Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Personio

VERIFIED
HR & people · Germany
Founded 2015 · personio.com ↗

Munich-based HR flagship for European SMBs (founded 2015); ISO 27001 + SOC 2 + TISAX; ~$770M US-VC-funded.

Why this score?

Personio (Munich DE, founded 2015) is the European HR flagship — ISO 27001 + SOC 2 + TISAX, AWS Frankfurt hosting, ~14K customers — but $770M+ raised across 8 rounds led by Lightspeed Venture Partners (US), Index Ventures (US/UK), Accel (US), Greenoaks (US), giving US VCs durable control and CLOUD Act-relevant influence; ownership signal eu_hq_us_funded.

SCORE
3.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
JUMP TO
OVERVIEW

About Personio

**Personio** (Munich, Germany, founded 2015) is the most-funded European HR-tech company — $770M+ across 8 rounds — and serves ~14,000 European SMBs (10-2,000 employees) with payroll, recruiting, time tracking, and people management. The compliance posture is strong: **ISO 27001 + SOC 2 + TISAX**, AWS Frankfurt hosting, EU-only data residency. The ownership-side caveat is straightforward: cap table is **US-VC-dominated** — Lightspeed Venture Partners (US) led Series C, with Index (UK/US), Accel (US), Greenoaks (US), and Lakestar (CH) all on the books. For DACH compliance buyers this is the canonical "German HR vendor, US capital" trade-off.
SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
SOC 2
ACTIVE
Informational · US framework
FEATURES

Capability matrix

INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
Custom pricing

Contact vendor for tier or volume pricing.

View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement — this caps the compliance score (see How we score).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
ALTERNATIVES

Alternatives in this category

Lucca
France

French sovereign-cloud HR platform (Nantes / Paris, est. 2002); SecNumCloud + ISO 27001; 1M+ users incl. AXA, Deezer.
Sage HR
United Kingdom

Sage Group plc's HR cloud product (formerly CakeHR from Riga, acquired 2019); UK-public parent, modular SMB HR.
Factorial
Spain

Spanish HR + payroll + finance SaaS (Barcelona, est. 2016); 16K+ customers, ISO 27001 + SOC 2 + AWS EU, US-VC-funded.
See all hr & people alternatives →