Trust Center

Built to be the most trusted compliance-first HR platform in Europe.

Settio handles personal and immigration data for international hires. That comes with serious responsibility. This page gathers everything procurement, legal, IT, and security teams need to evaluate us — GDPR, security, AI use, subprocessors, and more.

Request DPA / security packRead security overview

EU / EEA

Hosted in

TLS 1.2+

Encryption in transit

AES-256

Encryption at rest

100%

MFA on admin tooling

How we earn trust

Six commitments we hold ourselves to.

GDPR by design

Built on EU data protection principles: lawful basis, minimization, purpose limitation, transparency, and full data subject rights.

EU data residency

Personal data is stored and processed in the EU/EEA. We do not transfer personal data outside the EEA without SCCs and supplementary safeguards.

Encryption everywhere

TLS 1.2+ in transit, AES-256 at rest, encrypted backups, hardware-backed key management.

Responsible AI

Customer data is never used to train third-party foundation models. Human-in-the-loop on every decision that affects a person.

Least-privilege access

Role-based access, SSO, MFA on all admin tooling, audited internal access, and strict employee onboarding/offboarding.

Customer-controlled data

Export, correct, or delete data at any time. We give you full ownership over what your team and your hires put in.

Documents & policies

Everything you need for procurement.

Public versions of our agreements and policies. Need a countersigned DPA, SOC 2 / ISO 27001 progress update, or our security questionnaire? Email [email protected].

Privacy Policy

How we collect, use, share, and protect personal data — written for the GDPR.

Read

Terms of Service

The contract that governs your use of Settio's products and services.

Read

Data Processing Agreement

Article 28 GDPR DPA covering Settio's role as your processor, plus the SCCs.

Read

Security Overview

Our application, infrastructure, organizational, and incident response controls.

Read

AI & Responsible Use

How Settio uses AI, what we don't do with your data, and how to keep humans in control.

Read

Cookie Policy

Cookies and similar technologies we use, and how to control them.

Read

Subprocessors

Vendors that may process customer personal data on our behalf, and where they operate.

Read

Where your data lives

Customer personal data is stored and processed in the EU/EEA (primary region: Stockholm, Sweden). Backups remain in the EU. Any transfer outside the EEA, where unavoidable, is governed by Standard Contractual Clauses (SCCs) plus supplementary technical measures.

Reporting & contact

Privacy: [email protected]
Security: [email protected]
Vulnerability disclosures are welcome at the same address.

Our promise

We don’t sell personal data. We don’t mine your hires’ data for advertising. We don’t train third-party AI models on your content. You stay in control — always.