Idonara is a UK recruitment platform that runs the whole of hiring — from writing the advert to a new starter's first day. AI does the heavy, repetitive work, such as reading every application, scheduling and paperwork, and a person always makes the final hiring decision.

Does Idonara let AI make hiring decisions?

No. Idonara surfaces the strongest candidates and explains why, but a person always makes the decision. Candidates can request human review in line with UK GDPR Article 22.

Does Idonara score candidates by face, voice or video?

No. Idonara never runs robot interviews and never scores a face, voice or video. It reads what people wrote and weighs candidates on skills and experience.

Where is candidate data stored?

Candidate data stays in the UK. Each customer's data is kept in its own sealed, per-tenant space and is not mixed with anyone else's.

Trust & security

We built the vault before we filled it.

Most software is built first and secured later. We did it the other way round. Before a single candidate record existed, Idonara was running on the isolated, audited cloud foundations that AWS recommends for banks and government. When you hand us your candidates' data — sometimes their most personal information — that trust is the most important thing we hold. Here's how we protect it, in terms you can check.

Show me Idonara on one of my roles Talk to our security team

UK data residency · Per-tenant isolation · Human-in-the-loop · GDPR Article 30 record

The promise

Trust you can verify — not just a badge in the footer.

Everything below is a real control, not a marketing line. Preventive controls stop problems by design; a complete, tamper-proof record catches anything that matters; and you — never a machine alone — decide anyone's future. If your IT, security or data-protection lead wants to go through any of it line by line, we'll welcome the conversation.

In plain English

How we protect your data

Six controls that are live today — described the way we'd explain them to a person, with the engineering detail one click away in the overview.

Complete data segregation

Each organisation's data lives in its own sealed space — never pooled, never mixed with anyone else's. It's checked automatically every time we ship a change.

Your data stays in the UK

Pinned to the UK, with guardrails that actively block anything being created outside approved UK regions. Residency is enforced at the platform level, not merely promised. (Configurable UK/EEA residency where a customer needs it.)

Encrypted everywhere — with extra cover where it counts

Data is encrypted at rest and in transit. Sensitive equality and diversity information gets its own dedicated key, is never stored in plain text, never written to logs, and is only ever shown as anonymous totals.

A trail no one can quietly edit

Everything that happens is logged to an isolated archive that operators can't alter, checked for integrity on a schedule and retained. When someone asks how a decision was made, the answer is already on record.

Privacy engineered in

We keep your record of how candidate data is collected and used current and audit-ready. Candidates can see, correct, download or delete their own data — and ask for a human review of any decision.

You always decide

Idonara makes no fully-automated hiring decisions. AI surfaces and explains; a recruiter reviews and decides; candidates have a clear route to contest. Fair, accountable, contestable.

Certifications — where we are, honestly

We'd rather tell you the truth than flash a badge we haven't earned.

Idonara is designed and operated to align with UK GDPR, the Data Protection Act 2018, the NCSC Cloud Security Principles, and the control expectations of ISO 27001 and SOC 2 — so adopting Idonara supports your own assurance requirements rather than adding to them.

On our roadmap — in progress, not certified

Independent certification — Cyber Essentials Plus, ISO 27001, and SOC 2 — is on our roadmap. The controls underneath are live today and open to your team's inspection now. We'll tell you exactly where each certification stands, in writing, whenever you ask.

Cyber Essentials PlusIn progress
ISO 27001In progress
SOC 2In progress

Live and inspectable today

Certificates take time. The controls don't have to. Here's what your team can review right now.

Secure-first AWS foundations — the isolated, audited cloud pattern recommended for banks and government
UK data residency, enforced at the platform level
Complete per-tenant data segregation, checked on every change
Encryption at rest and in transit, with a dedicated key for equality data
A tamper-evident audit trail, integrity-checked on a schedule
GDPR Article 30 record kept current and audit-ready
You — never a machine alone — make every hiring decision

For your security team

Bring us your questionnaire. We've done the homework.

We'll walk your IT, security or data-protection lead through the architecture, our data-protection record, and the controls above — line by line. The full Security & Governance Overview is available on request, and it's written to pre-answer the bulk of a standard security review.

Questions

Trust & security FAQ

Are you ISO 27001, SOC 2 or Cyber Essentials certified?

Not yet, and we will never say otherwise. Independent certification — Cyber Essentials Plus, ISO 27001 and SOC 2 — is on our roadmap. Idonara is already designed and operated to align with the control expectations of those standards, and the controls underneath are live today and open to your team’s inspection now. We’ll tell you exactly where each certification stands, in writing, whenever you ask.

Where is our candidate data stored?

In the UK. Data is pinned to UK regions, with platform-level guardrails that actively block anything being created outside approved UK regions — residency is enforced, not merely promised. Configurable UK/EEA residency is available where a customer needs it.

Is our data kept separate from other customers?

Yes. Each organisation's data lives in its own sealed space — never pooled, never mixed with anyone else's — and that segregation is checked automatically every time we ship a change.

Does Idonara make automated hiring decisions?

No. Idonara makes no fully-automated hiring decisions. AI surfaces and explains; a recruiter reviews and decides; candidates have a clear route to contest. Fair, accountable, contestable.

How do you handle a security questionnaire?

Bring it to us — we've done the homework. We'll walk your IT, security or data-protection lead through the architecture, our data-protection record, and the controls above, line by line. The full Security & Governance Overview is available on request and is written to pre-answer the bulk of a standard security review.

See the controls in action — on one of your own roles.

The fastest way to judge our security is to put a real role through Idonara and have your security lead inspect what happens. Request the Security & Governance Overview at the same time.

Show me Idonara on one of my roles Talk to our security team