// Trust & Security Report
Deel, Inc.
Global HR, Payroll, Compliance and Workforce Management Platform
Certifications held
10
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on deel.com“ISO/IEC 27001 certification demonstrates our rigorous adherence to the highest international standards of security.”
Verify on trust.deel.com“ISO 27701 listed under Compliance on Deel Trust Center”
Verify on deel.com“Deel's financials and internal controls, data protection processes, and security procedures are up to the rigorous AICPA standards.”
Verify on deel.com“Deel's controls pertaining to security, availability, confidentiality, processing integrity, and privacy adhere to the Trust Services Criteria guidelines.”
Verify on deel.com“Deel is GDPR compliant—ensuring the highest level of protection for personal data.”
Verify on trust.deel.com“CSA STAR Level 1 listed under Compliance on Deel Trust Center”
Verify on trust.deel.com“EU-US DPF listed under Compliance on Deel Trust Center”
Verify on trust.deel.com“EU AI Act listed under Compliance on Deel Trust Center; AI Governance section includes Deel ATS Bias Audit and ATS AI Governance Documentation”
Verify on deel.com“PCI DSS not explicitly listed in reviewed documentation, though Deel processes global payroll payments. No formal PCI DSS certification page found.”
> Show 1 unconfirmed / not-held certifications
source: trust.deel.comHIPAA not listed in any Deel trust center, security, or compliance documentation reviewed.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Primary: AWS Ireland (EU). Disaster recovery: AWS France (EU). Deel processes data globally as an HR platform for 150+ countries.
Deel AI Terms of Service (updated Oct 2023) state interactions are collected to improve service but explicitly claim customer conversations and organisation data are never shared with external learning models. Deel AI uses OpenAI LLM for general knowledge but asserts customer data remains inside Deel. The ToS clause 'We collect and store user interactions to improve the service' introduces some ambiguity about internal product-improvement use, but external AI model training is explicitly denied. Customers with stricter requirements should request contractual confirmation via the DPA.
// Security controls
Penetration testing
Annual Web and API Pentest Attestation Letter (2025 edition available under NDA via Trust Center). SOC reports include pentest findings.
trust.deel.comBug bounty / responsible disclosure
No public bug bounty program found on HackerOne or Bugcrowd. No published responsible disclosure policy page identified. Likely handled privately or via VDP not surfaced publicly.
trust.deel.comAccess control
Okta SSO, JumpCloud MDM, Lumos RBAC, least-privilege and periodic access reviews
deel.comBusiness continuity / DR
Business continuity plan with exercises; redundancies and failover capacities; DR site in AWS France
trust.deel.comSecurity ratings (third-party)
Bitsight: Advanced rating. ImmuniWeb: A. Qualys SSL Labs: A+.
trust.deel.comAI governance
Dedicated AI Governance section in Trust Center: ATS Bias Audit, ATS AI Governance Documentation, CV-to-Job Matching Explainability Documentation
trust.deel.comEmployee security training
Quarterly security compliance and privacy training required for all Deel team members; supplemental training for those accessing customer data
deel.com// Products & data scope
data: Employee PII, salary, tax, and banking data for 150+ countries. Handles sensitive financial data; SOC 1 Type II directly covers payroll controls.
Local and global payroll; 150+ currencies. Highest data sensitivity tier within the platform.
data: Employee records, org charts, time-off, performance data. Standard HR PII.
Full HRIS for every worker type. Covered under SOC 2 and ISO 27001.
data: Candidate PII, CVs, interview notes. Subject to EU AI Act bias audit requirements.
Deel has published an ATS Bias Audit and AI Governance Documentation specifically for the ATS CV-to-Job matching feature, indicating EU AI Act compliance awareness for high-risk AI use cases.
data: Device inventory, hardware specifications, device access logs.
MDM solution for remote and global teams. Lower compliance sensitivity than payroll.
data: Enrollment data, benefit plan selections, deduction syncs. May include health benefit selections in US markets.
No HIPAA certification found; US customers using health benefits should evaluate whether HIPAA BAA is available.
data: Passport data, visa applications, immigration documentation. Very high sensitivity PII.
In-house visa handling; data processed in EU under GDPR. Highest PII sensitivity product after Payroll.
data: Platform interaction data, HR queries, payroll approval flows. Powered by internal models and OpenAI LLM for general knowledge.
Separate AI Terms of Service. Vendor claims customer data is not shared with external AI training systems. Governed by EU AI Act compliance posture. Actionable AI for hiring, payroll, and IT flows.
data: Same as underlying products (Payroll, HR, Hire) accessed via API by third-party platforms.
Used by platforms like Cocoroco to automate hire, contract, and payment. Data scope and compliance inherited from the underlying Deel services used.
// What to watch
- AI ToS clause 'We collect and store user interactions to improve the service' is ambiguous about internal product-improvement data use even though external model training is denied. Customers in regulated industries should request written DPA confirmation.
- No public bug bounty or published responsible disclosure policy found on HackerOne, Bugcrowd, or deel.com. Pentest attestation letter exists but requires NDA access via Trust Center.
- HIPAA compliance not listed. Deel Benefits product may handle US health benefit data; HIPAA applicability should be confirmed for US healthcare or benefits-heavy deployments.
- EU AI Act compliance listed in Trust Center for the ATS product specifically. Other AI features (Deel AI) may be subject to EU AI Act depending on use case classification; customers should review AI governance docs.
// At a glance
Pricing model
Subscription / per-seat; enterprise pricing negotiated. Dedicated pricing page at deel.com/pricing.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Deel, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.deel.com