Industries
AI-assisted software development for HR and recruiting
The ATS and HRIS cover the middle of the process. Build the edges — onboarding, ER cases, comp reviews, referral programs — as governed software instead of spreadsheets with the wrong permissions.
Ciao is an AI-assisted engineering platform HR and recruiting teams use to build onboarding portals, candidate trackers, employee-relations case managers and people dashboards around their ATS and HRIS. Unlike consumer AI app builders, Ciao adds need-to-know access control, plain-English Guardrails policies, automated QA and an append-only audit trail — and deploys to Ciao cloud, your own cloud, private VPC or on-prem.
Published 2026-07-03 · Last updated 2026-07-03
The most sensitive data in the company lives in the least governed tools
HR bought an ATS for hiring and an HRIS for records, and both do their core jobs. But the day-to-day work happens at the edges: onboarding checklists tracked in email, employee-relations cases in a manager's inbox, the comp review in a shared spreadsheet where one wrong permission exposes every salary in the company. Recruiting agencies run client-specific pipelines in whatever the last account manager set up.
The irony is sharp: the function that owns confidentiality policy runs its most confidential workflows in tools with no access model at all. Every HR leader knows a comp-sheet story. Meanwhile candidate experience leaks — offers accepted, then three weeks of silence before day one because onboarding is a checklist in someone's head.
These workflows never make the engineering roadmap; they are too HR-specific and each one looks too small. AI-assisted engineering changes that calculus: the people-ops team describes the workflow, gets working software that syncs with the ATS and HRIS, and — critically — gets role-based access, SSO and an audit trail that a spreadsheet can never provide.
What HR and recruiting teams build on Ciao
The edges around the ATS and HRIS, built as software with a real access model.
Onboarding portal
Offer-to-day-one task flow, document and right-to-work collection, equipment and access provisioning requests routed to IT, buddy assignment, and a day-one checklist the new hire actually sees.
Candidate tracker for specialist pipelines
Structured scorecards, interview loops with panel feedback deadlines, source-of-hire reporting, and stage automation — syncing with your ATS rather than replacing it, for pipelines the ATS handles awkwardly.
Employee-relations case manager
Confidential case records with strict need-to-know access, timeline notes, document attachments, outcome records and configurable retention windows — out of inboxes for good.
Comp review workroom
Manager proposals inside budget envelopes, calibration views by level and function, approval chains, and final letters generated from approved numbers — no master spreadsheet in circulation.
Internal mobility and referral board
Open roles visible internally, referral submissions with reward tracking, and hiring-manager review queues with response-time nudges.
People analytics dashboard
Attrition by team and tenure, time-to-fill, offer-acceptance rates and pipeline composition — pulled from the HRIS and ATS instead of quarterly manual exports.
Contingent workforce tracker
Contractor agreements, tenure limits with alerts, renewal workflows, PO references and agency spend summaries.
Interview scheduling coordinator
Panel availability matching, room and video-link booking, reminder nudges, feedback-deadline tracking, and reschedule handling that keeps the loop intact instead of restarting it.
Why generic app builders are a bad fit for people data
The problem is rarely building the form. It is everything around the form:
- Access mistakes are trust incidents — Comp data or an ER case visible to the wrong person damages trust permanently and can carry regulatory consequences. Ciao provides role-based access control, SSO via SAML or OIDC and optional MFA as platform features, not afterthoughts.
- You will be asked who saw what — Ciao keeps an append-only audit trail across prompts, merges, deploys and admin actions, and the apps you build can include their own access logging — evidence, not recollection.
- Changes to sensitive logic need review — Guardrails maps the comp module or case-access rules into protected business areas and applies plain-English policies like 'changes to ER case visibility require the HR director's review' — with the review recorded.
- Employee data deserves zero retention — Inference runs under zero-retention model contracts and customer code is never used for training — a line your privacy team will ask about in the first meeting.
- Staffing firms carry two confidentialities at once — A recruiting agency holds candidate PII and client hiring plans in the same workflows. Per-client scoping and role-based access keep those walls intact — and the audit trail shows they held when a client asks.
The people-data governance checklist
- ✓ Need-to-know access: ER cases visible only to assigned case handlers, comp data only to calibrated approvers
- ✓ SSO through your identity provider, so leaver offboarding revokes tool access automatically
- ✓ Append-only audit trail for merges, deploys and admin actions; app-level view logs where the workflow needs them
- ✓ Configurable retention aligned to your policies for candidate and case data
- ✓ Data residency options for teams operating under GDPR and similar regimes
- ✓ SOC 2 Type II reports under NDA for your vendor-review process
Your ATS and HRIS remain the source of truth
Ciao apps do not replace Workday, BambooHR, Greenhouse, Lever or whatever anchors your stack. They integrate through those systems' APIs — reading roles, candidates and org structure, writing back status changes — and keep workflow state, documents and sign-offs in their own Supabase backend. Employment records stay where auditors expect them; the workflow finally gets software of its own.
One honest boundary: Ciao builds workflow tooling, not employment-law advice. Policies about retention, adverse-impact analysis or works-council requirements come from your counsel; Ciao makes them operational and auditable once decided.
Most teams start integrations read-only: org structure, roles and candidate stages flow in, and nothing writes back until the workflow has earned trust. Write-backs are then added deliberately — status changes to the ATS, completed onboarding tasks to the HRIS — each behind its own review policy, so the systems of record never receive an unreviewed change.
How an HR build runs
1. Describe the workflow
'Onboarding portal: offer accepted triggers tasks for IT, payroll and the manager; new hire uploads documents; HR sees completion across all starters.'
2. Map the sensitive areas
Ciao's AI CTO plans the build and maps business areas — personal data, comp, case records — so protections attach before the first screen exists.
3. Build with people ops
The HRBP refines the live preview directly with inspect-to-prompt; the tool matches your actual process, not a template's idea of it.
4. Test the paths that embarrass
QA replays the access boundaries and workflow transitions deterministically on every change — the 'can a manager see another team's cases' test runs every time.
5. Govern with recorded review
Plain-English Guardrails policies cover access rules and comp logic; every risky change carries a recorded human sign-off.
6. Deploy where your data must live
Ciao cloud, your own AWS, Azure or GCP account, private VPC or on-prem — with data residency options where jurisdiction demands it.
People workflows: spreadsheets vs governed software
| Workflow | Spreadsheet reality | Ciao-built app |
|---|---|---|
| Onboarding | Checklist in someone's head, silence before day one | Portal with tasks, documents and visible progress |
| ER cases | Manager inboxes, no retention control | Need-to-know case records with audit history |
| Comp review | Master sheet, one permission slip from disaster | Budget envelopes, calibration views, approval chains |
| Access control | Whoever has the link | SSO, MFA and roles from your identity provider |
| Who changed the rules | Unknowable | Guardrails review recorded behind every merge |
| Cost model | Free until the incident | A program you own, starting at USD 10,000 per year |
Starting point and commercial fit
Teams usually start with onboarding — it is visible, cross-functional and safe to pilot — then move to the confidential workflows once access controls have earned trust. Serious development programs start at USD 10,000 per year; bring your ATS, HRIS and the workflow currently living in a spreadsheet to a conversation with sales. Individual builders can start self-serve with credits.
One pattern worth copying from teams that have done this well: give the pilot a named owner in people ops, not in IT. These tools succeed when the person who runs the process owns the backlog — and HR describing changes in plain language, without a translation layer, is the entire point of the platform.
Frequently asked questions
Does Ciao replace our ATS or HRIS?
No. Ciao builds the workflow layer around them — onboarding, cases, comp, referrals — integrating through their APIs while your systems of record keep the employment data. That separation is deliberate: auditors and payroll depend on the HRIS staying authoritative.
How is confidential HR data protected?
Role-based access control enforces need-to-know boundaries, SSO and optional MFA run through your identity provider, inference operates under zero-retention model contracts, and customer code is never used for training. An append-only audit trail covers merges, deploys and admin actions.
Can we keep employee data in a specific region?
Yes. Ciao supports data residency options and can deploy to your own cloud account, private VPC or on-prem under separate terms — relevant for GDPR-scoped teams and works-council environments.
Who reviews changes to sensitive logic like comp calculations?
You decide, in plain English. Guardrails applies policies such as 'comp module changes require the head of reward's review', detects risky changes automatically, and records the human sign-off behind every merge.
Can recruiting agencies use this for client-specific pipelines?
Yes — agencies build client-branded trackers and portals they own outright, since everything is standard React and TypeScript with full code ownership. Client data stays separated per app with its own access model.
Is this legal or compliance advice?
No. Ciao builds and governs workflow tooling; retention rules, employment-law requirements and policy decisions come from your counsel and people team. Ciao makes those decisions operational, testable and auditable.