Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Factorial

VERIFIED
HR & people · Spain
Founded 2016 · factorialhr.com ↗

Spanish HR + payroll + finance SaaS (Barcelona, est. 2016); 16K+ customers, ISO 27001 + SOC 2 + AWS EU, US-VC-funded.

In short

Factorial, in the HR & people category, offers EU hosting with Germany as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.

Assessment notes

Factorial (Barcelona ES, founded 2016) is ISO 27001 + SOC 2 Type II certified with AWS EU hosting and 16,000+ customers; cap table includes Tiger Global, CRV, General Catalyst, GGV (all US VCs) plus Atomico (UK) and Creandum (EU). Material US-VC funding flips signal to eu_hq_us_funded and creates CLOUD Act influence.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Factorial

Factorial (Barcelona, Spain, founded 2016 by Jordi Romero, Pau Ramon, and Bernat Farrero) is a fast-growing Iberian HR-and-business-management SaaS: 16,000+ customers across HR, payroll, time tracking, talent, finance, and IT modules. Compliance: ISO 27001 (ENAC), SOC 2 Type II (AICPA), AWS EU hosting. The product is genuinely Spanish-built, but the cap table is heavily US: Tiger Global, CRV, General Catalyst, GGV lead recent rounds, with Atomico (UK) and Creandum (EU) as European voices. For procurement evaluation Factorial is "Spanish-operating, US-VC-controlled", similar to Personio's posture.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
SOC 2
ACTIVE
Informational · US framework
FEATURES

Capability matrix

Payroll Yes
Time tracking Yes
Employee records Yes
Time-off / leave Yes
Recruiting (ATS) Yes
Onboarding Yes
Performance reviews Yes
Org chart Yes
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
from €7/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
ALTERNATIVES

Alternatives in this category

HiBob
United Kingdom · Founded 2015
EU-HOSTED

Israeli-founded modern HRIS for mid-market (Tel Aviv + London); 5,000+ customers, heavy US VC, mostly listed for completeness.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL
Lucca
France · Founded 2002
EU-SOVEREIGN

French sovereign-cloud HR platform (Nantes / Paris, est. 2002); SecNumCloud + ISO 27001; 1M+ users incl. AXA, Deezer.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
NONE
Personio
Germany · Founded 2015
EU-HOSTED

Munich-based HR flagship for European SMBs (founded 2015); ISO 27001 + SOC 2 + TISAX; ~$770M US-VC-funded.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL