Are we GDPR compliant by using SourceHire?

SourceHire is built to make GDPR compliance straightforward, but the legal obligations of a data controller remain with you (the employer).

You must: sign our Data Processing Agreement (/legal/dpa), maintain a lawful basis for processing each candidate's data, respond to data subject access requests within 30 days, and notify candidates of any breach.

SourceHire as the processor: provides infrastructure security (TLS, encryption at rest, access controls), audit logs, granular consent tracking, and the candidate self-service surface at /apply/me.