Notes on hiring tech, HR strategy, and the future of work.
Weekly. From practitioners. No SEO listicles, no AI-generated filler, no quoted "thought leaders" you have to Google.
The hidden privacy debt in modern hiring tools
Pick any applicant tracking system that grew up between 2010 and 2020 and you will find the same set of architectural decisions: protected-class fields collected by default, third-party data syncs that nobody disclosed, audit logs that record everything except the events that matter. None of it was malicious. Most of it was the standard playbook. The bill is starting to come due.
- PrivacyComplianceHR Tech
GDPR, CPRA, and the new compliance floor for HR tech
For most of the last decade, "privacy compliance" for hiring tools meant a paragraph in the master services agreement and an annual SOC 2 audit. In 2026, the floor is much higher. Here is a non-lawyer walkthrough of the regimes that now apply, what each one actually requires, and the questions that should be in every vendor RFP this year.
May 9, 202611 min - PrivacyEngineeringArchitecture
What a candidate-first privacy architecture actually looks like
Every ATS in 2026 claims to be "privacy-first." Most of them are not. The difference between the claim and the reality lives in places marketing copy does not reach — the schema, the database constraints, the middleware, the cron jobs that purge expired records. Here is what a real candidate-first architecture looks like.
May 2, 202610 min
