TRUST BY DESIGN
We believe candidates own their career record. RTM is built on absolute sovereignty, double-consent handshakes, and algorithmic transparency.
Double-Consent Handshake
Employers find profiles matching their criteria in an anonymized state. Candidate names, contact info, and exact social links are masked until they receive and explicitly accept a connection request.
Zero Algorithmic Bias
We do not use black-box AI algorithms to rank, score, or prioritize candidates. Recruiters search by specific keywords, skills, and experience, ensuring fair, non-discriminatory visibility.
Sovereign Visibility Control
Candidates can toggle discovery off at any time. When disabled, your profile will not match employer search queries, ensuring total control over when and how you are seen.
Anti-Harassment Limits
To prevent recruitment abuse, employers are given a default monthly budget of 2 invitations. Declined connection requests trigger a 1-month cooldown period, and three declines block the employer indefinitely.
RTM Platform Trust Safeguards
How we enforce trust programmatically in our codebase.
Confidential Handshake Pipelines
Profiles returned from passive discovery search requests go through a secure server-side anonymization filter. Photos, phone numbers, email addresses, websites, and github/linkedin links are completely removed from the payload before delivery, preventing client-side data leaks or inspector scraping.
PWA & Local Storage Isolation
RTM enforces strict PWA Workbox cache isolation. Sourcing data and candidate application lists are treated as Network-Only endpoints. Private candidate data is never cached or stored locally on recruiters' devices.
Firestore Security Safeguards
Our database rules mandate owner-only write validation. Recruiters can never directly read candidates' applications, and job-application profiles enforce strict read/write isolation rules that prevent third-party exposure.