What Happens to Candidate Data When Your ATS Shuts Down

When an ATS vendor shuts down, your candidate data becomes someone else's problem to resolve under time pressure. Legally, you remain the data controller — responsible for every candidate record, every deletion request, and every compliance obligation — even if the system holding that data no longer exists. The vendor was your data processor. The processor just disappeared.

This is not a hypothetical scenario. Freshworks announced in January 2026 that it would stop renewing Freshteam subscriptions and consolidate HR workflows into Freshservice, forcing customers to plan migrations on the vendor's timeline. More broadly, ATS customers remain exposed to shutdowns, product sunsets, acquisitions, and pricing or policy changes that can materially affect access to candidate data. Every SaaS ATS customer is one executive decision away from a forced migration.

The Three Shutdown Scenarios and What Each Means for Your Data

Not every vendor shutdown looks the same. The outcome for your candidate data depends on which scenario plays out.

Scenario 1: Orderly Wind-Down (Best Case)

The vendor announces a shutdown date months in advance, maintains product access during the transition period, and provides data export tools.

What happens to your data:

• You receive 60–180 days notice before systems go offline
• Export tools remain functional (though they may be limited to flat files)
• Support staff are available but increasingly stretched as talent leaves
• Data is purged from vendor servers after a stated deadline

The catch: Even in orderly wind-downs, export fidelity is rarely complete. The export tools built for normal operations may not handle full historical data well — especially relational data like candidate-to-job mappings, stage transition histories, and attached documents. Teams that have never tested their export discover its limitations during the worst possible moment.

Scenario 2: Acquisition and Product Pivot

A larger company acquires the ATS vendor for its technology or customer base, then restructures the product — changing features, pricing, or both.

What happens to your data:

• Your data migrates to the acquiring company's infrastructure (often without explicit consent — buried in the original terms of service)
• The product you purchased may be merged into a larger suite with different pricing
• Features you depend on may be deprecated or moved to a higher pricing tier
• Your candidate data now falls under a different company's privacy policy and security practices

This scenario is arguably worse than a clean shutdown because the transition happens around you rather than requiring your active participation. You may not realize your data has moved to different servers, different jurisdictions, or different security controls until a compliance audit surfaces it.

Scenario 3: Abrupt Failure (Worst Case)

The vendor runs out of funding, fails to find a buyer, and shuts down servers with minimal notice.

What happens to your data:

• System access may terminate within days or weeks
• Export tools may be unavailable or non-functional
• Support staff have already left
• Servers may be shut down by cloud providers for unpaid bills
• Your data may be abandoned on infrastructure you cannot access
• In bankruptcy, data assets may be sold to creditors or liquidators

Early-stage software vendors do fail, get acquired, or sunset products, which makes data portability and exit planning a practical risk-management issue. For the recruiting teams using these platforms, failure means candidate data becomes collateral in a bankruptcy proceeding rather than a managed transition.

Your Legal Obligations Do Not Disappear When Your Vendor Does

Under GDPR, CCPA, and most modern privacy frameworks, the data controller's obligations are independent of the processor's status. When your ATS vendor shuts down:

The regulatory asymmetry is stark: the vendor's obligations end with their dissolution, but yours continue indefinitely.

Reqcore's self-hosted model eliminates processor dependency entirely — your organization is both controller and processor, with direct access to delete, export, or migrate data on your own timeline.

The Data You Are Most Likely to Lose

When an ATS vendor shuts down, some data is more vulnerable than others. Understanding the hierarchy of data loss helps prioritize what to protect first.

High Loss Risk

• Audit trails — Who viewed which candidate, when, and what actions they took. Rarely included in standard exports. Critical for compliance documentation.
• Email correspondence — Candidate emails sent through the ATS are typically stored in the vendor's email infrastructure, not your email server. Vendor shutdown means this history vanishes.
• Scoring explanations — AI-generated score breakdowns, criteria weights, and match reasoning are usually stored in vendor-proprietary formats. Flat exports include the score number but not the explanation.
• File attachments — Resumes, cover letters, portfolios, and right-to-work documents stored in the vendor's object storage. Large-scale attachment export is often the first feature to break under load during a wind-down.

Medium Loss Risk

• Candidate profiles — Basic profile data (name, email, phone, experience) is usually exportable. Custom fields are hit-or-miss.
• Pipeline stage history — Some exports include current stage only, not the full transition history with timestamps.
• Interview feedback — Structured feedback forms may export; free-text notes often do not.

Low Loss Risk

• Job postings — Text content that exists in your job descriptions and career page. Easy to replicate.
• Team member accounts — User data that exists in your HR system independently.

The pattern is clear: the more relational, contextual, and vendor-specific the data, the harder it is to extract during a shutdown. And relational context — the connections between candidates, applications, stages, evaluations, and decisions — is precisely what makes your hiring data valuable.

How to Protect Your Candidate Data Before a Shutdown Happens

The time to prepare for a vendor shutdown is during normal operations, not during the crisis. These five practices create resilience against any shutdown scenario.

1. Run Quarterly Full Exports and Verify Completeness

Export all candidate data every quarter. Then verify the export:

• Open the files and confirm custom fields are present
• Check that attachments (resumes, documents) are included as files, not just filenames
• Verify relational data: can you map which candidate applied to which job with which outcome?
• Count records and compare against the vendor's dashboard totals

If the export is incomplete, file a support ticket immediately and escalate. Document the gap. This creates a paper trail for any future compliance dispute — and it may reveal that your vendor's export has silently degraded since you last checked.

2. Maintain an Independent Candidate Database

For organizations handling more than 500 candidates per year, maintain a parallel record outside the ATS. This does not need to be a full duplicate — a structured export stored in your own cloud storage (S3, GCS, or local server) with quarterly refreshes provides a recovery baseline.

3. Audit Your Data Processing Agreement Annually

Review the DPA specifically for:

• Termination data handling: What happens to your data when the agreement ends? Is there an explicit return-and-delete clause?
• Subprocessor list: Where does your data actually live? If the vendor uses AWS eu-west-1 today, will the acquiring company move it to a US data center?
• Insolvency provisions: Does the DPA address what happens in bankruptcy? Most do not. The IAPP's guide to vendor management under GDPR recommends explicit insolvency data-handling clauses.

4. Store Attachments Independently

Configure your ATS to send application attachments to your own storage in addition to the vendor's. Most modern ATS platforms support webhook-based integrations that can push attachments to S3 or similar storage on receipt. This protects your most vulnerable data category — candidate documents — against vendor failure.

5. Choose Self-Hosted When Data Loss Is Unacceptable

For organizations where candidate data represents a core business asset — recruiting agencies, staffing firms, enterprise talent acquisition teams — the only complete protection against vendor shutdown risk is eliminating the dependency. Self-hosted ATS platforms store all data on your infrastructure, backed up on your schedule, accessible without any vendor's cooperation.

Reqcore's Docker-based self-hosted deployment means your candidate database lives on servers you control — even if Reqcore as a project disappeared tomorrow, your PostgreSQL database, your resumes, and your hiring history remain exactly where you put them. Read the full self-hosting deployment guide for implementation details.

The Acquisition Trap: Why "Getting Bought" Is Not Safety

Recruiting teams sometimes dismiss shutdown risk by assuming their vendor would be acquired rather than liquidated. But acquisition introduces its own data risks:

Data jurisdiction changes. A European ATS vendor acquired by a US company may relocate data processing to US servers — creating a cross-border transfer that requires additional legal safeguards under GDPR Chapter V.

Privacy policy changes. The acquiring company's privacy policy replaces the original. If the new policy permits broader data usage (e.g., for product analytics across their portfolio), your candidates' data may be processed in ways you did not consent to.

Feature deprecation. Features critical to your workflow may be deprioritized or removed. If the compliance reporting dashboard you rely on for candidate data audits gets sunsetted, your compliance process breaks.

Pricing restructuring. Post-acquisition pricing often increases to align with the acquirer's revenue targets. Combined with reduced data portability (the acquirer has no incentive to make leaving easy), this creates accelerated lock-in.

For a comprehensive view of how vendor dependency compounds, see vendor lock-in in ATS: how it happens and how to avoid it.

Emergency Playbook: Your Vendor Just Announced Shutdown

If your ATS vendor has already announced a shutdown or acquisition, act immediately:

Do not wait for the vendor to "figure out the transition." By the time shutdown announcements happen, engineering and support teams are already shrinking. Act as if the system will go offline next month — because in an abrupt failure scenario, it might.

Frequently Asked Questions

What happens to my candidate data if my ATS goes out of business?

Your data depends on the shutdown scenario. In an orderly wind-down, you typically get 60–180 days to export. In an abrupt failure, data may become inaccessible or fall into the hands of creditors. In all cases, your legal obligations as data controller persist regardless of the vendor's status.

Am I still legally responsible for candidate data after my ATS vendor shuts down?

Yes. GDPR and similar regulations hold the data controller (your organization) responsible for candidate data regardless of what happens to the data processor (the ATS vendor). You must still honor deletion requests, breach notification requirements, and retention limits — even if you cannot access the system that held the data.

How can I export my data from an ATS that is shutting down?

Request exports immediately in all available formats. Prioritize structured data (JSON, database dumps) over flat files (CSV). Download attachments separately. Export audit logs. Then verify the export against dashboard record counts. If the export tools are degraded, escalate to executive contacts — and document every limitation for your compliance records. For more on why data ownership matters in this context, see our dedicated guide.

Should I keep my own backup of ATS data?

Absolutely. Run quarterly full exports to your own infrastructure. Verify that relational data, custom fields, and attachments are included. This creates an insurance policy against any shutdown scenario and satisfies regulatory requirements for data controller accountability.

How does self-hosting protect against vendor shutdown?

Self-hosted ATS deployments store all data — candidate profiles, attachments, audit logs, scoring data — on infrastructure you control. If the software vendor shuts down, your database remains intact on your servers. You can continue running the existing version indefinitely, fork the code if it is open-source, or migrate data to a new system on your own timeline. There is no dependency on a third party's continued operation.

The Bottom Line

ATS vendor shutdowns are not rare events — they are a predictable consequence of a fragmented market with hundreds of competing products, venture-funded growth trajectories, and consolidation through acquisition. Every team using a cloud ATS should have an answer to the question: what happens to our 10,000 candidate records if this company ceases to exist next quarter?

The organizations that prepare — through quarterly exports, independent backups, strong DPA provisions, and architectures that minimize vendor dependency — convert a potential crisis into a manageable transition. Those that do not prepare discover that their years of recruiting data is worth exactly as much as their vendor's bankrupt servers.