Skip to main content
Yena is built for European recruiting firms, and the posture is stated plainly on the product itself: GDPR compliant · EU data centers · SOC 2.

The layers

  • Data location — EU data centers; candidate and client data in your workspace stays under the European regime your clients expect.
  • Access control — workspace roles via Team settings, per-account activity in the Audit Log, and client-side access via the portal’s Manage Access.
  • The processing relationship — you’re the controller, Yena the processor; the Data Processing Agreement formalizes it, the Privacy Policy covers what Yena itself processes.
  • The public surfacesportal and careers links are unguessable tokenized URLs, portals can be taken offline with one switch, and the Anonymize Names toggle keeps identities out of pre-contract reviews.

Questions we get in vendor reviews

Security questionnaires and DPA specifics: contact us and we’ll work through your firm’s checklist directly — that path is faster than reverse-engineering it from documentation.
For your own duties as controller — lawful basis, retention, erasure — start with GDPR and candidate data and Sourcing responsibly.