GoodHire Privacy Policy



Last Updated: November 23, 2020
Effective: November 23, 2020

This policy represents our commitment to your privacy and the respectful use of your data.

While we’ve tried to make this policy easy to follow and read, we understand that you may still have questions. If you do, you can contact us at privacy@goodhire.com. We’re here to help.

To print a copy of this Privacy Policy, click the “file” drop-down in your browser bar and select “print.”

What This Policy Covers

This privacy policy applies to the websites, mobile applications, and APIs (each, a “Service”) owned or operated by Inflection Risk Solutions, LLC (“we”, “Inflection”). It also describes your choices regarding use, access and correction of your personal information.

We offer a wide range of Services to employers, businesses, and individuals, including background check and identity verification services.  For example, we provide:

  • Criminal record, education, motor vehicle record, and credit screening services to employers for current and prospective employee background checks.
  • Services for individuals to run employment background checks on themselves.
  • Non-employment background checks and identity verification services for businesses that want to screen current or prospective users.

Depending on the Service you use, we may collect different information about you, and additional privacy terms, notices, and/or disclosures may apply to your use of the Services. This policy does not cover data collected by or through third-party websites or services.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU SHOULD NOT USE INFLECTION SERVICES OR VISIT INFLECTION WEBSITES.

Our Data Collection Practices

Information We Collect

In order to provide the Services, we collect personal information directly from our users, from our customers as part of providing our Services, from visitors to our Services, and from public records.

Collection Directly From Our Users
We collect information about users who create accounts with us:

  • Creating an account. If you create an account, we ask you to provide some basic registration information such as your name and email address. If you’re registering on behalf of a company, we may also ask you to provide some details about that company as well.
  • Making a purchase. If you choose to make a purchase from us, we ask you to provide billing details such as credit card or ACH information.
  • Commenting on a report. If you choose to add annotations to your personal background report, your comment may be made available to anyone that you authorize to receive a copy of that report. When you write your comment, you can select whether you’d like for your comment to be visible only to a particular employer or to all future employers who view your report.
  • Contacting us. If you contact our customer service team, we will collect your contact information, such as phone number or email address, as well as the contents of your communication. We may also ask for additional information to help us better assist you, such as technical information about your browser or information about your account with us.

Collection When We Provide Services To Our Business Customers
We may need to collect personal information from you in order to provide Services to our business customers, which may include employers and other companies or organizations that purchase our Services. For example, if you are the subject of a background check, or if a business customer requests that you verify your identity with us, we may collect some identifying information about you to provide the Services to our business customers.

  • Authorizing a background check. When you authorize one of our business customers to run a background check on you, we ask for your legal name, date of birth, and other identifying details such as your Social Security number, residential address, or past employment or educational history (depending on the type of background check requested). If the background check is authorized electronically, we also collect your email address and/or phone number.
  • Verifying your identity. We may collect personal information from you so that we can confirm that you are who you say you are. This personal information could include your legal name, address, phone number, email address, Social Security number, financial or utility account information, or a government-issued photo ID document.

Collection From Third Party Sources
If you authorize one of our business customers to run a background check on you, we’ll collect public records and other information from reliable third-party sources to assemble the report. We may also verify your information against authoritative government databases or information providers.

Collection When You Visit Our Website
Inflection Risk Solutions makes use of tools such as cookies to collect various types of information about your activity and computer while you use the website of a Service. For more information about our use of cookies, please review our Cookie Policy

  • If you visit our website, we will collect technical information from your browser, whether you have an account with us or not. This includes log data, which is automatically generated by your browser every time you request a webpage, and includes your IP address, browser User Agent, Referer, and the requested webpage. We may also make use of trusted third-party analytics tools such as Google Analytics. These third parties may collect information about your activity on our Services in order to help us to better understand how users interact with our Services. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser by clicking here.
  • We use content and preference cookies (both temporary and persistent) and similar technologies, and our partners may, too. These technologies are used to analyze user trends, to administer our website, to understand users’ activity on our website, and to gather information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. To manage Flash cookies, please click here.
  • We use Hotjar and Heap in order to better understand our users’ needs and to optimize our Services. These technology services help us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our Services with user feedback. Hotjar and Heap use cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, and the preferred language used to display our website. These services may store this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden from selling any of the data collected on our behalf. For further details, please see Hotjar’s Privacy Policy. Heap has the right to share only aggregated and/or anonymized data, and more information can be found in Heap’s Privacy Policy.
  • We use Appcues to create personalized communications with customers that are intended to improve the Services. Data collected through this service assists GoodHire with onboarding new customers, announcing new features and products, and collecting feedback from customers through surveys. Appcues is contractually prohibited from selling any data collected on our behalf. For further details, please see Appcues’ Privacy Policy.
  • Third-party advertising companies may collect information about your usage of the website to help us decide how to buy ads elsewhere on the web. Our third party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you would like more information about this practice, or if you would like to opt out of interest-based advertising, please click here. If you are located in the European Union, please click here. Please note that you will continue to receive generic ads.

How We Use The Information We Collect From You

Your information is used to provide and improve the Services. That includes:

  • Operating, evaluating, maintaining, improving, and developing the Services, including remembering your preferences and customizing the Services to user needs;
  • Conducting in-house research and development to help improve and further develop the Services;
  • Preventing, managing, and investigating fraud or abuse;
  • Marketing products or services offered by us, our parent company, or by selected partners to you; and
  • Communicating with you about your use of the Services.

When We Share Your Information

In limited circumstances, we share the information we collect from you.

  • With your consent. We may share your information when you give us permission – for example, if you authorize us to share your background report with a platform or employer.
  • With our service providers. We work with trusted third party service providers for such services as retrieving public records, payments processing, and communicating with our current customers and prospects. We share the minimum amount of information necessary to provide or improve our Services. If you are a consumer, your information may be shared for the business purpose of retrieving public records and compiling a consumer report about you in accordance with the Fair Credit Reporting Act, and in order to process your payment, if applicable. If you are a business customer or prospect, we may share your information for additional business purposes, including but not limited to processing your payment, facilitating communication with you, and improving and/or marketing our Services to you. Any third-party service provider we use is required to secure your information and may only use it to provide or improve the Services described in this Privacy Policy.
  • With our parent company, Inflection.com, Inc. Data collected under this privacy policy is shared with our parent company and stored on its servers.
  • De-identified and aggregated data. We may share or disclose information we collect after de-identifying and aggregating it so it cannot be linked back to an individual person. We contractually require third parties to respect this practice.
  • Fraud and abuse prevention. We partner with certain third party vendors to prevent fraud and abuse. When you make a purchase, we may analyze your payment information and unique device identifiers (including, but not limited to, IP address, MAC address, browser and operating system settings) to identify suspected fraudulent activity and block it. We may share information associated with activity flagged as fraudulent (including, but not limited to, payment information, email addresses, and unique device identifiers) with our security partners or law enforcement.
  • Business transfers. In the event that we or our parent company Inflection.com, Inc. is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your personal information may be sold or transferred as part of that transaction. However, the new entity will be bound by this privacy policy after the sale or transfer.
  • For legal process and emergency situations. We may be required to disclose or preserve for future disclosure your personal information if we believe, after due consideration, that doing so is reasonably necessary to protect Inflection’s rights or property or to comply with a law, regulation, valid legal process, or to prevent imminent and serious bodily harm to a person, and in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    If you are a law enforcement officer seeking information from Inflection about one of our users, please reference our Law Enforcement Guidelines for further information.

    Unless prohibited from doing so by law or court order, we will do our best to provide subjects – including candidates and applicants – of law enforcement requests with advance notice before we disclose their information to law enforcement, if we have contact information for that customer. We reserve the right to withhold advance notice where it would impede an investigation of identity theft, or in situations involving imminent physical harm or harm to minors.

Your Opt-Out And Communication Choices 

We may send you information about our products, notices regarding your account, and other messages related to Inflection services, including marketing emails. You can unsubscribe by clicking on the unsubscribe link in those emails, emailing privacy@goodhire.com with the email address you wish to unsubscribe, or calling 1-888-906-4284. Please note that you may still receive account and billing notices from us, if applicable.

Other Privacy Information

We maintain reasonable, industry-standard security procedures and practices to protect your personal information. Inflection does not collect information from children under the age of 13, and does not share your information with third parties for their own marketing purposes. We also abide by Privacy Shield principles for transferring data to and from the EU, the United Kingdom, and Switzerland.

Data Security And Retention

Inflection retains all of the information we collect or that you submit for as long as your account is active, or is needed to provide you services, or for purposes including fraud prevention, legal compliance, dispute resolution, as well as for the enforcement of our agreements.

Your information is stored on secure servers in the United States. We maintain reasonable, industry-standard security procedures and practices to protect your information. Here are a few other steps we take to protect your information:

  • We implement technical measures to prevent unauthorized access, and keep security patches and software up-to-date
  • Employee access to your information is restricted and audited
  • Sensitive personal information is stored in encrypted form
  • All personal information is encrypted during transfer

California’s ‘Do Not Track’ Law

While you may manage cookie preferences using your browser settings, this website does not currently respond to browser settings such as Do Not Track.

California Personal Information Disclosure: United States Or Overseas

We do not transfer personal information to third parties outside of the United States or its territories during the preparation or processing of consumer reports, except to the extent that queries for public records are submitted to non-US government agencies and data providers.

California Information-Sharing Disclosure

We do not share your personal information with third parties for direct marketing purposes without your permission.

California Consumer Privacy Act

California residents, as defined in the California Code of Regulations, have certain rights under the California Consumer Privacy Act (CCPA). The vast majority of personal information collected and stored by Inflection is exempt from the CCPA under Section 1798.145(d) (Fair Credit Reporting Act exemption) or under Section 1798.145(l)(1) (which exempts personal information collected in the context of a business to business transaction). Additionally, for much of Inflection’s non-FCRA Services, Inflection acts as a service provider rather than a business as defined by the CCPA. Nonetheless, Inflection may be considered a business subject to the CCPA in regards to a small percentage of the personal information that Inflection collects. In the following paragraphs, we describe this information and outline the legal rights of California residents.

Inflection does not and will not “sell” personal information as this term is defined by the CCPA, including information collected from minors under 16 years of age.

CATEGORIES OF PERSONAL INFORMATION WE COLLECT/DISCLOSE FOR A BUSINESS PURPOSE:

1. Personal identifiers such as your name, postal address, Internet Protocol (IP) address, and/or email address. This information is collected directly from you or your device (IP address only) when you interact with Inflection, such as when you create an account or when you visit our website. This information may be collected in order to create your account and/or to identify you as a unique visitor to our website. This information may be disclosed to our payment processors and fraud detection vendors.

2. Categories of personal information described in California Civil Code Section 1798.80(e). This may include but is not limited to your address, telephone number, credit card number, debit card number, or any other financial information. This information is collected directly from you when you make a purchase on one of Inflection’s Services. This information is collected in order to process your purchase. This information may be disclosed to our payment processors and fraud detection vendors.

3. Commercial information, including records of products or services purchased. This information is collected directly from you when you make a purchase on one of Inflection’s Services. This information is collected in order to facilitate your transaction and for our internal business purposes, such as financial record-keeping. This information is not sold or disclosed for a business purpose.

4. Biometric Information. As defined by the CCPA, “biometric information” may include voice recordings. If you speak with a representative of Inflection over the phone, your call may be recorded for quality assurance purposes. Inflection will inform you that the call will be recorded. Inflection does not collect any other biometric information. This information is not sold or disclosed for a business purpose.

5. Internet or other electronic network activity information, including browsing history, search history, and information regarding your interaction with our website. This information is collected directly from your device when you interact with our Services. This information is used for security and internal user analytics purposes. This information may be disclosed to our fraud detection vendors.

YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT:

PLEASE NOTE THAT ANY BACKGROUND CHECK DATA REGULATED BY THE FAIR CREDIT REPORTING ACT IS EXEMPT FROM CCPA DATA RIGHTS REQUESTS.

You have the right to request that we disclose the categories and specific pieces of personal information that we have collected about you, where we are acting as a business as defined by the CCPA and where the data collected is not otherwise exempt.

You have the right to request that we delete any personal information about you that we have collected, where we are acting as a business as defined by the CCPA and where the data collected is not otherwise exempt. Please note that the right to delete under the CCPA is subject to a number of exceptions including where retention of the information is necessary to do the following:

  • Complete your transaction;
  • Provide a good or service to you;
  • Perform a contract between us and you;
  • Protect user security;
  • Fix technical issues;
  • Protect free speech rights;
  • Comply with applicable law or legal obligation; or
  • Use the information for internal purposes compatible with the context in which it was provided.

You have the right to request that we disclose the following:

  • (1) The categories of personal information we have collected about you.
  • (2) The categories of sources from which the personal information is collected.
  • (3) The business or commercial purpose for collecting personal information.
  • (4) The categories of third parties with whom we share personal information.
  • (5) The specific pieces of personal information we have collected about you.
  • (6) The categories of personal information that we have disclosed about you for a business purpose.
  • (7) The categories of personal information that we have sold about you and the categories of third parties to whom the personal information was sold. While you may nonetheless request this information, please note that Inflection does NOT “sell” personal information as this term is defined by the CCPA.

Inflection will not discriminate against you because of your decision to exercise your rights under the CCPA. Inflection will not deny you services, charge you different prices, provide a different level or quality of services, or suggest that you will receive a different price, level, or quality of services as a result of your decision to exercise your rights.

To exercise your rights under the CCPA or to contact us about our privacy policy, send us an email at dpo@inflection.com. You may also submit a request at legal@inflection.com. You will need to provide basic personal information, such as your name, email address, and phone number, so that Inflection may locate your information within our systems. In order to verify your identity, Inflection requires that you submit a copy of your California driver’s license or identification card along with your request. This information will only be used to verify your identity and will not be shared with third parties. If your identity cannot be verified, requests may be denied. If you request to delete your personal information, you will be required to confirm this request a second time before the information can be deleted. In accordance with California law, you may allow an authorized agent to make a request for information on your behalf. In order to designate an authorized agent, you must provide a valid power of attorney, a copy of the requester’s valid government-issued identification, and a copy of the authorized agent’s valid government-issued identification.

Nevada Resident Rights

We do not sell your covered information, as defined by Section 1.6 of Chapter 603A of the Nevada Revised Statutes. If you reside in Nevada, you may submit a request to dpo@inflection.com in regards to the sale of covered information.

Children’s Information

Our Services are not directed to individuals under the age of 18 and we do not knowingly collect personal information from children under the age of 13. If we discover that we have collected personal information on a child under the age of 13 via the Services, we will promptly remove it from our systems.

Our Privacy Commitment to Individuals in the EU, the United Kingdom, or Switzerland

If your personal information is transferred outside the EU, UK, or Switzerland to Inflection or third-party service providers, we will take steps to ensure your personal information receives the same level of protection as if it remained within the EU, UK, or Switzerland.

Inflection Risk Solutions, LLC complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States, respectively. Inflection Risk Solutions, LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the US-EU and Swiss-US Privacy Shield Principles, Inflection Risk Solutions, LLC commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom, or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Inflection Risk Solutions, LLC at:

Inflection Risk Solutions, LLC
Attn: Privacy Team
P.O. Box 391403
Omaha, NE 68139
privacy@goodhire.com

Inflection Risk Solutions, LLC has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Under certain limited conditions, individuals may invoke binding arbitration before the Privacy Shield Panel, to be created by the U.S. Department of Commerce and the European Commission.

You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of alleged infringement, if you believe that the processing of your personal data infringes applicable law.

Onward Transfer Of Data
In cases of onward transfer to third parties of data of EU, United Kingdom, or Swiss individuals received pursuant to the EU­-US Privacy Shield or Swiss-US Privacy Shield, Inflection is potentially liable.

Inflection is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Legal Bases for Processing Personal Information from the EU
We describe how we process the personal information we collect from you in the “HOW WE USE THE INFORMATION WE COLLECT FROM YOU” section above.

We may process your information:

  • If you consent to the processing;
  • To satisfy our legal obligations;
  • If necessary to fulfill our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you;
  • For our legitimate interests, subject to your interests and fundamental rights, to conduct and develop our business activities, and manage and protect the rights and safety of Inflection or its customers.

Your Privacy Rights
In accordance with GDPR and subject to applicable laws, European data subjects have certain rights with respect to their personal data. Upon receipt of a request at privacy@goodhire.com, we may need to verify your identity and will subsequently handle your request under applicable law.

  • Right to access, rectify, and erase your data: You have the right to request access to and obtain a copy of any of your personal data held by Inflection, to request that any incorrect information be corrected, to request that any incomplete information be completed, and under certain circumstances, to request that your personal data be deleted.
  • Right to data portability: If we process your personal data based on your consent, a contract to which you are party, or to take steps at your request prior to entering a contract and the personal data is processed by automated means, you may request your personal data in a structured, commonly used, and machine-readable format. You may also request that your personal data be transmitted to another controller where this is technically feasible.
  • Right to object to or restrict processing: You have the right to object to or restrict the processing of your personal data under certain circumstances.
  • Right to withdraw consent: To the extent that Inflection requests and you provide consent to the processing of your personal data, you may withdraw your consent at any time.

EU-US and Swiss-US Privacy Shield Point of Contact
Elizabeth McLean, General Counsel, GoodHire

Changes To This Policy

If we make material changes to this Privacy Policy that affect your rights, we will post a notice on the site before that change becomes effective. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any changes to this Policy, we will change the “Last Updated” date above.

Contact Information

If you have any questions about this Policy, please contact us at 1-888-906-4284, privacy@goodhire.com, or at the following mailing address:

Inflection Risk Solutions, LLC
Attn: Privacy Team
P.O. Box 391403
Omaha, NE 68139

Inflection Risk Solutions maintains offices at:

555 Twin Dolphin Drive, Suite 630
Redwood City, CA 94065