Privacy Policy

Checkr collects certain information that relates directly to the Consumer. Checkr may also collect limited information related to Customers and Site Visitors. In the past 12 months, Checkr has collected the following categories of Personal Data:

In the past 12 months, Checkr collected information from the following categories of sources:

Information You Submit To Us
Checkr collects Personal Data submitted directly to Checkr via our site or by email, such as information needed to produce a background check report; and Personal Data including name, email address and general business information provided in contact requests, in browser chats, and/or with Checkr agents. Checkr may maintain records of communications submitted through the Site.

Third Party Information
Certain Services require the collection of information from third parties. Third party information may relate to Consumers or Customers and includes both public and private records as described below:

Personal information may also be collected by Customers, third parties or affiliates and transferred to Checkr for the purpose of performing Services offered on third party marketplace platforms, such as producing a background check report.

Automatically Collected Information
When Consumers, Customers or Site Visitors visit the Site or use the Services, we automatically gather certain Internet or other electronic network activity information, including technical and usage information, which may be associated with your user account. Technical Information also includes “Cookies,” which are small text files containing a string of alphanumeric characters that are downloaded by your web browser when you visit a website. In certain jurisdictions (including the EEA, UK, California, and Virginia), we present Site Visitors with a cookies banner which enables you to adjust your cookies settings. For more information about how Checkr uses cookies, please review our Cookie Policy.

In the past 12 months, Checkr used all categories of data described in Section 1 to:

In using the above categories of data, Checkr strives to adhere to a philosophy of data minimization so as to use only the data necessary to complete any of the above activities.

Data Retention
Checkr will retain collected information in accordance with applicable laws and agreements between Checkr and its Customers and affiliates. See Section 6 below for instructions on how to request deletion of your Personal Data.

Anonymized Information
We may use and share anonymized information without limitation, including sharing with third parties. This includes anonymized, pseudonymized, aggregated, or de-identified information about Consumers, Customers, Site Visitors, and information collected from third parties, including public records.

Checkr shares Personal Data with authorization from a Consumer, a Customer or other data controller, or when otherwise permitted by law. Checkr shares Personal Data with the following categories of third parties:

In the past 12 months, Checkr has shared the categories of data described in Section 1 with the above third parties with consent, for a legitimate business purpose, or as required by law.

To learn more about how Checkr respects the "Do Not Share" right of California residents, see California and Other State Privacy Laws.

Yes. The Services are offered through Checkr’s website, mobile site, and application. To obtain Services from Checkr, you must create an online account and (1) be able to access Services on a computer or other device that is capable of accessing the Internet, (2) have an active email account, and (3) consent to our use of our website, application, or email to provide you any written information that we may be required to send you in connection with the Services, your account, and/or background checks and reports. However, you may still exercise your rights under the FCRA by contacting us through non-electronic means such as mail. See How can you contact Checkr with more questions? below.

Method of Providing Communications to You in Electronic Form
All Communications that we provide to you in electronic form will be provided either (1) via email, telephone or text, (2) by making it available online and accessible via the Services, or (3) by requesting you download a PDF file containing the Communication.

Your Consent to Electronic Disclosures
By creating an account and/or authorizing a background check or other Services, you acknowledge and agree that:

Please read this Federal ESIGN disclosure and consent carefully and keep a copy for your records. Your consent is voluntary, but we cannot provide the Services to you if you do not consent. If you are unwilling to receive these disclosures and notices electronically, you may terminate the creation of your account by closing your browser at any time before you create an account and/or authorize a background check.

Accurate Contact Information
It is your responsibility to provide us with true, accurate, and complete contact information, such as email address, and other information related to your account, and to maintain and update promptly any changes in this information. If you give us an incorrect email address or fail to update or correct your email address, an electronic communication will be deemed provided to you if we use the email address in our records for the electronic communication.

Scope of Communications to Be Provided in Electronic Form
Your consent to receive electronic communications and transactions includes, but is not limited to, all legal and regulatory notices or disclosures and communications associated with your account, the Services, your request for a background check, and any product or service we agree to provide you (each, a “Communication”).

How to Withdraw Consent
You may at any time withdraw your consent to receive Communications in electronic form. To begin receiving Communications in paper form, please contact us at the following address: One Montgomery Street, Suite 2400, San Francisco, CA 94104. Please specify the information you wish to receive in paper form. Be sure to state that you are requesting a copy of the disclosures, notices, etc., and include your name and mailing address. Your request will apply only to those specific items you designate. We will not impose any fee to process the withdrawal of your consent to receive electronic Communications. Any withdrawal of your consent to receive electronic Communications will be effective only after we have a reasonable period of time to process your withdrawal.

Required Equipment
In order to use the Services and to view and retain a copy of this Policy and certain Communications, you understand that you must have a computer or device equipped with at least: a browser with 128-bit encryption, a current version of a software that can open and display PDF files (e.g., Adobe), and either a printer or other electronic storage device.

Retaining Copies of the Communications
To retain a copy of any Communication we provide electronically, you can download an electronic copy to your computer or a storage device (such as a disk or USB storage device), request a copy by email, or print copies on a printer attached to your computer. You will not be charged for a downloaded or emailed copy.

We offer certain privacy resources regardless of where you are located, as described below. Please note that if you reside in certain jurisdictions, you may have additional rights. If you reside in California, Colorado, Connecticut, or Virginia, see California and other state privacy laws; you reside in the European Economic Area ("EEA") or UK, see GDPR and Other International Considerations.

For Consumers
Consumers may request access, download, correction, and deletion of their information as described below:

For Customers:
Requests to update Customer account information or make other requests about your data should be directed to your account representative or via the customer service portal at https://help.checkr.com/hc/en-us/requests/new.

If you reside in California or certain other states (including those listed below), you may have rights under applicable state privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CPRA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), or the Virginia Consumer Data Protection Act (“VCDPA”) (collectively, "State Privacy Law" or "State Privacy Laws").

Please note that State Privacy Laws generally do not apply to Personal Data which is processed pursuant to the FCRA, the federal law which protects background check information. When Checkr processes Personal Data about residents for the purposes of performing a background check pursuant to the FCRA, such processing is generally exempt from State Privacy Laws. In such cases, we process your Personal Data in accordance with the FCRA and its applicable protections.

In addition, we often act as a “service provider” or "processor" with regard to Personal Data we receive and process through our Services. In such cases, we conduct our data processing in accordance with the restrictions set forth in the data processing agreements with our Customers, who act as the "business" or "controller" under State Privacy Laws. The privacy practices of our Customers are subject to their privacy policies, which we encourage you to review. Checkr is not responsible for our Customers' privacy practices or policies.

California, Colorado, Connecticut, and Virginia residents may learn more about their rights below:

Checkr will help you exercise these rights free of charge, where applicable. Submitting a request via our support portal is the best way to contact us; you may also submit a request via email at support@checkr.com. If you make a request under a State Privacy Law, we may need to take additional steps to verify your identity.  If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and to verify your own identity directly with us.

Regardless of where you are located, you may use the tools described above in How can you access, change, or delete information about you? to request access, correction, and deletion of your information.

No. Site and Services may contain links to third-party websites, but this Policy does not apply to information that you may provide to or that may be collected by such third parties. We encourage you to review such third parties’ privacy policies and terms and conditions before engaging with such third parties.

Promotional Emails: Subject to any restrictions under applicable laws, we may send periodic promotional or informational emails to you. You may opt-out of such communications by clicking the unsubscribe link in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any services you have requested or received from us.

Opting Out of Checkr Text Messages: The number of text messages you receive may depend upon factors, including how you use our Services and whether you take steps to generate additional text messages from us (such as by sending a HELP request). If you no longer want to receive Checkr text messages, you may reply STOP to our messages at any time. After doing so, we will send you confirmation of your opt-out via text message. If you have revoked consent and want to re-enroll in our text message program, you can re-enroll by submitting a request via our support portal.

Checkr maintains industry standard physical, technological, and administrative safeguards to help protect the security and privacy of the information we maintain about you. We may use such safeguards as encryption, multi-factor authentication, and other proactive security measures to help protect your information against unauthorized access and disclosure. However, no security measures are 100% effective. You should take steps to protect against unauthorized access to your information, passwords, accounts, phones, computers, and other devices.

GDPR and UK GDPR

In the EEA and UK, we present Site Visitors with a cookies banner asking for your affirmative consent to non-essential cookies. For more information about how Checkr uses cookies, please review our Cookie Policy.

If you reside in the EEA or UK, you have the right to submit a data subject access request ("DSAR") under the General Data Protection Regulation or UK General Data Protection Regulation ("GDPR"), including requests to access, correct, delete, download, and object to certain processing of your information. You can exercise many of these rights by visiting the links described above in How can you access, change, or delete information about you? In addition, you may submit a DSAR request via our support portal.

Data Storage

Checkr uses infrastructure primarily located and operated in the United States. Checkr may also use partners or affiliates located in countries outside the US to store, process, and transmit your information. If you are located in the EEA, UK, or another region with comparable data protection laws, your personal information may be transferred to a jurisdiction that does not have the same level of legal protections.

Personal Information Disclosure: United States or Overseas

When Checkr acts as an Investigative Consumer Reporting Agency under California state law, personal information collected from Consumers in the United States may be transferred outside of the United States as follows:

For more information on how Checkr handles cross-border transfers of personal information, please read the remainder of this section below.

Data Transfer and Standard Contractual Clauses

Checkr may transfer, store, or process your Personal Data in a country outside your jurisdiction, including countries outside the EEA and UK. We take appropriate safeguards with respect to such cross-border data transfers. For example, if we transfer Personal Data from the EEA or UK to another country, such as the United States, we will implement an appropriate data transfer solution such as entering into “standard contractual clauses” approved by the European Commission or competent UK authority (as applicable) with the data importer, or take other measures to provide an adequate level of data protection under EEA and UK law. Checkr may also rely on the active consent of EEA based data subjects. Data from EEA based data subjects is processed with consent, to fulfill our legitimate interests to produce a data subject’s requested background check, and to fulfill our contractual obligations. We may retain data for compliance with our legal obligations under applicable law, including the FCRA.

Additional Information for Canadian Users

This Policy applies to Customers, Consumers and Site Visitors in Canada. However, to the extent that this Policy is inconsistent with any applicable Canadian laws, Checkr will comply with the applicable law for Customers, Consumers and Site Visitors in Canada. For example, Checkr will only send commercial electronic messages to persons located in Canada with explicit, opt-in consent, unless otherwise permitted pursuant to Canadian legislation that is applicable to such activities.

Consumers who are located in Canada should also understand that the nature of the Services will involve Checkr obtaining potentially sensitive personal information about them, including consumer reports, criminal records, driving records, as well as education and employment records, from third parties such as consumer reporting agencies, police services, and government agencies (e.g., provincial transportation ministries).

Checkr will also share Consumers’ personal information with a third party service provider in Canada, for the purpose of completing or facilitating the background checks described in this Policy.

In addition, Personal Data that is collected in the course of providing the Services will be transferred outside Canada. Therefore, such information may be accessible to law enforcement and national security authorities in the jurisdiction(s) where it is stored or processed.

Canadian Customers and Consumers will be notified of any material changes to this Policy, where such a change would result in use or disclosure of their personal information by Checkr in a manner not contemplated by this Policy or reasonably expected by the individual.

Privacy Shield

Checkr complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Checkr has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Checkr has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

At Customers’ request, Checkr may collect from third-party sources Personal Data about EEA and Swiss residents who are applicants for positions with Customers, who are otherwise seeking a business relationship with Customers or who are the Customers’ employees, to compile a background report on the EEA or Swiss resident.  The information collected may include, at the Customer’s election and to the extent permitted by applicable law, an EEA or Swiss resident’s criminal history, employment history, work eligibility, educational background, civil litigation history, residence history, and/or driving history.  Checkr receives this Personal Data for investigative, credential verification, and employment screening purposes. Customers (employers or their agents) may use this Personal Data for their own employment-related decisions, such as whether to hire, retain, promote, or re-assign an employee.

Checkr may disclose the Personal Data of EEA and Swiss residents to the Customer who requested the collection of that Personal Data for employment screening and/or business-related purposes.  Checkr may disclose Personal Data of EEA and Swiss residents, subject to written agreement, to authorized third-party service providers who assist Checkr in providing services to Customers. These third-party service providers may, for example, perform reference and credential verifications or collect information from public or private records sources in connection with the preparation of a background report. Upon notice, Checkr will act promptly to stop and remediate unauthorized processing of Personal Data by a recipient.

Checkr is accountable for Personal Data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party as described in the Privacy Shield Principles.  In particular, Checkr remains liable under the Privacy Shield Principles if third-party service providers engaged by Checkr to process Personal Data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Checkr is not responsible for the event giving rise to the damages.

In certain situations, Checkr may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

When Checkr collects and uses Personal Data of EEA and Swiss residents for the purpose of providing services in accordance with its Customer’s instructions, Checkr acts as a processor of such Personal Data. Accordingly, Checkr relies on Customers to provide EEA and Swiss residents with respect to whom the Customer requests a background report with clear, conspicuous, and readily available mechanisms to opt out from: (a) the disclosure of their Personal Data to a non-agent third party; and (b) the use of their Personal Data for purpose(s) that are materially different from the purpose(s) for which the Personal Data was originally collected or subsequently authorized by the individual.  Checkr will follow Customers’ instructions regarding the choices made by individuals.

Checkr does not review data processing notices provided by Customers to EEA and Swiss residents, or authorizations to the Customer from EEA and Swiss residents who are the subject of a background check requested by a Customer to determine whether the notices or authorizations are in compliance with, or conflict with, applicable law or any policy or notice published by the Customer.  Customers are responsible for providing all legally required notices and for obtaining all legally required authorizations and for ensuring that the notices and authorizations are consistent with the Customers’ policies and comply with applicable laws.

If, and to the extent, Checkr collects any sensitive Personal Data as expressly delineated by Privacy Shield Principles, Checkr obtains (directly or through Customers) affirmative express consent, i.e., opt-in consent, from the relevant EEA or Swiss resident, subject to certain exceptions permitted by the Privacy Shield Principles, before such information is to be (i) disclosed to a third party, or (ii) used for a purpose other than those for which the sensitive Personal Data was originally collected or subsequently authorized by the EEA or Swiss resident.

Pursuant to the Privacy Shield Frameworks, EEA and Swiss individuals have the right to obtain our confirmation of whether Checkr maintains personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their request to our support portal. If requested to remove data, we will respond within a reasonable timeframe.

Checkr is responsible for the processing of Personal Data we receive and subsequent transfers to a third party acting as an agent on our behalf, under the Privacy Shield Frameworks. Checkr complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA and Switzerland, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Checkr is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Checkr commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Checkr.

Checkr has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Our Legal Bases for Processing Your Information

Laws in certain jurisdictions, such as the GDPR in the EEA, require the controller to identify their legal bases for processing Personal Data. Checkr is sometimes a controller and sometimes a processor. When we collect and use the Personal Data of Site Visitors, we are always a controller. When we collect and use the Personal Data of Consumers and Customers, we are sometimes a controller and sometimes a processor.

In many cases, such as when Checkr processes Personal Data to provide services requested by a Customer, Checkr acts as the processor and our customer acts as the controller for that processing purpose. In such cases, our Customer (the controller) is responsible for identifying their legal basis for that processing purpose. As the processor for that particular processing purpose, Checkr is not responsible for identifying a legal basis, and instead conducts our data processing in accordance with the restrictions set forth in the data processing agreement with the applicable Customer.

In other cases, Checkr acts as a controller, and is therefore responsible for identifying a legal basis for each processing purpose. We rely on different legal bases to process your information for the various purposes described in this Privacy Policy.

For each legal basis below, we describe the purposes of our processing (why we process your information) and our processing operations (how we process your information to achieve each purpose). We also list the categories of your information that we may process for each purpose.

You also have particular rights available to you depending on which legal basis we use. No matter what legal basis applies, you always have the right to request access to, correction of, and erasure of your information. To exercise your rights, see
How can you access, change, or delete information about you?.

Processing necessary to perform our contract with you

We process information as necessary to conclude and perform our contract(s) with you, including but not limited to our Terms. The categories of information used and why and how they are processed is set out below:

Your Consent

We process information for the purposes described below when you have given us your consent to enable particular product features in your device-based settings. The categories of information used and why and how it’s processed are set out below:

Compliance With A Legal Obligation

We process information to comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request. New laws may be enacted or other obligations may become binding on our processing and we will update the list of laws from time to time.

Legitimate Interests

We rely on our legitimate interests or the legitimate interests of a third-party, such as our users, where they are not outweighed by your interests or fundamental rights and freedoms ("legitimate interests"):

Checkr reserves the right to change this Policy at any time. Please check this page periodically for changes. Your continued use of our Site and Services following the posting of changes to this Policy will mean you agree with, and consent to be bound by, the new revised Privacy Policy.

If you have any questions, concerns or complaints about our Policy or Checkr’s handling of your personal information, or if you would like to access or update personal information that is not available via the Candidate portal, submitting a request via our support portal is the best way to contact us. You may also contact us via the following methods:

Checkr, Inc.
Attn: Privacy Questions
One Montgomery Street, Suite 2400
San Francisco, CA 94104
support@checkr.com

In addition to those rights, you have the right to contact your relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.