All apps

Is Personio safe with your data?

B
Personio icon

Personio

Personio SE

68/100

Good disclosure · medium confidence

Personio earns a B (68/100) because it discloses most of its data practices.

#16

of 211 apps ranked

68

score · HR & recruiting avg 54

+14

vs category average

Grade scaleA · 70–100B · 60–69C · 48–59D · 35–47F · 0–34

Personio does not train on user inputs, limits data retention to 30 days post-termination, offers standard GDPR rights, but provides vague security controls and minimal change notification in its public privacy policy.

What Personio's privacy policy and terms of service say about your data

Training data

Policy is silent on whether user inputs train models , no opt-out or opt-in mechanism disclosed.

Data retention

30-day post-termination retention with customer deletion right explicitly stated in DPA section 10.2.

Breach notification

Commits to notify without undue delay per GDPR Article 33, with reference to legal standard.

Security controls

References generic 'Technical and Organisational Measures' (TOM) but names no specific controls (TLS, encryption, RBAC) or certifications (ISO 27001, SOC2).

What the policy is silent or vague on

  • Not stated: keeping user inputs out of model training
  • Not stated: a way to opt out of training
  • Not stated: whether training use differs by plan
  • Not stated: shorter retention for AI conversation logs

Personio privacy rating

Training-data use1 of 4 disclosed
Keeps user inputs out of model training, or makes training opt-inSilent
Names a way to opt out of or into trainingSilent
Says whether training use differs by plan or tierSilent
Lets the user keep ownership of generated outputsDisclosed
Data-subject rights5 of 5 disclosed
Grants a right to access your dataDisclosed
Grants a right to delete your dataDisclosed
Offers data portability in a usable formatDisclosed
Grants a right to correct your dataDisclosed
Grants a way to object to or opt out of processingDisclosed
Retention and deletion1 of 4 disclosed
States a retention period for your dataPartial
States a deletion timeline after closure or requestDisclosed
Sets a shorter retention for AI conversation logsSilent
Commits to collecting only the data it needsSilent
Third-party sharing4 of 5 disclosed
Lists the categories of third parties it shares withDisclosed
References a sub-processor list or data processing agreementDisclosed
Does not sell or share data for advertising, or offers opt-outDisclosed
Names a safeguard for international data transfersDisclosed
States a standard for government and law-enforcement accessSilent
Transparency3 of 4 disclosed
Discloses that you are interacting with AIDisclosed
Marks AI-generated or synthetic outputNot applicable
Enumerates the categories of data it collectsDisclosed
Maps processing purposes to legal basesDisclosed
Is versioned and dated, with change noticeSilent
Sensitive data and children2 of 3 disclosed
Discloses automated decisions and a human-review pathDisclosed
Limits the use of special-category dataSilent
Governs biometric data specificallyNot applicable
States protections for children's dataDisclosed
Security and accountability2 of 3 disclosed
Describes its security safeguardsPartial
Commits to breach notificationDisclosed
Names a certification or a privacy contactDisclosed
DisclosedPartialSilentAdverseNot applicable

Details

Category
HR & recruiting
Modalities
text
Processes biometrics
No
Policy last updated
2025-10-01
Region scored
Global / US-default
Last assessed
2026-07-08

Documents examined

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.

Is Personio safe with your data? Grade B | AI App Trust & Transparency Index