Is Personio safe with your data?
Personio
Personio SE
Good disclosure · medium confidence
Personio earns a B (68/100) because it discloses most of its data practices.
#16
of 211 apps ranked
68
score · HR & recruiting avg 54
+14
vs category average
Personio does not train on user inputs, limits data retention to 30 days post-termination, offers standard GDPR rights, but provides vague security controls and minimal change notification in its public privacy policy.
What Personio's privacy policy and terms of service say about your data
Training data
Policy is silent on whether user inputs train models , no opt-out or opt-in mechanism disclosed.
Data retention
30-day post-termination retention with customer deletion right explicitly stated in DPA section 10.2.
Breach notification
Commits to notify without undue delay per GDPR Article 33, with reference to legal standard.
Security controls
References generic 'Technical and Organisational Measures' (TOM) but names no specific controls (TLS, encryption, RBAC) or certifications (ISO 27001, SOC2).
What the policy is silent or vague on
- Not stated: keeping user inputs out of model training
- Not stated: a way to opt out of training
- Not stated: whether training use differs by plan
- Not stated: shorter retention for AI conversation logs
Personio privacy rating
Details
- Category
- HR & recruiting
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2025-10-01
- Region scored
- Global / US-default
- Last assessed
- 2026-07-08
Documents examined
Other hr & recruiting apps
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.