Data Protection

We are putting a lot of effort into developing a secure platform that is compliant with current laws and regulation. GDPR is no exception. We are constantly making sure that the underlying infrastructure is suitably equipped to meet the GDPR requirements including, but not limited to, the following:

  • Right to be informed
  • Right of access
  • Right to be forgotten
  • Only disclose personal information to the right person

Yes. We employ state-of-the-art measures to ensure a solid level of protection. All personal data that we maintain on behalf of our customers is centralized and encrypted with encryption keys stored separately, which facilitates crypto shredding. Read more under “Encryption”.

We employ several strategies for securing our platform. In the unlikely event of a data breach, we will determine the scope and notify the affected customer immediately. Our development team will consider the incident top priority.

We do not transfer data to non-EU countries ourselves. The service is however available for our customers to use globally.



Hailey HR is using crypto shredding to ensure maximum data security. It is the practice of rendering sensitive data unreadable by deliberately overwriting or deleting encryption keys used to secure that data. If a user wants to exercise their “right to be forgotten,” we can easily delete the appropriate key, effectively “shredding” the encrypted data without interfering with related personal data.

Personal data is encrypted at rest using AES256. Communication with services is secured by HTTPS using TLS 1.2. This is the industry standard technology and widely used by everybody from Google to big banks.


We have no functionality for Hailey HR employees to access customers’ data. Each customer is responsible for maintaining its own data and each environment has a separate data store.

Hailey HR is built according to the principles for privacy by default. This means that all newly created user accounts, by default, have no rights beyond editing their own profile. Company administrator can, however, upgrade user permissions.

Customer data is stored in Azure Data Centers, primarily in Western Europe (Amsterdam) with failover to Northern Europe (Dublin).

Our services are hosted in Microsoft’s cloud solution, Azure, which is the main third party involved in our operations. Apart from Microsoft, we use a third party for document signing and platform communication.

We apply a multitude of strategies for securing data.

  • OIDC is used for accessing services with token signing handled by Azure key vault certificates.
  • Personal data is centralized, encrypted, and stored separately from encryption keys.
  • All data is partitioned based on customer and can only be access through a security token containing the customer id.

Purpose Limitation

We persist data related to the contract and dispose of all other data.

The customer is and remains the owner and controller of the data. This means that the customer is responsible for respecting the rights of data subjects. Hailey HR is the order processor and, in this capacity, processes your data exclusively at your instruction and for the purposes laid down in the data processing agreement.


Backups are kept for 30 days. All other data is disposed of from the data stores provided by Azure.

Data is backed up every day.

Made with in Sweden

Follow Us