 hours to 30 days. Default 14 days."]},{"type":"heading","level":2,"text":"What ships with V2."},{"type":"list","ordered":false,"items":["SAML 2.0 (Okta, Azure AD, OneLogin).","SCIM 2.0 provisioning, including group-to-role mapping.","Customer-managed encryption keys (BYOK) for transcripts at rest.","IP allowlists per workspace."]},{"type":"paragraph","text":"V2 enterprise tier ships in mid 2027. If your procurement requires SAML and SCIM today, the practical recommendation is to wait for V2 or run Picked at the workspace level (e.g. for a single business unit) until the enterprise tier lands."},{"type":"paragraph","text":"Microsoft Entra ID (formerly Azure AD) SSO is the most common procurement ask after Google Workspace; it ships alongside SAML in V2. If your organisation runs Entra ID, the realistic V1 path is to add picked.ai to your sanctioned-application list and run sign-in via email plus magic-link until the V2 enterprise tier lands."},{"type":"callout","tone":"neutral","text":"SOC 2 Type II is in progress with Prescient Assurance and Drata. The report ships with V1 in Q4 2026."},{"type":"paragraph","text":"What to do next: enforce Google Workspace SSO and two-factor on the workspace today; flag the V2 enterprise tier on the public roadmap."}]},{"slug":"roles-and-permissions","title":"Roles and permissions, in full.","dek":"The four roles, the granular permissions behind each, and how to keep candidate data on a need-to-know footing.","category":"security-and-access","tags":["roles","permissions","access control","security"],"lastReviewed":"2026-06-12","readingTime":"3 min read","related":["inviting-teammates","sso-availability","two-factor-and-session-policy"],"body":[{"type":"paragraph","text":"Four roles ship at V1: owner, admin, hiring manager, recruiter. Custom roles are V2."},{"type":"heading","level":2,"text":"The permission matrix, in plain terms."},{"type":"list","ordered":false,"items":["Billing and workspace settings. Owners only.","Integrations (Slack, calendar, ATS export). Owners and admins.","Security policy (SSO, two-factor, session length). Owners and admins.","Posting and editing a role. Owners, admins, and hiring managers.","Reading the finalist card and overriding a rank. Owners, admins, hiring managers (their own roles), and recruiters (read-only).","Pipeline view (volume, drop-off, time-in-stage). Owners, admins, recruiters.","Candidate communication. Owners, admins, recruiters.","Audit log. Owners and admins."]},{"type":"heading","level":2,"text":"Need-to-know enforcement."},{"type":"paragraph","text":"A hiring manager sees the candidates on their own roles. They do not see candidates on other hiring managers roles, even within the same workspace. A recruiter sees pipeline-level data across roles, but the candidate transcripts open only on the roles where they are explicitly added as a recruiter."},{"type":"paragraph","text":"Role transitions are immediate. Downgrading a teammate from admin to recruiter takes effect on their next page load; any open tabs lose the higher-permission surfaces on the next API call. Re-assigning ownership of an in-flight role to a new hiring manager preserves the candidate history and the override log."},{"type":"callout","tone":"neutral","text":"Every read of a candidate transcript is logged. Owners and admins can pull the access log per candidate from the audit-log export."},{"type":"paragraph","text":"What to do next: review the role of every existing teammate on Settings, Team, and downgrade anyone who does not need owner or admin."}]},{"slug":"two-factor-and-session-policy","title":"Two-factor and session policy.","dek":"How to enforce 2FA across the workspace, and how to pick a sensible session length.","category":"security-and-access","tags":["two-factor","2FA","session","security policy"],"lastReviewed":"2026-05-30","readingTime":"3 min read","related":["sso-availability","roles-and-permissions","right-to-human-review"],"body":[{"type":"paragraph","text":"Two-factor authentication and session-length policy are on every workspace. Owners can enforce them under Settings, Security, Policy."},{"type":"heading","level":2,"text":"Two-factor."},{"type":"list","ordered":false,"items":["TOTP only at V1 (Google Authenticator, 1Password, Authy, Yubico Authenticator with TOTP).","WebAuthn and hardware-key support are V2.","Owner enforcement: optional, recommended, or required. We default to recommended for new workspaces.","Recovery: backup codes generated at setup, regeneratable from Settings, Security, Two-factor."]},{"type":"heading","level":2,"text":"Session length."},{"type":"paragraph","text":"Session length is the maximum time between active use and forced re-auth. Default 14 days. Configurable from 8 hours up to 30 days. Sensitive actions (billing changes, role-permission edits, audit-log export) always force a fresh re-auth regardless of session length."},{"type":"paragraph","text":"Forced sign-out is available on every active session from Settings, Security, Sessions. The screen lists each active session by device, browser, IP region, and last-seen time. Revoking a session takes effect inside 60 seconds. Workspace owners can revoke sessions on behalf of any teammate from the team management screen."},{"type":"paragraph","text":"IP allowlists for the whole workspace are V2. At V1, anomalous-location sign-ins (a new country, a new device family) trigger an email confirmation step before the session is established. The notification lands on the user mailbox and, optionally, on the workspace audit channel in Slack."},{"type":"callout","tone":"neutral","text":"For UK GDPR procurement, the recommended pair is \"Two-factor required\" plus a 24-hour session length."},{"type":"paragraph","text":"What to do next: enforce two-factor as required on the workspace, then set a session length that matches your security posture."}]}],"categories":[{"slug":"getting-started","title":"Getting started","description":"Create your account, post your first role, invite the team."},{"slug":"posting-a-role","title":"Posting a role","description":"Write a good brief, set the seniority, close or re-open."},{"slug":"channel-syndication","title":"Channel syndication","description":"Where your role appears once you post. Mirrors and limits."},{"slug":"billing-and-spend-caps","title":"Billing and spend caps","description":"99 cents per vetted candidate. Caps, invoices, VAT."},{"slug":"integrations","title":"Integrations","description":"Calendar, Slack, ATS export. What ships at V1 and what is next."},{"slug":"security-and-access","title":"Security and access","description":"Roles, SSO availability, session policy, two-factor."},{"slug":"candidate-experience","title":"Candidate experience","description":"What the candidate sees, reschedules, data and deletion."},{"slug":"decision-engine","title":"Decision engine","description":"Read the finalist card, override a rank, park a candidate."},{"slug":"compliance","title":"Compliance","description":"EU AI Act, UK GDPR, fairness audits, right to human review."}]}]