Security and access controls
Admin and partner access is role-scoped, MFA-gated for sensitive workflows, and reinforced with audit logging around high-risk actions.
Trust Package
Security, data handling, and procurement review in one place.
Blacklight's trust package is the public starting point for partner security review, due diligence, and institutional rollout planning. It summarizes current controls, privacy posture, retention practices, subprocessors, and the review materials available when an organization wants to support people through resumes, transitions, and job-readiness work without adding a messy tracking stack.
Best fit
Use this page when your organization wants a quick, credible overview before moving forward with a partner trial, hosted/embed intake rollout, paid conversion, or internal review.
- Access controls and auditability
- Retention and deletion posture
- AI handling and subprocessors
- Cookie-free public-site privacy stance
What this package covers
These summaries are designed to reduce back-and-forth during partner review. They cover the material most teams ask for first when they need to know whether Blacklight is careful with user data, operationally stable, and ready to support a mission-driven partnership.
Data handling and retention
The platform documents what data is collected, how it is used, how scheduled minimization and retention work, and how deletion requests speed up removal when needed.
AI usage and model handling
The trust package explains where AI is used in resume generation, what operational safeguards exist, and how model processing stays bounded to the workflow.
Operational readiness and privacy stance
Incident response, backup and recovery, subprocessors, partner-support boundaries, and the cookie-free public-site stance are documented so reviews can move faster.
Included trust materials
The public trust center reflects the current trust package available for partner and institutional review. Use the contact flow if you need the full questionnaire packet, a procurement follow-up, or a trust question that is not answered by the public summaries.
Security overview
Security reviewers, technical approvers, and mission-driven partners validating baseline controls before rollout.
High-level architecture, authentication boundaries, and platform-control summary for organizations that need a serious first-pass review.
Open summaryData handling summary
Privacy, legal, and operations teams reviewing data scope and handling expectations.
What partner and end-user data enters the system, where it flows, and how it stays constrained to the service path.
Open summaryRetention and deletion summary
Institutions reviewing deletion workflows, privacy requests, and retention controls.
Retention windows, purge behavior, and privacy/deletion workflow expectations across normal operations and request-based deletion.
Open summaryIncident response summary
Teams that need to know how incidents, outages, and high-risk operational issues are handled.
How operational issues are triaged, investigated, and handled when sensitive systems or partner workflows are involved.
Open summaryAccess control summary
Reviewers validating privileged access, role separation, and operator safeguards.
Admin, partner, and privileged workflow controls with MFA and role boundaries.
Open summaryAudit logging summary
Security and compliance reviewers focused on traceability and sensitive-event review.
Sensitive admin and billing actions are logged for review and traceability.
Open summaryAI usage and model handling summary
Organizations reviewing model usage, AI boundaries, and operational handling expectations.
Where AI is used in the workflow, how outputs are validated, and where human review still applies.
Open summarySubprocessor list
Procurement and legal teams reviewing vendor dependencies and external service providers.
Current core vendors involved in hosting, billing, identity, messaging, and model operations.
Open summaryBackup and recovery summary
Teams validating resilience expectations before rollout or paid conversion.
Recovery posture and continuity expectations for partner-facing operations.
Open summaryInstitutional questionnaire template
Institutional reviewers using standardized questionnaires across libraries, schools, workforce groups, nonprofits, and related organizations.
A starting point for library systems, schools, workforce groups, nonprofits, and other institutional reviewers when a formal review is required.
Open summaryReview process
Start with the trust center for a fast overview of controls, data handling, retention, and operating practices.
Use the partner portal for active trial, billing, and support-configuration decisions if your organization already has access.
Use the contact flow if you need a questionnaire packet, procurement follow-up, or a trust-specific review question handled directly.