An HR platform inherently handles highly sensitive data: salaries, contracts, health, performance reviews. Illizeo commits to three major compliance pillars and supports customers in their own audits.
Certifications and compliance #
| Standard | Scope | Illizeo status |
|---|---|---|
| GDPR (EU 2016/679) | EU personal data | Compliant, in-house DPO |
| nFADP (Switzerland, 2023) | Swiss personal data | Compliant |
| ISO 27001 | Information security management | Certified 2024 |
| SOC 2 Type II | Security, availability, integrity controls | Audited yearly |
| HDS (France) | Health data hosting | Qualified HDS sub-processor |
Concrete commitments #
-
Sovereign hosting #
Data hosted in Switzerland (Vaud) or France (Île-de-France) based on your tenant. No transfer outside EU/Switzerland.
-
End-to-end encryption #
TLS 1.3 in transit, AES-256 at rest, keys managed via KMS with automatic rotation.
-
Signed DPA #
Standard Data Processing Agreement provided at signature, supplemented by annexes on request (sub-processors, international transfers).
-
GDPR rights tooling #
Access, rectification, erasure, portability, objection: dedicated interface for employees and HR.
-
Annual audit and bug bounty #
Annual external pentest + permanent bug bounty program. Vulnerabilities fixed within 7-30 days depending on severity.
FAQ #
How do I get your audit reports?
SOC 2 report and ISO 27001 certificate available on request under NDA. Contact your CSM or compliance@illizeo.com.
Sub-processors used?
Up-to-date list on the Sub-processors page. Updated 14 days before any change.
Transfers outside EU?
None by default. If needed (e.g. email via US provider), governed by Standard Contractual Clauses.
What happens on a breach?
Authority notification within 72h. Customer notification within 48h. Remediation plan published.
