Juicebox is an AI-powered recruiting platform. Security and privacy is at the forefront of what we do.
We are proud to work with over 5,000 customers, including heavily regulated enterprises across defense, financial services, and technology.
Juicebox is an AI-powered recruiting platform. Security and privacy is at the forefront of what we do. We are proud to work with over 5,000 customers, including heavily regulated enterprises across defense, financial services, and technology.
Powered by Wolfia. Review compliance certifications, security policies, subprocessors, and request access to detailed documentation.
Juicebox is an AI-powered recruiting platform. Security and privacy is at the forefront of what we do.
We are proud to work with over 5,000 customers, including heavily regulated enterprises across defense, financial services, and technology.





We use proprietary large language models to ensure the best performance, accuracy and resilience. We use vector embeddings to search for candidates across large datasets.
Juicebox AI is designed to be used in the pre-application phase only. Juicebox does not make or contribute to any candidate decision making.
Juicebox's AI models are trained on publicly available data from over 30 sources, amounting to over 800+ million candidate profiles. This comprehensive dataset includes:
Juicebox operates this public trust center. It publishes 5 independent compliance certifications, security documentation available on request, and a published list of its subprocessors.
Yes. Juicebox maintains SOC 2 Type II compliance. You can review this in the compliance section of this trust center.
Yes. Juicebox maintains GDPR compliance. See the compliance section of this trust center for details.
Juicebox discloses its subprocessors in this trust center, including Algolia, Amazon, and Anthropic. See the subprocessors section for the complete list.
You can request access to Juicebox's security documentation directly through this trust center. Submit an access request and the Juicebox team reviews and grants access.
We use proprietary large language models to ensure the best performance, accuracy and resilience. We use vector embeddings to search for candidates across large datasets.
Juicebox AI is designed to be used in the pre-application phase only. Juicebox does not make or contribute to any candidate decision making.
Juicebox's AI models are trained on publicly available data from over 30 sources, amounting to over 800+ million candidate profiles. This comprehensive dataset includes:
During inference, Juicebox utilizes the following data to generate recommendations and insights, ensuring privacy and compliance:
Juicebox collects data from public sources such as public resumes, profiles, or CVs. We partner with third-party data providers to provide this information. Individuals typically provide their information on public platforms with the understanding that it may be used for professional opportunities.
Examples of data we collect to train our AI models: resume on a publicly-available website, professional qualifications, contact information, education, qualification, work history, work title, experience. The information collected about job candidates is used by our customers to discover and engage with candidates.
We do not collect sensitive data (e.g., health or political) from any of these public sources.
We use self-hosted open-source models. We require these providers to use customer information only for the purpose of facilitating the PeopleGPT tool, and we do not allow these providers to train their AI models using personal customer personal information. We require these providers to delete personal information within 30 days, unless otherwise required by law.
The model is trained on people data gathered from over 30 public data sources. The data used to train PeopleGPT consists of over 800+ million candidates, including work experience, skills, education, and more.
For more details see our documentation.
We do not use customer's data to train our AI tool, with respect to both in-house AI models and third-party AI models. Additionally, we require our third-party AI providers to use the information only for the purpose of facilitating the PeopleGPT tool, and we do not allow these providers to train their AI models using personal information.
We do not collect any PII data from customers.
Data hosted by our LLM foundation model providers is hosted in the US.
Data hosted by our cloud providers is hosted by AWS in North Virginia, USA and GCP in Iowa, USA. We can switch server hosting for customers upon request.
Since real-world data is continuously updated, the model may encounter data it has not yet seen before. However, the structure and nature of such data remains consistent. Juicebox only accepts profile data as inputs, as well as user search queries to analyze said data.
Juicebox shall retain data as long as the company has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it shall be securely disposed of or archived. Data owners, in consultation with legal counsel, may determine retention periods for their data. Personally identifiable information (PII) shall be deleted or de-identified as soon as it no longer has a business use.
Highly sensitive data requires the highest levels of protection; access is restricted to specific employees or departments, and these records can only be passed to others, with approval from the data owner, or a company executive. Examples include: Customer Data, Candidate Profile Data, Candidate Contact Data, Personally identifiable information (PII), Company financial and banking data, Salary, compensation and payroll information, Strategic plans, Incident reports, Risk assessment reports, Technical vulnerability reports, Authentication credentials, Secrets and private keys, Source code, Litigation data
See our Data Retention Policies Documents
Juicebox's PeopleGPT has demonstrated its effectiveness and validity through a combination of internal testing, real-world client feedback, and continuous performance monitoring. Validation studies primarily involve comparing the tool's candidate recommendations against actual hiring outcomes, assessing the accuracy, efficiency, and impact on diversity in the recruitment process.
Performance is continuously monitored by Juicebox. Primary metrics include search latency, hallucination rates, and context awareness rates.
We consistently collect event logs for our AI models and tools.
Given the complexity of Large Language Models (LLMs) we utilize, complete explainability remains a challenge. We strive to ensure transparency around the capabilities and limitations of our AI models. Our approach includes clear documentation of model behaviors, potential biases, and providing insights into the factors influencing model outputs to the extent possible.
Our AI model surfaces candidates based on a user search. It does make any decisions (e.g., hiring, promotion), nor does it provide recommendations for such decisions.
Juicebox conducts internal tests on bias and disparate impact of the model. Bias testing is conducted semi-annually or with each major update to the model. Disparate impact analyses are conducted annually or with each major update to the model. Testing is done in sample data sets of 100 test queries over a subset of our profile data (typically around 2% of our total dataset size), conducted internally by the Juicebox team.
Juicebox uses a combination of automated and human review to ensure no protected data is included in training datasets.
The model does not use any protected characteristics (eg - biometric, personal health data, race, gender) in its training data.
While Juicebox has access to data like location (on a city-level) or year of graduation from university, it does not use that data for its models. Potential proxies included in the data include university experience descriptions (e.g., participation in extracurricular activities, sports, or social clubs) and company experience descriptions. They are included in the dataset due to their necessity in creating tailored searches.
We do not use any biometric data in our training data.
We implement comprehensive security measures to protect against malicious prompts, including input validation, behavior analysis, and constant monitoring of AI interactions. Our systems are designed to detect and mitigate potential threats or unusual patterns of activity, ensuring that our AI models respond appropriately to all inputs.
To safeguard against training data poisoning, we employ strict data validation, source verification, and continuous monitoring practices. Our data ingestion pipeline includes multiple layers of checks to ensure integrity and authenticity of the training data, preventing malicious alterations designed to bias or degrade model performance.
The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.
Access to information computing resources is limited to personnel with a business requirement for such access.
See our Access Controls Policy.
Ishan Gupta, CTO of the company, is responsible for the oversight of Cyber-Risk and internal control for information security, privacy, and compliance.
Our robust data and security policies prevent against such unauthorized access.
If a Juicebox App, Inc. employee, contractor, user, or customer becomes aware of an information security event or incident, possible incident, imminent incident, unauthorized access, policy violation, security weakness, or suspicious activity, then they shall immediately report the information using one of the following communication channels: Email our support with information or reports about the event or incident.
For critical issues, the response team will follow an iterative response process designed to investigate, contain exploitation, eradicate the threat, recover system and services, remediate vulnerabilities, and document a post-mortem report including the lessons learned from the incident.
See our Incident Response Policy.
We currently use Humanloop for LLM model evaluation. Humanloop is SOC 2 Type II compliant.
We frequently conduct internal audits and checks to ensure we are conforming with ISO 42001 standards.
We have conducted third-party audits for SOC2 and AI model bias.
We require our third-party AI providers to use the information only for the purpose of facilitating the PeopleGPT tool, and we do not allow these providers to train their AI models using personal information.
To provide management direction and support for AI systems according to business requirements.
Juicebox has documented a policy for the development or use of AI systems.
Other standards, policies and documents such as the Information Security Policy, Data Management Policy, and Business Continuity and Disaster Recovery Plan are aligned with the AI policy.
Juicebox reviews the AI policy every 6 months to ensure suitability, adequacy and effectiveness.
To establish accountability within the organization to uphold its responsible approach for the implementation, operation and management of AI systems.
Juicebox has established defined roles and responsibilities to oversee the design and safety of the AI system.
Juicebox has defined and put in place a process to report concerns about the organization's role with respect to an AI system throughout its life cycle.
To ensure that the organization accounts for the resources (including AI system components and assets) of the AI system in order to fully understand and address risks and impacts.
Juicebox has documented relevant resources required for the activities at given AI system life cycle stages.
Juicebox has documented information about the data resources utilized for the AI system. Juicebox primarily collects data from public sources such as public resumes, profiles, or CVs. Direct collection from individuals is not the usual practice. Juicebox does not share any PII data with our third-party LLM providers. We require our third-party AI providers to use the information only for the purpose of facilitating the Juicebox tool, and we do not allow these providers to train their AI models using personal information.
Juicebox has documented information about the tooling resources utilized for the AI system.
Juicebox has documented information about the system and computing resources utilized for the AI system.
Juicebox uses highly qualified data scientists and engineers to operate and implement the AI system. Our Information Security Officer is responsible for the development, review and evaluation of the AI policy.
To assess AI system impacts to individuals or groups of individuals, or both, and societies affected by the AI system throughout its life cycle.
Juicebox has established a process to assess the potential consequences for individuals or groups of individuals, or both, and societies that can result from the AI system throughout its life cycle. We frequently monitor for risks related to security, bias, fairness, accuracy.
Juicebox documents and assesses the AI impact assessment every 6 months and retains the report indefinitely.
Juicebox frequently monitors for risks related to security, bias, fairness, accuracy related to its AI model and system.
Juicebox's AI solution does not make any decisions related to hiring or firing, access to healthcare services, health benefits, health insurance, access to financial, services such as loans, grants, insurance and investments nor does it impact the the legal position or life opportunities of individuals; the physical or psychological well-being of individuals or universal human rights
To ensure that the organization identifies and documents objectives and implements processes for the responsible design and development of AI systems.
Juicebox has documented objectives to guide the responsible development AI systems, and taken those objectives into account in the development life cycle.
Juicebox has documented the specific processes for the responsible design and development of the AI system.
To define the criteria and requirements for each stage of the AI system life cycle.
Juicebox has documented requirements for new AI systems or material enhancements to existing systems.
Juicebox has documented the AI system design and development along the lines of organizational objectives, documented requirements and specification criteria.
Juicebox has documented verification and validation measures for the AI system and specify criteria for their use.
Juicebox has documented a deployment plan and ensure that appropriate requirements are met prior to deployment related to performance monitoring and evaluation. Major code, system and changes to the AI system typically reviewed by the managers in the company.
Juicebox has documented the necessary elements for the ongoing operation of the AI system such as system and performance monitoring, repairs, updates and support.
Juicebox has documented the AI system technical documentation is needed for interested parties, such as users, partners, supervisory authorities.
Juicebox frequently collect and records detailed logs for our AI systems. We collect logs (eg - event logs recording user activities, exceptions, faults and information security events) on a weekly basis to monitor any incidents and security risks.
To ensure that the organization understands the role and impacts of data in AI systems in the application and development, provision or use of AI systems throughout their life cycles.
Juicebox has documented and implement data management processes related to the security, privacy, evaluation, accuracy and development of AI systems.
Juicebox has document details about the acquisition and selection of the data used in AI systems.
Juicebox has defined and documentedrequirements for data quality and ensure that data used to develop and operate the AI system meet those requirements.
Juicebox has defined and documented a process for recording the provenance of data used in its AI systems over the life cycles of the data and the AI system.
Juicebox defined and documented its criteria for selecting data preparations and the data preparation methods to be used.
To ensure that relevant interested parties have the necessary information to understand and assess the risks and their impacts (both positive and negative).
Juicebox has determined and provided the necessary information to users of the AI system.
Juicebox has provided capabilities for interested parties to report adverse impacts of the AI system.
Juicebox has determined and document a plan for communicating incidents to users of the AI system.
Juicebox has determined and documented its obligations to reporting information about the AI system to interested parties.
To ensure that the organization uses AI systems responsibly and per organizational policies.
Juicebox has defined and documented the processes for the responsible use of AI systems.
Juicebox has identified and documented objectives to guide the responsible use of AI systems.
Juicebox ensures that the AI system is used according to the intended uses of the AI system and its accompanying documentation.
To ensure that the organization understands its responsibilities and remains accountable, and risks are appropriately apportioned when third parties are involved at any stage of the AI system life cycle.
Juicebox assesses risk associated with suppliers and the technology supply chain. We do not share any PII data with 3rd party AI providers such as 3rd party LLMs.
Juicebox has an established process to ensure that its usage of services, products or materials provided by 3rd party AI suppliers aligns with our approach to the responsible development and use of AI systems. We carefully review the security and risk policies while buying from suppliers.
Juicebox ensures that its responsible approach to the development and use of AI systems considers their customer expectations and needs.




















No updates available








