en-gb

Trust Centre

Welcome to Hailey's Trust Centre. Here, you'll find everything you need to know about our security, privacy and compliance practices.

GDPR

Hailey was founded to offer a fully GDPR-compliant HR platform with no grey areas. That shapes everything we do;

  • which features we build and how they work
  • how data is restricted yet made accessible
  • where the data is stored and when its deleted

Our guiding principle from day one has been that GDPR should never be something our customers have to worry about. The platform supports configurable data retention policies and automatic deletion of personal data, all in line with GDPR requirements.

Data protection is a shared responsibility at Hailey. Our legal, product and development teams work closely together to strengthen our architecture, scrutinise suppliers, and keep our policies current.

To secure your data both now and in the future, all employee data is stored on servers within the EU, operated by European-owned companies, ensuring your data never falls under the jurisdiction of non-European surveillance laws.

European Sovereignty

Data residency tells you where data is stored. Data sovereignty tells you who controls it.

Under GDPR, only the latter is legally relevant. A US-based provider remains a US legal entity regardless of server location, making your data potentially subject to FISA 702 and the CLOUD Act.

All personal data in Hailey is processed exclusively with EU-owned suppliers, without exception, covering user data, metadata, logs, operations and backups. We scrutinise sub-suppliers too, so there are no weak links in the chain.

We've chosen this path since the EU-US Data Protection Framework rests on an Executive Order, not legislation, meaning it can be revoked overnight. We believe genuine data protection shouldn't depend on politically fragile agreements.

For our customers the risk is eliminated by design, not temporarily managed. No Transfer Impact Assessments, no dependency on fragile agreements, and no urgent supplier changes if the DPF falls.

Data Processing Agreement

As a data processor, we have a responsibility to be transparent about how we handle your data. Our DPA sets out exactly what data we process, why, and how.

Read the DPA here.

Sub-processors

UpCloud Oy

UpCloud is our sub-processor for computing, transfer and storage of data.

Läs mer »

Bitio Services AB

Bitio is our sub-processor for electronic signatures of documents.

Läs mer »

Webpower Scandinavia AB

Webpower Scandinavia AB (the Swedish subsidiary of Spotler Group B.V) is our sub-processor for e-mail services.

Läs mer »

Scaleway SAS

Scaleway is our sub-processor for cloud computing, transfer and storage of data, including hosting of our AI models and related infrastructure.

Läs mer »

Privacy Policy

In our Privacy Policy you'll find everything about how we collect and use your personal data across our website and digital channels, and why.

Read the Privacy Policy here.

Contact us

If you'd like to learn more about how we handle and protect your data, or discuss your specific security requirements, feel free to reach out to our Data Protection Officer directly: dpo@haileyhr.com