Privacy policy
1. Introduction
Information Direct, Inc. ("Information Direct," "we," "us," or "our") is committed to protecting the privacy and security of the personal information we collect, process, and maintain. This Privacy Policy describes how we collect, use, disclose, and safeguard information in connection with the background screening services we provide.
This policy applies to our website (www.informationdirect.us), client portal (clients.informationdirect.us), and all related services. By using our services, you acknowledge that you have read and understood this Privacy Policy.
2. Information we collect
We collect information necessary to deliver pre-employment background screening services, including: applicant personal identifiers (name, date of birth, Social Security number, address history), employment and education history provided for verification, contact information for clients and authorized users, and usage data from interactions with our platform.
We collect this information directly from our clients who have obtained written authorization from applicants, from public records accessed through courthouse research, and from third-party verification sources as permitted by the FCRA.
3. How we use information
We use personal information exclusively for permissible purposes under the FCRA, including: compiling consumer reports at the request of authorized clients, performing courthouse research and record verification, processing employment, education, and professional license verifications, facilitating drug testing through our certified lab partners, and complying with legal and regulatory obligations.
We do not sell, rent, or trade personal information for marketing purposes. We do not use applicant data for any purpose other than fulfilling authorized background screening requests.
4. Data sharing and disclosure
We share personal information only as follows: with the authorized client who requested the background check, with courthouse researchers and verification agents acting on our behalf, with certified laboratory partners for drug testing services, with regulatory or law enforcement authorities when required by law, and as necessary to comply with legal process, court orders, or government requests.
All third parties who access personal information on our behalf are bound by confidentiality agreements and are required to maintain security standards consistent with our own.
5. Data security
We implement comprehensive administrative, technical, and physical safeguards to protect personal information, including: SOC 2 Type II certified infrastructure, ISO 27001 certified information security management, encryption of data at rest (AES-256) and in transit (TLS 1.2+), role-based access controls with multi-factor authentication, continuous monitoring and intrusion detection, regular security assessments and penetration testing, and documented incident response procedures.
6. Data retention and disposal
Consumer reports and related records are retained in accordance with FCRA requirements and applicable state retention schedules. Upon expiration of the retention period, records are securely destroyed using methods that prevent reconstruction or recovery. Clients may request deletion of their account data by contacting us at privacy@informationdirect.us.
7. Consumer rights under the FCRA
Consumers whose information appears in a background check report have the right to: request a copy of any consumer report furnished about them, dispute inaccurate or incomplete information in their report, receive notice when information in a report has been used against them, have inaccurate information corrected or deleted after investigation, and place a security freeze or fraud alert on their consumer file.
To exercise any of these rights, consumers may contact us at (800) 707-2450 or email disputes@informationdirect.us.
8. State-specific rights
Residents of certain states have additional rights. California residents have rights under the California Investigative Consumer Reporting Agencies Act (ICRAA), California Consumer Credit Reporting Agencies Act (CCRAA), and the California Consumer Privacy Act (CCPA/CPRA). New York residents are protected by Article 23-A. Massachusetts residents have CORI-specific protections. We comply with all applicable state privacy and consumer reporting laws.
9. Cookies and website analytics
Our website uses essential cookies for site functionality and security. We may use analytics cookies to understand how visitors interact with our site. You can manage cookie preferences through your browser settings or our cookie consent tool. We do not use cookies for advertising or cross-site tracking.
10. Children's privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will promptly delete it.
11. International visitors and GDPR
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, this section applies to our processing of your personal data in addition to the provisions above. Information Direct processes personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") where applicable.
12. Legal basis for processing
We process personal data under the following legal bases as defined in Article 6 of the GDPR: (a) Contractual necessity — processing necessary to perform our background screening services as requested by our clients; (b) Legal obligation — processing required to comply with the FCRA, state consumer reporting laws, and other applicable legal requirements; (c) Legitimate interests — processing necessary for fraud prevention, platform security, and service improvement, where such interests are not overridden by data subject rights; (d) Consent — where specifically obtained for optional processing activities such as marketing communications.
13. EU data subject rights
If you are a data subject located in the EEA, UK, or Switzerland, you have the following rights under the GDPR: Right of access — the right to request confirmation of whether we process your personal data and to obtain a copy of that data. Right to rectification — the right to request correction of inaccurate or incomplete personal data. Right to erasure — the right to request deletion of your personal data, subject to applicable legal retention requirements (including FCRA retention obligations). Right to data portability — the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. Right to object — the right to object to processing of your personal data based on legitimate interests. Right to restrict processing — the right to request that we limit how we use your personal data while a complaint is being resolved.
To exercise any of these rights, please contact our Data Protection Contact at privacy@informationdirect.us or write to Information Direct, Inc., Attn: Data Protection, 1519 E Chapman Ave #342, Fullerton, CA 92831. We will respond to all requests within 30 days, or within the timeframe required by applicable law.
14. International data transfers
Information Direct is based in the United States. If you are located outside the United States, please be aware that your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs) as adopted under Commission Implementing Decision (EU) 2021/914, supplemented by additional technical and organizational measures where appropriate. We also maintain data processing agreements with all sub-processors that include equivalent transfer safeguards.
To request a copy of the Standard Contractual Clauses we use, please contact privacy@informationdirect.us.
15. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be posted on this page with an updated effective date. Continued use of our services after changes constitutes acceptance of the revised policy.
16. Contact us
If you have questions about this Privacy Policy or our data practices, please contact us:
Information Direct, Inc. · 1519 E Chapman Ave #342, Fullerton, CA 92831 · Phone: (800) 707-2450 · Email: privacy@informationdirect.us
For data protection inquiries related to the GDPR, you may also contact our Data Protection Contact at the address above or email privacy@informationdirect.us with the subject line "GDPR Inquiry."