Last updated on 24th June 2026
Allsorter is committed to protecting customer and candidate data through industry-leading security controls, responsible AI governance, privacy-by-design principles and transparent compliance practices.
For security, privacy, compliance or data protection enquiries, contact:
Certifications and Compliance
Allsorter maintains the following certifications and compliance commitments:
- ISO 27001 certified
- Cyber Essentials Plus certified
- EU GDPR compliant
- UK GDPR compliant
- Data Processing Agreement (DPA) available
- Modern Slavery and Forced Labour Statement
- Responsible AI Governance Framework
Security Controls
Infrastructure Security
- AWS-hosted cloud infrastructure
- Data hosted within the European AWS region
- Network segmentation and access controls
- Firewalls and access control lists
- Secure backup procedures
- Business continuity and disaster recovery planning
Product Security
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Multi-factor authentication
- Role-based access controls
- Least-privilege access model
- Access logging and monitoring
- Periodic penetration testing
- Periodic vulnerability scanning
- Segregated production, backup and testing environments
Organisational Security
- Information Security Management System (ISMS)
- Mandatory security awareness training
- Mandatory data protection training
- Confidentiality obligations for all personnel
- Periodic access reviews
- Incident response procedures
- Security governance programme
- Supplier security reviews
Data Privacy Controls
- Privacy by design and by default
- Data minimisation principles
- Automated retention controls
- Customer-controlled retention settings
- Secure deletion procedures
- GDPR-aligned processing controls
Data Processing & Privacy
Allsorter processes candidate CVs, resumes and related recruitment information solely for the purpose of delivering the services requested by customers.
We do not:
- Sell customer data
- Sell candidate data
- Share customer data for advertising purposes
- Use customer or candidate data to train AI models
Customer data remains under the control of the customer at all times.
Where no specific retention period has been agreed, uploaded personal data is retained for seven days before being automatically marked for deletion.
Responsible AI and EU AI Act
Allsorter uses artificial intelligence to support CV formatting, resume restructuring, anonymisation, text extraction and recruitment productivity workflows.
Our AI features are designed to assist users, not replace human judgement.
Our AI Principles
Candidate First
Our technology is designed to improve candidate presentation and help recruitment teams represent candidates accurately and professionally.
Human Oversight
Users remain responsible for reviewing, approving and using AI-generated outputs.
Transparency
We are transparent about where AI-assisted functionality is used within the platform.
Fairness
We aim to minimise bias and support fair candidate representation.
Privacy and Security
Customer and candidate data is protected through the same security controls that apply throughout the Allsorter platform.
No AI Training
Neither Allsorter nor our AI subprocessors use customer or candidate data to train AI models.
No Data Resale
Customer and candidate data is never sold or resold.
Controlled Processing
AI subprocessors are contractually restricted to processing data only for service delivery purposes and do not retain customer data beyond processing unless legally required.
Continuous Improvement
We regularly review our AI governance practices, supplier controls and security measures.
EU AI Act
Allsorter monitors developments relating to the EU AI Act and maintains a risk-based approach to AI governance.
We assess our AI-enabled functionality against applicable regulatory obligations and implement appropriate controls relating to transparency, human oversight, security, privacy and accountability.
Modern Slavery and Forced Labour
Allsorter is committed to preventing modern slavery, human trafficking and forced labour within its operations and supply chain.
Our Commitment
We maintain a zero-tolerance approach to:
- Modern slavery
- Human trafficking
- Forced labour
- Bonded labour
- Child labour
- Exploitative labour practices
Supplier Due Diligence
As part of supplier onboarding and periodic review activities, we may assess:
- Supplier policies and public statements
- Modern slavery commitments
- Industry and geographic risk factors
- Adverse media and regulatory findings
- Labour-intensive operating models
Where elevated risks are identified, additional review or remediation measures may be applied.
Reporting Concerns
Employees, contractors and suppliers are encouraged to report concerns relating to unethical labour practices, modern slavery or human trafficking.
Reports are reviewed appropriately and without retaliation against individuals raising concerns in good faith.
Third-Party Subprocessors
Resources
The following documents are available on request:
- ISO 27001 Certificate
- Cyber Essentials Plus Certificate
- Latest Penetration Test Report
- Signed Data Processing Agreement (DPA)
- Insurance policy
- Modern Slavery and Forced Labour Policy
To request documentation, contact: dataprotection@allsorter.com. You will be asked to sign an NDA for confidential documents.
Contact
Contact point for data protection inquiries:
Current DPO: Ms. T Latta
dataprotection@allsorter.com
Datalive Ltd.
NexusUCD
Belfield Innovation Park
Dublin 4, Dublin, Ireland