Security, GDPR and data protection
Employee data is sensitive by default. Here's exactly what TeamHero does to protect it — no hedging, no marketing gloss.
GDPR compliance
Full compliance with the GDPR and industry data protection standards. All employee data processing is transparent and documented.
Data residency in the EU/EEA
All data is stored on servers located in the European Economic Area (EEA) — not transferred outside it.
Encryption in transit
SSL/TLS encryption is used for every connection to TeamHero, by default, on every plan.
SSO on every plan
Single sign-on (SAML, OIDC, Okta, Azure AD, Google Workspace, Microsoft 365) is available on every tier, including the free plan — not gated behind an enterprise upsell.
DPA on request
A signed Data Processing Agreement is available on request for companies that need one for their own compliance review.
No hidden scoring, AI is disclosed
There are no hidden individual employee scores. Employees are always told when they're interacting with AI rather than a person.
Access control, audit, and AI governance
Roles and permissions, an audit log, and controls over what the AI agent can and can't do are covered in depth on the administration and security feature page — built for IT and security review, not just HR.
See administration and security detailsFrequently asked questions
Legal documents: Privacy Policy · Terms of Service · SLA · Cookie Policy
Have a security questionnaire to send us?
Email hello@theteamhero.com — we'll send our DPA and answer procurement questions directly.
