Gaia Trust Centre

Trust through Transparency

_{Gaia is built for forward-thinking organisations that expect accountability, integrity, and compliance. This Trust Centre outlines how we protect customer and candidate data, uphold regulatory standards, and ensure the responsible use of AI across our platform.}

_{We are proud to be ISO/IEC 27001:2022 certified, and we operate a security, privacy, and governance programme designed to meet the expectations of enterprise, public sector, and international compliance teams.}

Security

_{Gaia’s infrastructure and operations are protected by robust, independently audited controls.}

• _{ISO/IEC 27001:2022 certified Information Security Management System (ISMS)}
• _{Hosting on UK-based AWS (London Region)}
• _{Encryption in transit and at rest}
• _{Role-based access control (RBAC) and MFA for all privileged systems}
• _{Daily backups, disaster recovery plans, and environment separation}
• _{Penetration tests conducted annually}
• _{Real-time monitoring and alerting}

_{📩 Request security documentation via trust@iamgaia.com}

Compliance

_{Gaia is compliant with global and regional data protection standards, including:}

• _{UK GDPR and the Data Protection Act 2018}
• _{EU GDPR (where applicable)}
• _{CCPA (for California-based users)}
• _{UK public sector and local authority procurement standards}

_{We maintain Article 30 records, conduct Data Protection Impact Assessments (DPIAs), and follow least-privilege access models across all services.}

_{📄 View Privacy Policy
📄 View DPA}

Responsible AI Use

_{Gaia uses AI in its advertising bidding, optimising campaign performance, retargeting, targeting, channel suggestions, content creation and engagement with our products. However:}

• _{We do not use AI to screen or reject candidates}
• _{All final outputs are human-reviewed before being published}
• _{No customer or candidate personal data is used to train AI models}
• _{Bias is proactively monitored and mitigated through platform-level auditing}
• _{Recommendations can be reviewed, overridden, or disabled by users}

_{📄 View AI Compliance Statement}

Subprocessors

^{We only use subprocessors who meet strict security and compliance standards. All data is hosted within the UK, and no personal data is transferred internationally.}

^{Subprocessors support our infrastructure, platform delivery, and advertising execution. All contracts include:}

• ^{Confidentiality and security obligations}
• ^{Data processing restrictions under UK GDPR and/or SCCs where applicable}
• ^{Ongoing due diligence and regular reviews}

📄 _{View List of Current Subprocessors}

Candidate Data

_{When candidates apply via GaiaPages or GaiaChat:}

• _{Gaia acts as a Data Processor}
• _{The employer is the Data Controller}
• _{Candidate data (e.g. name, CV, contact details) is securely stored in the UK}
• _{Data is retained for a maximum of 12 months unless otherwise agreed}
• _{No data is reused, sold, or made accessible to other clients}

_{Candidates are required to accept Gaia’s Privacy Policy and Terms of Service before submitting any application.
‍
📄 Review Terms of Service}

Documentation Access

_{We offer on-request access to the following documentation:}

• _{ISO 27001 certificate}
• _{Penetration test summaries}
• _{Completed security questionnaires}
• _{Data Protection Impact Assessments}
• _{Security policies}

_{To request documentation, please contact:
📩 trust@iamgaia.com}

Contact

_{Socially Recruited Ltd (trading as Gaia)
Company Number: 10942594
Registered Address: 2 Eastbourne Terrace, London, W2 6LG
Email: trust@iamgaia.com}

‍