MyFairCheck

Compliance

Security and privacy

Application-layer encryption, role-based access, and data minimization designed for background-check workflow infrastructure — with controls in development, not completed certification.

Who this is for: Security, IT, and compliance stakeholders evaluating MyFairCheck before real-data production.

Request pilot accessSee how it works

Why security architecture matters before real data

Background-check workflows handle sensitive fields that require encryption, scoped access, and audit trails. Teams evaluating MyFairCheck need to understand how data is protected in pilot and production paths.

Raw provider payloads and worker PII must not appear in verification APIs, client errors, or unstructured logs.

MyFairCheck security workflow

1

Field encryption

Sensitive record and PII fields encrypted at the application layer.

2

Role-based access

Scoped roles for workers, org admins, reviewers, and auditors.

3

Data minimization

Verification API designed without raw criminal-record payloads.

4

Structured logging

Observability paths redact email, offense, and payload fields.

Benefits

What you gain in a controlled pilot

  • Signed document URLs for evidence and exports when storage is configured
  • Virus scanning path for uploads in non-demo environments
  • Tenant isolation enforced in application and database layers
  • Pilot-stage controls documented for security review

SOC 2-ready controls

Controls mapped for future audit — not SOC 2 Type II certified today.

Real-data gate

Real-data production disabled by default until legal and security review completes.

Example

Fictional security review scenario

A platform security team reviews MyFairCheck verification API responses and confirms only credential status, check age, IDV, and consent metadata are returned — no offense text or provider webhook payloads in the response body.

What we do not claim

MyFairCheck does not claim SOC 2 Type II certification. Security controls are in development and require review before real-data production use.

MyFairCheck provides workflow support and controls in development — not SOC 2 Type II certification, Clean Slate certification, or final legal compliance certification. Pilot use requires legal and security review before real-data production.

Discuss pilot security requirements

Review encryption, access, and data-minimization design with your security team.

Request pilot accessTrust Center