Trust & Security You Can Rely On
Background checks involve sensitive personal information. We protect it with enterprise-grade security, strict compliance, and transparent practices. Your data — and your candidates’ data — is safe with us.
Our Commitment to Your Data
Security isn’t a feature — it’s the foundation of everything we build.
🛡️ We Protect Your Data
Background checks contain sensitive personal information — Social Security numbers, criminal records, financial data. We treat this data with the respect and protection it deserves.
- ✓Enterprise-grade encryption everywhere
- ✓Strict access controls
- ✓Regular security audits
- ✓24/7 monitoring
🚫 We Never Sell Your Data
Your data is yours. We never sell, rent, or share personal information with third parties for marketing or any other purpose outside of completing your background checks.
- ✓No data sales — ever
- ✓No third-party marketing
- ✓Minimal data collection
- ✓Clear retention policies
Security Pillars
Multiple layers of protection at every level.
Data Encryption
All data protected with industry-leading encryption standards.
- ✓TLS 1.3 in transit
- ✓AES-256 at rest
- ✓AWS KMS key management
- ✓Encrypted backups
- ✓Secure key rotation
Access Control
Strict controls ensure only authorized access to sensitive data.
- ✓Role-based access (RBAC)
- ✓Multi-factor authentication
- ✓SSO/SAML support
- ✓Session management
- ✓Principle of least privilege
Monitoring & Audit
Complete visibility into all system activity.
- ✓24/7 security monitoring
- ✓Real-time threat detection
- ✓Complete audit logs
- ✓Anomaly detection
- ✓Incident response team
Infrastructure Security
Cloud infrastructure built for security and reliability.
- ✓AWS cloud hosting
- ✓Multi-AZ redundancy
- ✓DDoS protection
- ✓WAF (Web Application Firewall)
- ✓Network segmentation
Security Testing
Proactive testing identifies vulnerabilities before attackers do.
- ✓Annual penetration testing
- ✓Continuous vulnerability scanning
- ✓Third-party security audits
- ✓Bug bounty program
- ✓Code security reviews
Secure Development
Security built into our software development lifecycle.
- ✓Secure SDLC
- ✓Code review requirements
- ✓Dependency scanning
- ✓Container security
- ✓Security training
Security Certifications
Third-party validated security and compliance.
SOC 2 Type II
Annual audit by independent assessors verifying security controls are properly designed and operating effectively.
FCRA Compliant
Registered Consumer Reporting Agency following all Fair Credit Reporting Act requirements.
GDPR Compliant
EU General Data Protection Regulation compliance for international candidates and operations.
PBSA Member
Professional Background Screening Association member adhering to industry best practices.
HIPAA Ready
Healthcare data protection compliance for covered entities and business associates.
PCI DSS
Payment Card Industry Data Security Standard compliance for credit card handling.
State Compliance
Compliance with state-specific privacy and background check laws across all 50 states.
EEOC Guidance
Tools and workflows that support EEOC guidance on individualized assessment.
📄 Request Security Documentation
Enterprise customers can request our SOC 2 Type II report, penetration test summary, and security questionnaire responses under NDA.
Request Documentation →Regulatory Compliance
Legal compliance built into every background check.
📋 FCRA Compliance
As a registered Consumer Reporting Agency, we follow all Fair Credit Reporting Act requirements:
- ✓Standalone disclosure documents
- ✓Written authorization requirements
- ✓Pre-adverse action process
- ✓Final adverse action notices
- ✓Dispute resolution process
- ✓Permissible purpose verification
🌍 GDPR Compliance
For EU candidates and operations, we comply with GDPR requirements:
- ✓Lawful basis for processing
- ✓Data subject rights (access, deletion)
- ✓Data minimization
- ✓Purpose limitation
- ✓Cross-border transfer safeguards
- ✓Data protection officer
How We Handle Your Data
Transparency about our data practices.
Collection
We collect only the data necessary to complete your background check. No unnecessary information gathering.
Storage
Data stored in encrypted AWS infrastructure with strict access controls and geographic restrictions.
Retention
Data retained only as required by law and your needs. Clear retention schedules with automatic deletion.
Access
Strict role-based access ensures only authorized personnel can view sensitive information.
Sharing
We never sell data. Sharing only with data sources necessary to complete checks, under strict agreements.
Deletion
Secure deletion when retention period ends. Candidates can request deletion of their data.
Candidate Rights & Protections
We protect the rights of the people being screened.
📄 Right to Disclosure
Candidates have the right to know when a background check is being conducted and what information will be gathered.
- ✓Clear disclosure before screening
- ✓Written authorization required
- ✓Summary of rights provided
👁️ Right to Access
Candidates can request a copy of their background check report and see what information was found.
- ✓Free copy upon request
- ✓Report explanation available
- ✓Source information provided
⚠️ Right to Dispute
If information is inaccurate, candidates have the right to dispute it and have it investigated.
- ✓Online dispute submission
- ✓30-day investigation timeline
- ✓Correction of verified errors
⏸️ Right to Fair Process
Before adverse action, candidates receive notice and time to respond to findings.
- ✓Pre-adverse action notice
- ✓Waiting period before decisions
- ✓Final adverse action notice
Transparency You Can Trust
We believe in being open about how we operate.
Clear Privacy Policy
Plain-language privacy policy explains exactly how we collect, use, and protect your data.
Audit Trails
Complete logs of who accessed what data and when. Available for your compliance needs.
Status Page
Real-time system status at status.backgroundchecker.com. Subscribe to incident notifications.
Incident Response
Prepared for anything, transparent about everything.
🚨 Our Incident Response Process
In the unlikely event of a security incident, we have established processes to respond quickly and transparently:
- ✓Detection — 24/7 monitoring for anomalies
- ✓Response — Dedicated incident response team
- ✓Containment — Isolate and stop the threat
- ✓Notification — Prompt customer communication
- ✓Recovery — Restore normal operations
- ✓Review — Post-incident analysis and improvement
📢 Our Track Record
We’re proud of our security track record:
- ✓Zero data breaches since founding
- ✓99.99% uptime maintained
- ✓Passed all audits without findings
- ✓No regulatory actions against us
If you have security concerns or want to report a vulnerability, contact security@backgroundchecker.com.
Our People & Processes
Security starts with the people who build and operate our platform.
Background Checked
All employees undergo thorough background checks before joining our team.
Security Training
Annual security awareness training for all employees, with specialized training for developers.
Confidentiality
All employees sign strict confidentiality agreements protecting customer data.
Need-to-Know
Access to production data limited to those who need it to do their jobs.
What Security Teams Say
Trusted by security-conscious organizations.
“The SOC 2 Type II report was comprehensive. They provided everything we needed for our vendor security review without any pushback.”
“Our security team did a thorough review of their architecture and practices. They passed with flying colors. Very impressed with their approach.”
“GDPR compliance was essential for us. BackgroundChecker.com had clear data processing agreements and understood EU requirements.”
Security FAQs
Common security and privacy questions.
What security certifications do you have?
We’re SOC 2 Type II certified, FCRA compliant, GDPR compliant, and HIPAA-ready. We’re also a member of PBSA (Professional Background Screening Association). Enterprise customers can request our SOC 2 report under NDA.
How is my data encrypted?
All data is encrypted with TLS 1.3 in transit and AES-256 at rest. Encryption keys are managed through AWS KMS with automatic rotation. Backups are also encrypted.
Do you sell or share my data?
No. We never sell personal data. We share data only with the sources necessary to complete background checks (courts, employers, schools), under strict data protection agreements.
How long do you retain data?
We retain data as required by FCRA (7 years for reports) and your specific needs. You can request shorter retention periods. Candidates can request deletion of their data subject to legal requirements.
What happens if there’s a data breach?
We have a comprehensive incident response plan. In the unlikely event of a breach, we would notify affected customers promptly as required by law, contain the issue, and provide transparent communication throughout.
Can I get your SOC 2 report?
Yes. Enterprise customers and prospects can request our SOC 2 Type II report, penetration test summary, and security questionnaire responses under NDA. Contact us to request.
Secure Screening Starts Here
Your data is protected by enterprise-grade security, strict compliance, and transparent practices. Start screening with confidence.
Get Started FreeSOC 2 Type II • FCRA Compliant • Zero data breaches
