Data Processors
Last updated: 2 June 2026
Effective date: 2 July 2026
Transparency and Data Protection
At HI Assessments, we are committed to protecting your personal data and maintaining full transparency about how we process it. As required by the General Data Protection Regulation (GDPR), we provide this list of data processors who process personal data on our behalf to deliver our services.
All data processors have been carefully selected and maintain appropriate technical and organizational security measures to protect your data in accordance with GDPR requirements.
Our Data Processors
The following service providers process personal data on behalf of HI Assessments:
The list below reflects updates that take effect on 2 July 2026. In accordance with our Data Processing Agreement, these changes are published here with at least thirty (30) days' notice.
| Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Google Cloud Platform (Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; a subsidiary of Google LLC, United States) | Application hosting, database storage, session management, secrets storage, and all core platform infrastructure. Additionally, AI-assisted generation of structured assessment summaries, insights, and conversational analysis to support professional interpretation, using Vertex AI (Gemini models) within our Google Cloud environment — only when AI features are enabled. | All application data including user accounts, assessment results, tenant data, and related information. For AI features: pseudonymized candidate identifiers and assessment data. | European Economic Area (Belgium — europe-west1 region) |
| Lettermint (Lettermint B.V., Willemsvaart 16 B, 8019 AB Zwolle, Netherlands) | Sending transactional emails such as user invitations, password reset notifications, and system communications. | Recipient email addresses and names, and the content of the transactional email messages (e.g., invitation and password-reset links). | European Economic Area (Netherlands; backups in France and Germany) |
| Crisp (Crisp IM SAS, 2 Boulevard de Launay, 44100 Nantes, France) | Live chat support and customer messaging platform for real-time assistance. | Chat messages, contact information (if provided), and technical data required for chat functionality. | European Economic Area (Netherlands, Germany, and Ireland) |
| Kombo (Kombo Technologies GmbH, Rosenthaler Str. 72A, 10119 Berlin, Germany) | Unified API integrations to optimize HR processes and synchronize data with applicant tracking systems (ATS) and HR/payroll software. Only used for customers who explicitly choose to enable an integration via Kombo. | Employee, applicant/candidate, and payroll data synchronized from the customer's chosen HR/ATS system (e.g., names, contact details, application and employment data). | European Economic Area (Netherlands and Germany) |
| Langfuse (Langfuse GmbH, Gethsemanestr. 4, 10437 Berlin, Germany) | LLM observability and monitoring — logging AI interactions, prompt management, output quality sampling, and compliance tracing (only when AI features are enabled). | AI prompts and responses containing pseudonymized candidate identifiers and assessment data. | European Economic Area (AWS eu-west-1, Ireland) |
Data Protection Safeguards
Our data processors maintain appropriate safeguards to protect your personal data:
- EU-Based Processing: All customer personal data is hosted and processed within the European Economic Area (EEA). We do not transfer customer personal data outside the EEA.
- Encryption: Data is encrypted both in transit (using TLS/SSL) and at rest to prevent unauthorized access.
- GDPR-Compliant Terms: Our processors provide GDPR-compliant terms of service and maintain appropriate technical and organizational security measures as required by GDPR Article 28.
- Limited Access: Processors only have access to the minimum data necessary to perform their specific functions.
Changes to This List
We may update this list of data processors from time to time as we add or remove services. In accordance with our Data Processing Agreement, changes to sub-processors will be posted to this page and communicated to customers in writing at least thirty (30) days prior to taking effect. The "Last updated" date at the top of this page indicates when changes were made. We encourage you to review this page periodically to stay informed about which processors handle your data.
Questions
If you have questions about our data processors or data protection practices, please contact our Data Protection team at legal@hiassessments.com.