Back to Home

Privacy Policy

Last updated: January 8, 2025

1. Introduction

Welcome to VerifyHire (the "Service"), operated by VerifyHire, Inc. ("Company," "we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when employers ("Users") submit and review candidate data through our web and API interfaces.

2. Information We Collect

CategoryExamplesSource
Account DataCompany name, work-email, password hash, roleYou
Candidate DataCandidate name, email, résumé links, job titles, start/end dates, interview notes, risk flagsYou or your ATS/webhook
Usage DataLog files, IP address, device/browser type, pages viewed, clicks, referrerAutomated
Integration TokensOAuth tokens or API keys for HRIS/ATS partners (e.g., Justworks via Merge/Finch)You, third-party
Cookies / Similar TechSession ID, analytics identifiers, CSRF tokenAutomated

Sensitive employment data is stored only for the legitimate purpose of cross-reference hiring checks.

3. How We Use Information

PurposeLegal Basis (GDPR) / Business Purpose (CCPA)
Provide & secure the ServicePerformance of contract; Legitimate interest
Match candidate records across organizationsLegitimate interest
Fraud & abuse detection (e.g., serial moonlighting)Legitimate interest
Customer support and notificationsPerformance of contract
Product analytics & improvementLegitimate interest; opt-out cookies
Compliance with law or court ordersLegal obligation

4. Sharing & Disclosure

We do not sell personal information. We may share:

  • Across customers – Candidate records become visible only to other verified employer accounts once you intentionally contribute them.
  • Service Providers – Hosting (e.g., AWS), unified HRIS vendors (Merge, Finch), analytics. Bound by contract to use data solely for our instructions.
  • Legal / Safety – If required by law, subpoena, or to protect rights, property, or safety.
  • Corporate Events – In connection with merger, acquisition, or asset sale (with notice to you).

5. Data Retention

  • Employer Account Data – Until you delete your account or as required for audits (max 7 years).
  • Candidate Data – Retained while you hold an active subscription or until you purge it via dashboard; automatically pruned after 24 months of inactivity.
  • Logs – 30 days for security; aggregated thereafter.

6. Security

We use industry-standard safeguards: TLS in transit, AES-256 encryption at rest, least-privilege access controls, regular penetration tests, and ISO 27001-compliant cloud infrastructure. No security measure is perfect; please notify us immediately at security@getverifyhire.com if you suspect a breach.

7. International Transfers

We are US-based. If you access the Service from outside the US, you consent to transferring your information to the United States and other jurisdictions that may have different data-protection laws.

EEA/UK: We rely on Standard Contractual Clauses when transferring personal data to non-adequacy jurisdictions.

8. Your Rights

  • EEA/UK – Access, rectification, erasure, restriction, objection, data portability, and lodge a complaint with a supervisory authority.
  • California – Know, delete, correct, opt-out of "sharing" (we don't sell), limit sensitive data processing.
  • Other Regions – We honor applicable local laws; contact us for requests.

Exercise rights via support@getverifyhire.com. We will respond within 30 days.

9. Children's Privacy

The Service targets business users. We do not knowingly collect information from anyone under 16.

10. Third-Party Links & APIs

Our site may link to third-party sites or embed APIs (e.g., Justworks OAuth screens). This Policy doesn't cover their practices; review their privacy statements.

11. Changes to This Policy

We may update this Policy periodically. We'll post the revised version and, if changes are material, email you or prompt a banner. Continued use after the effective date constitutes acceptance.

12. Contact Us

Questions, concerns, or data-subject requests?