Back to blog
HR TechAIrecruiting

AI CV parsing: the candidate data leaks nobody checks

Published on 2026-04-164 min readCleanIssue

> TL;DR: AI-based CV parsing tools send candidate data to third-party services. What it means for GDPR and security.

How do you prevent candidate data leaks in AI-powered CV parsing?

A CV analyzed by AI travels further than you think

Many modern ATS tools send CVs to an AI API to extract information. That API is often in the US, sometimes without a signed DPA.

For more — see our payroll software security review.

The three questions to ask

  • where are CVs sent, and in which country are they processed?
  • is there a GDPR-compliant processing agreement with the vendor?
  • is the data reused to train models?
  • What the regulator looks at

    GDPR requires a legal basis, clear candidate notice, and a framed transfer if data leaves the EU. An ATS without precise answers here is taking real risk.

    For HR & Payroll vendors

    CleanIssue specializes in security reviews for HR, payroll, and recruiting software. If you're building an HRIS, payroll tool, or ATS and want an external review of your exposure before a client audit or security questionnaire, see our offer for HR & Payroll vendors.

    Key Takeaways

  • Identify and test your exposed attack surfaces before a third party does.
  • Client-side security controls never replace server-side validation.
  • Regular audits are more effective than one-time checks — vulnerabilities appear with every deployment.
  • Building HR, payroll, or recruiting software? CleanIssue performs security audits for HR SaaS in real-world conditions, no source code access needed. For a first read of your exposure, start with an external review of your application.

    Sources

    Written by CleanIssue
    Reviewed on 2026-04-16

    Editorial analysis based on official vendor, project, and regulator documentation.

    Related services

    If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.

    Need an external review of your HR SaaS?

    Share your product, stack, and client context. We will come back with the right review scope.

    Discuss your audit