> ## Documentation Index
> Fetch the complete documentation index at: https://support.yena.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security overview

> Where Yena stands on security and compliance, and where the formal documents live.

Yena is built for European recruiting firms, and the posture is stated plainly on the product itself: **GDPR compliant · EU data centers · SOC 2**.

## The layers

* **Data location** — EU data centers; candidate and client data in your workspace stays under the European regime your clients expect.
* **Access control** — workspace roles via [Team settings](/en/workspace/team-and-workspace-settings), per-account activity in the [Audit Log](/en/workspace/audit-log-and-data-quality), and client-side access via the portal's **Manage Access**.
* **The processing relationship** — you're the controller, Yena the processor; the [Data Processing Agreement](https://www.yena.ai/data-processing-agreement) formalizes it, the [Privacy Policy](https://www.yena.ai/privacy-policy) covers what Yena itself processes.
* **The public surfaces** — [portal and careers links](/en/portal/public-links) are unguessable tokenized URLs, portals can be taken offline with one switch, and the **Anonymize Names** toggle keeps identities out of pre-contract reviews.

## Questions we get in vendor reviews

Security questionnaires and DPA specifics: [contact us](https://www.yena.ai/contact) and we'll work through your firm's checklist directly — that path is faster than reverse-engineering it from documentation.

<Note>
  For your own duties as controller — lawful basis, retention, erasure — start with [GDPR and candidate data](/en/privacy/gdpr-and-candidate-data) and [Sourcing responsibly](/en/sourcer/sourcing-responsibly).
</Note>
