To comply with privacy and consent regulations, you can anonymize candidate data when requested by the candidate, after a candidate has been hired , or after a candidate has been rejected from all applications — at a time specified by you and your legal team.
Note: As is the case with other features that help your offices be compliant with your applicable privacy and consent regulations, we advise that you seek legal counsel before configuring the details of this feature.
Greenhouse Recruiting allows your organization to control the data retention timeframe, the data that will be deleted to anonymize candidates, and notifications on a per-office basis with our data retention rules.
Create a data retention rule
Data rules for hired and rejected candidates are created separately, but follow a similar process.
First, click the Configure icon on your navigation bar, and select Privacy & Compliance on the left.
To create a data retention rule for hired candidates, scroll to Data retention rules for hired candidates and select the pencil icon.
Notes:
- Hired candidate retention rules apply to you whole organization and cannot be configured by office.
- Hired candidate data retention rules are only available for organizations using single purpose consent.
To create a rule for rejected candidates, scroll to Data retention rules for rejected candidates, then click "Create."
Configure data retention period
Use the provided field to input how long (in days) your organization wishes to retain candidate personal data after they have been hired or rejected on all applications.
Note: If a rejected candidate is converted into a prospect for a different job or is otherwise being considered for another job, the data retention timer will be deactivated and reset. Likewise, if a job is moved to an office without a rejected candidate retention rule, the data retention timer for candidate personal data will also be deactivated.
The data retention timer starts when a candidate is hired or rejected on all job applications. It's applied retroactively to all hired or rejected candidates. You will receive an email immediately if candidates in your system already exceed the data retention period.
Example: If you activate the data retention timer on May 25, 2026, and set the period for 365 days, you will receive an email immediately after activation to delete candidate personal data for any rejected candidates who were rejected on or prior to May 25, 2025.
Configure data retention rule offices for rejected candidates
Select the offices that will be impacted by this rule by clicking the checkbox beside the office name.
Note: Because unattached prospects aren't associated with offices on Greenhouse Recruiting, to ensure unattached prospects meet your data retention rule, choose "All Offices" for the data retention rule offices.
Configure data to be deleted
Use the Data to be Deleted table to select what personal data will be used to anonymize candidates.
Read the comprehensive list of data that can be deleted and its impact here: Data to delete glossary.
Note: Any personal data deleted won't show up in reports.
Note: Selecting Name and Pronunciation Recording from the Data to be Deleted panel anonymizes the candidate throughout the system except for the candidate's Activity Notes. To remove a candidate's name from Activity Notes as well, select Activity Notes on Data to be Deleted.
Configure data retention rule notifications
Deleting a candidate's personal data must be done manually. Once the data retention timer has lapsed for candidates hired or rejected on all job applications, a specified user is notified that they should manually delete the data.
To configure the notification to delete candidate personal data, navigate to the Notifications to Delete Data section.
Select the users who should be notified.
Select the time, time zone, and on which days you'd like notifications to be sent out.
When finished, click Save to save the date retention rule.
Your new data retention rule is now added to your configuration. Repeat this process to add additional rejection rules to your organization.
Recipients are notified by email when candidates' personal data should be deleted.