Compliance
From data privacy to ethical AI use, HeyMilo actively meets regulatory standards and engages third-party auditors to maintain trust with employers and candidates alike.
Regulatory Compliance & Certifications
GDPR Certified πͺπΊ
HeyMilo.AI is officially GDPR-certified, demonstrating its commitment to safeguarding personal data and maintaining user privacy across the EU and beyond. This certification ensures adherence to principles such as:
Transparency in data handling
Data minimisation and purpose limitation
Lawful and secure processing of personal information
π Read our full blog on GDPR compliance
π§Ύ Recruiters and clients can request official certification documentation and safeguards through the HeyMilo Trust Center.
SOC 2 Type I & Type II Compliant π
HeyMilo has achieved SOC 2 Type I and Type II certifications, verifying that its systems are designed and operated to manage data securely in alignment with industry standards.
Type I: Confirms the design of security, availability, confidentiality, processing integrity, and privacy controls at a specific point in time.
Type II: Demonstrates these controls have been consistently maintained and effective over an extended review period.
This dual certification gives clients confidence that their candidate data is stored, processed, and protected with robust, continuously validated safeguards.
π Read about our SOC 2 compliance
π§Ύ Access SOC 2 reports and documentation via the Trust Center.
Fair AI & Third-Party Bias Auditing β
HeyMilo is committed to fair and equitable candidate evaluation. To uphold this, the platform undergoes regular third-party bias audits to ensure its AI does not discriminate based on gender, race, accent, or appearance.
The software evaluates candidates only on their spoken words via transcript analysis
No analysis of facial expressions, body language, or vocal tone is used
Audit results are publicly available via an internal transparency dashboard
π Learn more about our approach to fairness
π§Ύ View our AI Assurance Dashboard
Summary for Recruiters
GDPR
β Certified
EU privacy laws fully implemented and externally validated
SOC 2 Type I & II
β Certified
Security, availability, confidentiality, and privacy controls designed, implemented, and maintained over time
Bias Audits
β Ongoing & Public
Transparent dashboard and 3rd-party validation to prevent AI bias
Why It Matters to Recruiters
Recruiters using HeyMilo.AI benefit from:
Peace of mind: Compliance with strict data protection and security regulations
Brand safety: Ethical and auditable hiring practices
Hiring equity: AI that levels the playing field for diverse candidate pools
Transparency: Access to trust reports, audit data, and certification documentation
Explore Further
π Bias Audit Dashboard
Compliance Logs
HeyMilo provides three log views to help you track data activity across your workspace. Find them under Settings β Compliance.
Delete Logs
View candidate deletion requests and scheduled deletions for your workspace.
Filter by:
Status: All, Pending, Processed
Date range: From / To
This log helps you track GDPR deletion requests and confirm when candidate data has been removed.
Access Logs
View all permission-based access events in your workspace.
Each entry shows:
Permission: What action was attempted (e.g., Posting Read, Candidate Write)
Status: Granted or Denied
Resource: What was accessed
User: Who performed the action (email and role)
Endpoint: The API route accessed
Date: When it happened
Filter by permission type to narrow results.
Only Admins can view Access Logs.
Export Logs
View all data exports made from your workspace.
Type: What was exported
Status: Completed, Processing, or Failed
Candidates: How many candidates were included
Size: File size of the export
Exported By: Who initiated the export
Date: When the export was created
Actions: Download the exported file
Filter by type to find specific exports.
Why Compliance Logs Matter
These logs give your team a complete audit trail for:
GDPR compliance: Track who accessed or deleted candidate data
Internal auditing: See what actions team members are taking
Security monitoring: Identify denied access attempts
Data governance: Keep records of all exports
Additional resources
For additional information not covered here, reach out to [email protected]
Last updated