// Trust & Security Report

    Harver B.V. (formerly pymetrics, Inc.) logo

    Harver B.V. (formerly pymetrics, Inc.)

    AI-powered pre-employment and behavioral assessment platform (gamified assessments, video interviews, reference checking)

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001:2022
    HELD

    Harver 2025-ISO 27001_2022-Recertification Audit-Certificate.pdf and Harver 2026-ISO 27001 Recertification Audit-Final Report.pdf are listed in the trust center. Harver's CTO stated: 'This certification is a testament to Harver's dedication in providing robust security for our customers.'

    Verify on trust.harver.com
    SOC 2 Type 1
    HELD

    Harver-2026-Type 1 SOC 2-Final Report.pdf is listed in the trust center under the SOC 2 compliance section.

    Verify on trust.harver.com
    SOC 2 Type 2
    HELD

    Harver Holdings B.V. - 2026 - Type 1 SOC 2 & Type 2 SOC 2 - CoE.pdf is listed in the trust center. The security page states: 'regularly audited by trusted third-party organizations to ensure we're compliant with the industry's most rigorous security standards, like ISO 27001 and SOC 2 Type 2.'

    Verify on trust.harver.com
    GDPR
    HELD

    GDPR is listed under the Compliance tab on the trust center. Security page confirms: 'dedicated privacy team ensures oversight on all personal data processing activities, policies, processes, and controls for customer data.' Harver employs a European-based external Data Protection Officer (DPO).

    Verify on trust.harver.com
    CCPA
    HELD

    Harver's security page explicitly states CCPA compliance alongside GDPR: 'adheres to GDPR and CCPA requirements.'

    Verify on harver.com
    NYC Local Law 144 (AI Bias Audit)
    HELD

    Both the Harver Platform and pymetrics Soft Skills Platform successfully completed independent third-party bias audits conducted by BABL AI Inc. in accordance with NYC Local Law 144 for automated employment decision tools.

    Verify on harver.com
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No mention of HIPAA certification or compliance in any Harver source. Not applicable to HR assessment use cases.

    source: trust.harver.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not stated

    Data region

    Netherlands (Harver B.V. HQ), United Kingdom, United States. No explicit data residency selection or region-lock feature documented publicly.

    No explicit policy found about using candidate assessment data for AI model training. Harver operates as a 'Processor' (not Controller) for candidate personal data collected on behalf of hiring companies. This processor role implies they do not use that data for their own model training without authorization, but no explicit prohibition or confirmation is stated publicly. Candidates' data is retained for 8 weeks after the application process ends (1 year with extended permission from hiring company). Recommend requesting a DPA and explicit AI training opt-out clause during procurement.

    // Security controls

    Penetration Testing

    Independent third-party penetration testing confirmed for pymetrics Platform (Q4 2025). Reports listed: 'CONFIDENTIAL_Pymetrics Platform Penetration Test_Q4 2025_ Executive Response.pdf' and 'CONFIDENTIAL_Pymetrics Platform Penetration Test Management Report_Q4_2025.pdf'. Also confirmed for Checkster platform Q4 2025.

    trust.harver.com

    Disaster Recovery Testing

    Confirmed for pymetrics Platform: 'Pymetrics Platform_Disaster Recovery Test Report_Q4 2025.pdf'. Continuity and disaster recovery plans established and tested.

    trust.harver.com

    Encryption

    Data encrypted in transit and at rest. Encrypted backup storage on cloud-based solutions.

    harver.com

    Access Controls

    2FA and SAML SSO enforcement across the organization. Unique production database authentication enforced. Encryption key access restricted. Authorized personnel access restrictions.

    trust.harver.com

    Vulnerability Management

    Ongoing vulnerability scans and penetration tests performed by qualified independent third parties.

    harver.com

    Data Protection Officer

    European-based external DPO engaged for independent privacy advice and audits.

    harver.com

    Bug Bounty / Vulnerability Disclosure

    No public bug bounty program found on HackerOne, Bugcrowd, or the Harver website. Security contact email: GlobalSecurity@Harver.com (listed on trust center).

    trust.harver.com

    Insurance Coverage

    Evidence of Coverage - COI - 2026.pdf listed in trust center under resources.

    trust.harver.com

    CAIQ

    Cloud Security Alliance CAIQ (v4.02) available for both Harver Platform and Checkster Platform.

    trust.harver.com

    // Products & data scope

    Pymetrics (Gamified Behavioral Assessments)AI hiring assessment

    data: Candidate PII, neuroscience-based cognitive and emotional behavioral data from 12 gamified assessments measuring 90+ attributes. Hiring company is the Data Controller; Harver processes on their behalf. Separate pymetrics Platform pen test and DR reports available. Shared security model document published.

    pymetrics was an independent company acquired by Harver. It is now a product within Harver's suite, not a standalone platform. The domain pymetrics.ai now redirects to Harver. NYC Local Law 144 bias audit completed by BABL AI Inc.

    Harver Platform (Pre-Employment Assessments)AI hiring / volume hiring

    data: Candidate PII, skills assessments, video interview data, fraud detection signals. High-level architecture diagram and secure network diagram available in trust center. CAIQ v4.02 available.

    Serves Fortune 500 clients at scale. Processes 100+ million candidates globally. Architecture diagrams, data protection policy, and shared security model available in trust center.

    Checkster (Automated Reference Checking)HR / reference check automation

    data: Candidate and reference contact PII, reference feedback. Separate CAIQ and Q4 2025 pen test reports available.

    Pen test conducted Q4 2025 by independent third party. Architecture diagram published in trust center.

    Harver Video InterviewAI hiring / video interview

    data: Candidate video and audio data, facial/verbal analysis signals.

    Listed as a product on harver.com but no separate trust documentation found for this product in the trust center.

    // What to watch

    • pymetrics is no longer a standalone company: it is a product under Harver B.V. Directory listing should reflect 'Harver (pymetrics)' as the vendor name.
    • No public bug bounty or vulnerability disclosure program found. Security contact GlobalSecurity@Harver.com is the only channel identified.
    • DPA availability not publicly confirmed. Given GDPR processor role, a DPA should exist for enterprise customers but was not found on a public URL. Verify during procurement.
    • AI training on candidate data not addressed in public policy. No explicit prohibition or disclosure found. Clarify with vendor before deployment in privacy-sensitive environments.
    • Data residency options not documented. Harver has entities in Netherlands, UK, and US. Enterprises with strict data localization requirements should confirm region during contracting.
    • NYC Local Law 144 compliance is a positive differentiator: BABL AI Inc. conducted independent bias audits on both the Harver Platform and pymetrics Platform.

    // At a glance

    Pricing model

    Enterprise B2B SaaS, contract-based. No public pricing. Demo request required.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Harver B.V. (formerly pymetrics, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.harver.com

    > Browse all vendor trust reports