Industry-leading data security to protect your students’ data
More than 1,500 universities in the EU, UK and US trust Handshake to safeguard their students' personal information, and their students throughout their career search. At Handshake, we're committed to delivering industry-leading privacy and security infrastructure with transparency. We ensure the information we receive is handled with care, and complies with all applicable standards, laws and regulations globally.
Students control their own data
Simple, clear settings give students full control over which aspects of their profile are visible. They can update their privacy setting at any time.
Fully GDPR compliant
As a leading global organisation that manages personal data, Handshake adheres to all applicable data protection regulations, including the General Data Protection Regulation (GDPR). Handshake will never sell students' data or personal information. For European partners all personal data processed by Handshake is hosted in the EU, with primary data hosting in Germany to deliver leading security infrastructure for our partners and all our users.
Highest data protection standards
Universities are in control what data they share with Handshake. We work closely with universities to maximise the impact of their career services without compromising student privacy. Students are full control over what data they share. Handshake’s commitment to protecting data privacy goes beyond basic compliance; we continuously evaluate and refine our processes and policies to lead the industry in responsible data stewardship, continuous employer screening, and full student control.
Data & security FAQs
Is Handshake GDPR compliant?
As a leading global organisation that manages personal data, Handshake adheres to all applicable data protection regulations, including the General Data Protection Regulation (GDPR).
How does Handshake ensure the security of processed data?
At Handshake, security is a core element of our platform, infrastructure, processes, and team culture, ensuring the protection of data for our partners and users. The following summary outlines some of the principal actions Handshake takes to safeguard processed data, with detailed information available in the Security section of this guide.
Handshake operates separate platforms in Europe and America. Our European platform, hosted on Google Cloud, ensures that all data managed through it is: Stored in Germany Secured in transit with TLS 1.2 or higher Encrypted at rest using 256-bit AES encryption or stronger In line with the least-privilege principle, Handshake carefully controls access to processed data. By default, team members do not have access to processed data and access is regularly audited. Our team is based in the EU, UK and USA, with our European product and engineering teams primarily based in Berlin. Our security measures include rigorous testing for vulnerabilities in every build, covering the top ten application security risks also known as the OWASP top 10.
Where is Handshake data stored?
Our European platform operates on Google Cloud, with data storage located in Germany. Our commitment is to store and process personal data collected via our services within the EU or UK whenever feasible. Should there be a need to manage personal data outside the UK and EU, Handshake implements all necessary measures to ensure that data subjects continue to receive protection mirroring the EU data protection standards.
To deliver some of our services, Handshake utilises third parties who we may share data with. Our List of sub-processors provides details of the services, purpose, data categories and storage location of any data transfers to third partners.
Handshake has a well defined vendor risk management program and security personnel to review the security posture of third party services as part of its procurement process to limit the scope of the data transferred and ensure comparable confidentiality and Data Processing Agreements (DPAs) are in place in order to meet the requirements of the GDPR.
Do students have control over their personal data?
In accordance with GDPR, individuals retain control over their personal data. Handshake processes data solely as outlined in our Privacy Policy and Terms of Service, and in alignment with Data Processing Agreements established with university partners.
Our product and security teams are dedicated to embedding GDPR's informed consent best practices within the Handshake platform. We honour students' rights to their personal data and are committed to collaborating with universities to enhance the effectiveness of their career services while safeguarding student privacy.
How does Handshake use personal data?
Handshake processes personal data solely to deliver the most valuable and effective services to all users of our platform. The use of personal data varies depending on the interactions of our partners and users with Handshake, the services they utilise, and their chosen preferences. With regard to our European customers and users we ensure that personal data is only processed within the boundaries of the GDPR. Handshake is committed to privacy and will never sell personal data to third parties.
Data and protection at Handshake
Highest data protection standards
All our UK customers’ data is stored in Europe, with primary hosting in Germany, where the strictest governance around data protection and security is adhered to.
In-house Trust & Safety team
Trust and Safety experts at Handshake investigates inquiries and activity, reviews and moderates content, and informs the community of best practices to keep your students safe. Our Trust & Safety team is instrumental in our Employer Validation process. We’ve partnered with Sift and Google’s webrisk API to provide an effective validation process. Sift is an industry leader in digital trust and safety, detecting and removing any fraud as soon as it appears. Our Trust & Safety team work with any employers that require manual validation sourcing supporting documentation or evidence from employers which may include: Endorsement from a university partner Proof of personal identity, e.g. driver’s licence, passport Proof of affiliation with company, e.g. business licence
Industry-leading security infrastructure
Handshake uses top-of-the-line security infrastructure at the software and network levels, to ensure that student data is always encrypted at rest, responsibly stored, and transmitted securely. This includes the use of TLS/SSL protocols, 256-bit AES data encryption, API call-level authentication, and modern DDoS mitigation controls.
Secure single sign-on
Handshake supports modern single sign-on (SSO) options, to ensure your students can enjoy safe, simple access to the platform from any secure identity or device. Our authentication process supports the following SSO protocols, among others: SAML, SAML 2.0, Shibboleth, LDAP, CAS, and TFA.
Security comes standard
Handshake’s secure single sign-on, full encryption at rest, and encrypted data transfer solutions are all included in the flat price of subscription.