Verify Ref Logo

Privacy Policy

Last updated: November 30, 2025

1. Introduction

Verify Ref is a product of Datalinc PTY LTD (ABN: 28682714030, ACN: 682714030). Verify Ref ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automated reference checking platform and services ("Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password (hashed), phone number, company name, and other registration details
  • Candidate Information: Name, email address, phone number, employment history, and other details about candidates whose references are being checked
  • Reference Information: Name, email address, phone number, company, job title, and relationship to the candidate
  • Questionnaire Content: Questions created for reference checks and responses provided by references
  • Payment Information: Billing address, payment method details (processed securely through Stripe, not stored by us)
  • Communications: Messages, feedback, and other communications you send to us
  • AI Analysis Data: Sentiment scores, risk assessments, and other insights derived from analyzing reference responses using third party AI technologies

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, time spent on platform, click patterns, and navigation paths
  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
  • Log Data: IP address, access times, error logs, and referral URLs
  • Location Data: General geographic location based on IP address (not precise location)
  • Cookies and Tracking Technologies: See Section 10 for details

2.3 Information from Third Parties

We may receive information about you from:

  • Authentication Providers: Clerk provides user authentication data
  • Payment Processors: Stripe provides payment status and transaction information
  • Email Services: Resend provides email delivery status and analytics
  • References: Information provided by references when completing questionnaires
  • Employers: Information provided by employers about candidates and references

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Process and facilitate reference checks
  • Send emails to candidates and references
  • Collect and store reference responses
  • Generate reports and exports
  • Perform AI analysis (sentiment, risk detection, values alignment) on reference responses
  • Process payments and manage credits
  • Provide customer support

3.2 Communication

  • Send service-related notifications (consent requests, questionnaire links, completion notifications)
  • Respond to your inquiries and requests
  • Send important updates about our Services
  • Send marketing communications (with your consent, which you can opt-out of at any time)

3.3 Service Improvement

  • Analyze usage patterns and trends
  • Identify and fix technical issues
  • Improve platform performance and user experience
  • Develop new features and functionality
  • Conduct research and analytics (using aggregated, anonymized data)

3.4 Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests and court orders
  • Enforce our Terms and Conditions
  • Protect the rights, property, and safety of Verify Ref, our users, and others
  • Detect, prevent, and address fraud, security issues, and abuse
  • Prevent unauthorized access and maintain security

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 With Your Consent

We share information when you explicitly consent, such as when a candidate consents to their references being contacted.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

  • Clerk: User authentication and account management
  • Stripe: Payment processing (payment card details are not shared with us)
  • Resend: Email delivery services
  • Database Hosting: Secure storage of your data
  • Analytics Services: To understand usage patterns (data is aggregated and anonymized)
  • Cloud Infrastructure: Hosting and infrastructure services
  • AI Service Providers: To provide natural language processing and analysis features (e.g., OpenAI)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Reference Check Process

As part of the reference checking process, we share information between parties:

  • Candidate Information: Shared with employers who initiate reference checks and with references who need it to provide feedback
  • Reference Responses: Shared with the employer who requested the reference check
  • Reference Contact Information: Shared with candidates during the consent process so they know who will be contacted

4.4 Legal Requirements

We may disclose information if required to do so by law or in response to:

  • Valid legal requests, subpoenas, or court orders
  • Government investigations
  • Regulatory compliance requirements
  • To protect our rights, property, or safety
  • To prevent illegal activity or harm to others

4.5 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This may include statistical data about platform usage, industry trends, or research findings.

5. Data Security

We implement technical and organizational measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
  • Access Controls: Strict access controls and authentication requirements for our systems
  • Secure Infrastructure: Our platform is hosted on secure, reputable cloud infrastructure with regular security audits
  • Regular Updates: We regularly update our systems and software to address security vulnerabilities
  • Employee Training: Our team is trained on data protection and privacy practices
  • Monitoring: We monitor our systems for security threats and suspicious activity
  • Backup and Recovery: Regular backups ensure data availability and integrity

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

You also play a crucial role in protecting your information by maintaining the confidentiality of your account credentials and promptly reporting any suspected security breaches.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention practices include:

  • Account Data: Retained while your account is active and for a reasonable period after account deletion to comply with legal obligations
  • Reference Check Data: Retained to provide ongoing access to reference reports and may be retained longer if required by law or business needs
  • Transaction Records: Retained for at least 7 years to comply with tax and financial record-keeping requirements
  • Legal Compliance: Some data may be retained longer if required by applicable laws, regulations, or legal proceedings

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable law.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. These rights may include:

7.1 Access

You have the right to request access to the personal information we hold about you.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information.

7.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing disputes).

7.4 Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

7.5 Objection to Processing

You have the right to object to certain types of processing of your personal information, such as direct marketing.

7.6 Restriction of Processing

You have the right to request that we limit how we use your personal information in certain circumstances.

7.7 Withdraw Consent

Where we process your information based on consent, you have the right to withdraw consent at any time.

7.8 Opt-Out of Marketing

You can opt-out of receiving marketing communications by clicking the unsubscribe link in our emails or contacting us directly.

To exercise any of these rights, please contact us using the information in Section 14. We will respond to your request within the timeframes required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

8. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer personal information from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by relevant data protection authorities
  • Adequacy decisions recognizing the recipient country's data protection laws
  • Other legally recognized transfer mechanisms

By using our Services, you consent to the transfer of your information to countries outside your country of residence, subject to the safeguards described above.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of our Services. Cookies are small text files placed on your device that allow us to:

  • Remember your preferences and settings
  • Authenticate your account
  • Analyze how you use our Services
  • Improve security and prevent fraud
  • Provide personalized features

Types of Cookies We Use

  • Essential Cookies: Required for the platform to function (cannot be disabled)
  • Functional Cookies: Remember your preferences and enhance user experience
  • Analytics Cookies: Help us understand how visitors use our platform

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

We may also use web beacons, pixel tags, and similar technologies to track email delivery and engagement.

11. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party sites or services you access.

We are not responsible for the privacy practices or content of third-party websites or services.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete personal information we have collected
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise your California privacy rights, please contact us using the information in Section 14.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Our lawful bases for processing personal data include consent, contract performance, legal obligations, and legitimate interests. To exercise your GDPR rights, please contact us using the information in Section 14.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email or platform notification
  • Post a prominent notice on our website

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using our Services and contact us to delete your account.

15. Contact Us

Verify Ref is operated by Datalinc PTY LTD (ABN: 28682714030, ACN: 682714030).

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

  • Email: support@verifyref.com
  • Address: 81-83 Campbell Street, Surry Hills, NSW 2010, Australia
  • Data Protection Officer: dpofficer@verifyref.com

We will respond to your inquiry within a reasonable timeframe, typically within 30 days as required by applicable data protection laws.