> ## Documentation Index
> Fetch the complete documentation index at: https://support.yena.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Sourcing responsibly

> Working with AI-sourced candidates under GDPR: legitimate interest, restraint with contact data, and honest client reporting.

AI sourcing doesn't change your legal obligations; it makes discipline easier to keep. A few working rules that hold up in DACH practice:

## Have the mandate before the search

Legitimate interest is the usual lawful basis for sourcing, and it's strongest when there's a real, current role behind the search. Yena's structure supports that: searches start from a brief, and candidates connect to a mandate. A pool built "just in case" is where legal bases get thin.

## Reveal contacts when you intend to act

Contact details are personal data. The reveal step costs a [data credit](/en/sourcer/finding-contact-details) precisely so it's a decision, not a default: reveal when you're actually going to reach out for the mandate at hand, not for every row on a shortlist.

## Be answerable to the candidate

If a candidate asks where you got their data, you need an answer. Sourced profiles in Yena keep their origin and history on the [candidate record](/en/pipeline/candidate-records), and erasure requests are handled per [GDPR and candidate data](/en/privacy/gdpr-and-candidate-data).

## Keep the client side clean

The [client portal's](/en/portal/sharing-a-shortlist) **Anonymize Names** toggle exists for the phase before a contract is signed: the client sees profiles, not identities. That protects candidates and your placement fee at the same time.

<Note>
  None of this is legal advice; it's operating practice. For your firm's specific obligations, your data-protection officer has the last word.
</Note>
