Trust centre

We are delighted to share the Sapia.ai SOC 2 Type 2 report for the period December 1, 2024 to November 30, 2025. This has been uploaded to the portal and is ready to view by interested parties at https://security.sapia.ai/item/soc-2-report.

We are delighted to share the Sapia.ai SOC 2 Type II report for the period December 1, 2023 to November 30, 2024. This has been uploaded to the portal and is ready to view by interested parties at https://security.sapia.ai/item/soc-2-report.

Sapia.ai is adding subprocessor Datadog, Inc. from 1 December 2025 and we are providing this notice to all customers as part of our ongoing commitment to transparency and trust. This subprocessor is only used for customers who choose to use our Chat Pro products and is therefore 'opt-in'.

Vendor Name: Datadog, Inc.

Processing Location: Australia, Ireland or USA (the same region as your existing Sapia account)

Purpose of Processing: We partner with Datadog in order to provide improved reporting and monitoring of LLM activity, allowing us to monitor, troubleshoot, and optimise application performance

Data Processed: Any written text input to our generative AI products e.g. a job description added to JAS. We will also ingest any written responses to interview questions provided by candidates.

As this new sub-processor may process your organisation’s “personal data”, as defined under the European Union’s General Data Protection Regulation (GDPR), in connection with the services and products that Sapia.ai provides, this shall serve as notification that Datadog, Inc. will be added as a new sub-processor.


All information shall be maintained by our sub-processor(s) as confidential information under the terms of our sub-processing agreement.


Our compliance team has reviewed Datadog to ensure they meet our cyber security requirements. Datadog holds ISO 27001 certifications along with an ongoing SOC 2 Type II examination. They also comply with GDPR. Our compliance team continues to audit our subprocessors regularly to ensure ongoing compliance, as detailed in our Vendor Management Policy.

Our complete sub processor list can be viewed at this page.

If you have any questions, please reach out to us at privacy@sapia.ai

We have updated our subprocessor list, effective 11 June 2025.

The only change is to the Affiliates and Support & Service Providers list. We removed People 2.0 Singapore Pte Ltd and Horizons Global Technology Europe B.V, with whom we are no longer engaged. We have added XLR8 Go To Market Partners, LLC, with who we work for sales activity. XLR8 do not handle any customer data.

The full list can be reviewed at https://sapia.ai/subprocessors.

Sapia.ai has added subprocessor monday.com.

Monday.com is a project management tool used mainly by our Customer Success Team. No candidate personal data is shared. This subprocessor is only used in the administration of our business. If customers wish to collaborate with Sapia.ai in the tool, we can invite named contacts, in which case we share the customer's name and email address with this subprocessor. There is no obligation by customers to accept this invite.

Our security team has reviewed monday.com to ensure they meet our cyber security requirements. Monday.com holds ISO 27001 certifications along with SOC2 and fully complies with GDPR. Our security team continues to audit our subprocessors to ensure ongoing compliance regularly.

We are excited to announce that Sapia.ai has achieved ISO/IEC 42001:2023 certification. Developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 42001 is a standard that outlines the process for establishing, implementing, operating, monitoring, reviewing, and maintaining an Artificial Intelligence Management System (AIMS).

To validate conformity and certify Sapia.ai’s AIMS against the ISO 42001 standard, we engaged our Certification Body, Sensiba LLP to perform our certification audit. We are very proud of this achievement as a demonstration of our commitment to responsible AI management for our customers and stakeholders.

You can view our certificate at https://security.sapia.ai/item/iso42001 or the full report (under NDA) at https://security.sapia.ai/item/iso-42001-report.

We are delighted to share our latest Web Application Penetration Test report, which follows detailed testing conducted by CyberCX between February 5th and 21st, 2025.

The test identified five vulnerabilities rated MEDIUM and six were rated LOW.

We have commenced remediation work, focusing first on the medium-risk vulnerabilities. We commit to remediating all vulnerabilities in accordance with our published Vulnerability Management Policy.

The report is available for viewing at https://security.sapia.ai/item/pentest-report.

Annual penetration testing of the Sapia.ai platform took place between February 2 and February 16, 2024. The results are now available in the report available in our Trust Center: https://app.safebase.io/portal?itemUid=722b9671-c0d5-4a19-a5f7-0ad8fd81307c.

Overall, the applications were found to be secure, yielding no significant security vulnerabilities that would impact the confidentiality or integrity of application data. Minor vulnerabilities raised present unlikely attack vectors or are of minor consequence. We will review these minor vulnerabilities and remediate them where necessary.

We are delighted to share the Sapia.ai SOC 2 Type II report for the period December 1, 2022 to November 30, 2023. This has been uploaded to the portal and is ready to view by interested parties.