HiBob takes data security seriously. We put security measures and maintain policies and procedures to comply with required data security standards and continue to take all the necessary measures to improve our information security level.

HiBob is ISO 27001:2013, ISO 27018:2019, SOC1 Type 2 and SOC2 Type 2 certified. We share personal information with 3rd parties only per our Privacy Policy, and store the data on a trusted service provider, Amazon Web Services, which is ISO 27001 certified and one of the world’s leading cloud-based services.

The data is stored in Ireland and Germany, allowing you to meet European regulations. Sensitive data is encrypted using an individual per-customer AES-256 based encryption key.

How long does Bob hold employee data?

We hold the data for as long as the accounts are active. If you discontinue the use of Bob, we will hold your data for 30 days, then delete it after the 30-day period including backup data.

Your company is in charge of managing your data. HiBob does not delete data otherwise.