Greenhouse
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 1 Type II Annual third-party audit. | Verified | vendor source ↗ | June 10, 2026 |
| SOC 2 Type II Annual third-party audit; report available via trust portal. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 Certified for ISO 27001:2022. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27701 ISO 27701:2019 privacy information management. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 42001 ISO 42001:2023 AI management systems. | Verified | vendor source ↗ | June 10, 2026 |
| PCI DSS Mentioned on the security page only in a list of data privacy regulations alongside GDPR/CCPA — scope unclear, so kept as reported. | Reported · pending verification | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Greenhouse have SOC 2?
Subprocessors
Subprocessor extraction for Greenhouse is pending.
Hosting & data residency
- InfrastructureAmazon Web Services
- Data residencyCross-border transfers covered by EU-US DPF, UK Extension, and Swiss-US DPF (per security page, 2026-06-10); no customer-selectable residency stated.
Trust documents & links
- Trust centerhttps://trust.greenhouse.com
- Security pagehttps://www.greenhouse.com/security
- DPAnot yet recorded
- Status pagehttps://status.greenhouse.io
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added with a verified initial snapshot: SOC 1 Type II, SOC 2 Type II, ISO 27001:2022, ISO 27701:2019, and ISO 42001:2023 confirmed against greenhouse.com/security (fetched 2026-06-10). PCI DSS kept as reported — scope unclear on the page.