Skip to main content
All CollectionsCompliance and information security
Recruitee's ISO 27001 certificate, data centers, and GDPR compliance

Recruitee's ISO 27001 certificate, data centers, and GDPR compliance

Where Recruitee stores data and what measures are taken

Updated over 8 months ago

ISO 27001 certification

ISO 27001 certification and SOC 2 assurance report

  • ISO 27001

    • A copy of Recruitee’s ISO 27001 certification can be found here.

    • Recruitee’s ISO 27001 statement of applicability can be found here.

    • Scope of Recruitee’s ISO 27001 certificate: The secure development, operation and delivery of the following Tellent Software as a Service products/modules: Core human resources information system (also marketed under the brand name “KiwiHR”), performance management (also marketed under the brand name “Javelo”), applicant tracking system (also marketed under the brand name “Recruitee”) and any product/module that provides unified functionality between those products/modules.

  • SOC 2

    • A copy of Recruitee’s SOC 2 (SSAE 16/ISAE 3402 Type II) report can be shared on request.

Data center strategy

Security, availability, and operational efficiency are all cornerstone elements of Recruitee's data center strategy and ISO 27001 certification. Therefore, Recruitee uses some of the world’s leading providers for its main server infrastructure: Google Cloud Platform (Google) and Amazon Web Services (Amazon). All services provided by Google and Amazon have received multiple certifications:

  • ISO 27001, 27017 and 27018

  • SOC 1, 2 and 3

  • CSA STAR

The above certifications are the leading certifications for cloud hosting providers and data centers in terms of confidentiality, integrity, and availability of data. You can expect on-site security staff, camera systems, access control, regular security tests, high redundancy, and a lightning-fast global network that’s built to host the world’s most important websites. Google and Amazon allow us to benefit from some of the same technology that powers their own websites.

Recruitee has performed a risk analysis to understand the risks of your data being included in mass surveillance and being subject to warrants from non-EU governments. One of the measures that we have taken is that we strictly host data in the European Union. The following Amazon and Google locations are used by Recruitee:

  • Google’s data centers in Frankfurt and Berlin, Germany (europe-west3), used for our main infrastructure (e.g. database servers and web servers)

  • Amazon’s data centers in Frankfurt, Germany (eu-central-1), used for file hosting and for storage of encrypted backups

  • Amazon’s data centers in Ireland (eu-west-1), used solely for our video answers feature

Our choice of data centers makes Recruitee one of the leading partners for GDPR compliance in recruitment tech.

Wherever your data is stored, Recruitee makes sure that your data is always yours. We never sell candidate data or any other information you collect. Contact support to learn more about how to export your data.

GDPR

In addition to great data centers, our GDPR features can also help you solidify your GDPR compliance.

Did this answer your question?