Week 29
Data centre infrastructure within the EU
Security and compliance

Built within the EU, ready for the regulation.

Week 29 is an intelligence layer on top of your ATS. We process candidate data as a processor, within the EU, with the human kept in the decision.

Traceability and control

Every decision can be explained and audited.

Built for the EU AI Act from the start. Here is what it looks like from your ATS to your decision.

Your data never leaves the EU

Everything runs in Sweden with backups within the EU.

Assessment without names

Names are hidden before any AI sees the application, and shown again only after the match.

You always make the decision

Every suggestion comes with an explanation, and that cannot be switched off.

Security and architecture

Secure architecture, from ATS to decision.

The whole pipeline built within the EU. The human makes the decisions.

source
Your ATS
Your existing systems
pipeline
Pseudonymisation
Protection layer before AI
model
AI model
Established LLM within the EU
destination
Your team
You make the decision

Your data is isolated from others. Everything is stored within the EU.

Customer isolationHumans in the decision

Where data lives

All data is stored in Sweden and never leaves the EU. Technically: everything runs on Microsoft Azure with Sweden Central as the primary region and backups within the EU, and your data is kept separate from other customers.

Pseudonymisation before AI

Before the AI sees anything, we hide names and contact details. CVs and source material are split into smaller pieces and pseudonymised before they reach the AI model, which only sees attributes and pseudonyms. Names appear again in the interface only after the matching.

The human makes the decision

Recruitment AI is classified as high risk under the EU AI Act. Our starting point is that humans make the decisions. The platform provides evidence, ranking and explanations. Decisions that affect a person are always made by a human.

Every hit comes with a justification. Explainability is built in, not retrofitted.

Roles and responsibilities

  • Your candidate data is yours. For the processing in the platform we act as processor and you are the controller.
  • The processing is governed by a data processing agreement with documented instructions, the agreement GDPR requires between you and a vendor.
  • We never train models on your candidates without documented consent.

What we do not claim

We do not claim 100 percent compliance and we are not ISO 27001 certified. We show the documentation per processing activity and tell you what is in place and what is on the way.

If you want to go deep on architecture and compliance, we walk through it in a demo.

Your data, our engine

Want to see it on your own data?

We run the same search live on one of your real roles.

30 minutes in your own flow. You pick a real role, we run the search live.

Need to get internal buy-in?

The film, 2 minSecurity and GDPRWhat the EU AI Act means for recruiting