# Compliance > From data privacy to ethical AI use, HeyMilo actively meets regulatory standards and engages third-party auditors to maintain trust with employers and candidates alike. ## Regulatory Compliance & Certifications ### **GDPR Certified** 🇪🇺

[HeyMilo.AI](http://heymilo.ai) is officially **GDPR-certified**, demonstrating its commitment to safeguarding personal data and maintaining user privacy across the EU and beyond. This certification ensures adherence to principles such as: * Transparency in data handling * Data minimisation and purpose limitation * Lawful and secure processing of personal information 🔗 [Read our full blog on GDPR compliance](https://www.heymilo.ai/blog/why-gdpr-matters--and-what-it-means-that-heymilo-is-now-certified) 🧾 Recruiters and clients can request official certification documentation and safeguards through the [HeyMilo Trust Center](https://trust.heymilo.ai/). ### SOC 2 Type I & Type II Compliant 🔐

HeyMilo has achieved **SOC 2 Type I and Type II** certifications, verifying that its systems are designed and operated to manage data securely in alignment with industry standards. * **Type I**: Confirms the design of security, availability, confidentiality, processing integrity, and privacy controls at a specific point in time. * **Type II**: Demonstrates these controls have been consistently maintained and effective over an extended review period. This dual certification gives clients confidence that their candidate data is stored, processed, and protected with robust, continuously validated safeguards. 🔗 [Read about our SOC 2 compliance](https://www.heymilo.ai/blog/heymilo-achieves-soc-2-type-1-compliance-what-it-is-why-it-matters-for-your-business) 🧾 Access SOC 2 reports and documentation via the [Trust Center](https://trust.heymilo.ai/). ### Fair AI & **Third-Party** Bias Auditing ✅

HeyMilo is committed to **fair and equitable candidate evaluation**. To uphold this, the platform undergoes regular **third-party bias audits** to ensure its AI does not discriminate based on gender, race, accent, or appearance. * The software evaluates candidates **only on their spoken words** via transcript analysis * No analysis of facial expressions, body language, or vocal tone is used * Audit results are **publicly available** via an internal transparency dashboard 🔗 Learn more about our approach to fairness 🧾 View our [AI Assurance Dashboard](https://trust.warden-ai.com/heymilo) ### Summary for Recruiters | Compliance Type | Status | Details | | ----------------- | ------------------ | ------------------------------------------------------------------------------------------------------------- | | **GDPR** | ✅ Certified | EU privacy laws fully implemented and externally validated | | SOC 2 Type I & II | ✅ Certified | Security, availability, confidentiality, and privacy controls designed, implemented, and maintained over time | | **Bias Audits** | ✅ Ongoing & Public | Transparent dashboard and 3rd-party validation to prevent AI bias | ### Why It Matters to Recruiters Recruiters using [HeyMilo.AI](http://heymilo.ai) benefit from: * **Peace of mind**: Compliance with strict data protection and security regulations * **Brand safety**: Ethical and auditable hiring practices * **Hiring equity**: AI that levels the playing field for diverse candidate pools * **Transparency**: Access to trust reports, audit data, and certification documentation ### Explore Further * 📚 [Visit the HeyMilo Blog](https://www.heymilo.ai/blog) * 📄 [GDPR & SOC 2 Trust Report](https://trust.heymilo.ai/) * 📊 [Bias Audit Dashboard](https://trust.warden-ai.com/heymilo/ai-candidate-screening) ## Compliance Logs HeyMilo provides three log views to help you track data activity across your workspace. Find them under **Settings → Compliance**.

Delete Logs

View candidate deletion requests and scheduled deletions for your workspace.

Filter by: * **Status:** All, Pending, Processed * **Date range:** From / To This log helps you track GDPR deletion requests and confirm when candidate data has been removed.

Access Logs

View all permission-based access events in your workspace.

Each entry shows: * **Permission:** What action was attempted (e.g., Posting Read, Candidate Write) * **Status:** Granted or Denied * **Resource:** What was accessed * **User:** Who performed the action (email and role) * **Endpoint:** The API route accessed * **Date:** When it happened Filter by permission type to narrow results. {% hint style="info" %} Only Admins can view Access Logs. {% endhint %}

Export Logs

View all data exports made from your workspace.

* **Type:** What was exported * **Status:** Completed, Processing, or Failed * **Candidates:** How many candidates were included * **Size:** File size of the export * **Exported By:** Who initiated the export * **Date:** When the export was created * **Actions:** Download the exported file Filter by type to find specific exports.

#### Why Compliance Logs Matter These logs give your team a complete audit trail for: * **GDPR compliance:** Track who accessed or deleted candidate data * **Internal auditing:** See what actions team members are taking * **Security monitoring:** Identify denied access attempts * **Data governance:** Keep records of all exports ## Additional resources For additional information not covered here, reach out to --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.admin.heymilo.ai/getting-started/what-is-heymilo/compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.