Trust Center | Jobilla

Solutions
- Product
  Meet AIR. One platform. Every step of the recruitment journey.
- For Employers
  - Plans & pricing
    Find the plan that fits your hiring pace.
- For Staffing Agencies
  Hire faster with AI-powered social media recruiting.
Industries
Success stories
About us
- Company
  - Contact Us
- Content Hub
  - References

EN

EN

EU Data Residency

100% of data stored in the EU
All candidate and recruiter data is stored and processed exclusively within the EU
Hosted on AWS EU infrastructure (Stockholm)

GDPR Compliance

Fully GDPR-compliant data processing with a published Data Processing Agreement (DPA)
Appointed Data Protection Officer (DPO) — contact: privacy@jobilla.com
Candidate consent managed directly in the platform

GDPR

ISO 27001

ISO 27001 certification in progress — final audit scheduled September 2026
Role-based access controls, MFA, and least-privilege principles applied across all systems
Right to audit included in the DPA

ISO 27001

Transparency

Publicly available TOM and DPA at jobilla.com
Security questionnaire answers pre-documented — no weeks-long information exchange required
Counter-signed DPA and custom arrangements available for enterprise procurement

AI & Decision-making

Jobilla AI Recruiter's AI generates and optimises campaign content — it does not evaluate, score, or filter candidates
No automated decision-making about individuals — GDPR Article 22 is not engaged
Candidate data is never used to train AI models
Low-risk classification under the EU AI Act

EU AI Act

Data Retention & Deletion

Retention periods are set and managed by your team directly in the platform
Candidate data can be deleted at any time — takes effect without undue delay
Default retention periods documented in the DPA
Candidates can exercise their right to erasure via your organisation or directly through Jobilla

Sub-processors

Full sub-processor list publicly available at jobilla.com
Primary infrastructure: AWS EU (Stockholm) and Google Cloud — both ISO 27001 and SOC 2 Type II certified
Meta is not a sub-processor — campaign signals sent via server-side API, no candidate PII shared

Candidate Rights

Candidates can access, correct, or delete their data at any time
Requests handled via your organisation or directly through Jobilla
Response within 30 days in line with GDPR requirements

Incident Response

Affected customers and candidates notified without undue delay
Incident response procedures documented and tested regularly

Whether you have questions, need a demo, or want to explore how Jobilla can streamline your hiring process, we’re here to help. Fill out the form below, and our team will get back to you soon.