Verify Ref Logo

Privacy Policy

Last updated: May 24, 2026

1. Introduction

Verify Ref is a product of Datalinc PTY LTD(ABN: 28682714030, ACN: 682714030). Verify Ref ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automated reference checking platform and services ("Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password (hashed), phone number, company name, and other registration details
  • Candidate Information: Name, email address, phone number, employment history, and other details about candidates whose references are being checked
  • Reference Information: Name, email address, phone number, company, job title, and relationship to the candidate
  • Questionnaire Content: Questions created for reference checks and responses provided by references
  • Payment Information: Billing address, payment method details (processed securely through Stripe, not stored by us)
  • Communications: Messages, feedback, and other communications you send to us
  • AI Analysis Data: Sentiment scores, risk assessments, and other insights derived from analyzing reference responses using third party AI technologies
  • Voice reference sessions: If a reference completes a questionnaire by voice, we process audio with our AI provider for the live conversation and transcriptions. With consent, we may also store a browser-captured audio recording of the session in secure object storage (e.g. Supabase Storage) so the employer can replay it; a text transcript is retained as a backup when audio is unavailable
  • Talent Pool Data: Resume-extracted information including name, email, phone number, location, skills, certifications, work history, education, and professional references, processed by AI for profile extraction and job matching

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, time spent on platform, click patterns, and navigation paths
  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
  • Log Data: IP address, access times, error logs, and referral URLs
  • Fraud Detection Data: We compare IP addresses of Candidates and References to detect potential conflicts of interest or fraudulent activity (e.g., a candidate completing their own reference)
  • Location Data: General geographic location based on IP address (not precise location)
  • Product Analytics and Diagnostics: Event data such as feature usage, page or screen views, clicks, errors, and performance signals collected through analytics SDKs and scripts
  • Session Recordings (Session Replay): Where enabled, we or our analytics providers may record replay-style captures of how you navigate and interact with the Services (for example mouse movements, scrolling, taps, and the contents of pages as rendered in your browser). We use this to debug issues, understand usability, and improve the product. Sensitive fields are configured for masking where technically supported, but you should avoid entering highly sensitive information into the Services unless necessary
  • Cookies and Tracking Technologies: See Section 10 for details

2.3 Information from Third Parties

We may receive information about you from:

  • Authentication Providers: Clerk provides user authentication data
  • Payment Processors: Stripe provides payment status and transaction information
  • Email Services: Resend provides email delivery status and analytics
  • References: Information provided by references when completing questionnaires
  • Employers: Information provided by employers about candidates and references

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Process and facilitate reference checks
  • Send emails to candidates and references
  • Collect and store reference responses
  • Generate reports and exports
  • Perform AI analysis (sentiment, risk detection, values alignment) on reference responses
  • Extract and store candidate profiles from uploaded resumes for the Talent Pool feature
  • Perform AI-powered job matching against stored candidate profiles in the Talent Pool
  • Process payments and manage credits
  • Provide customer support

3.2 Communication

  • Send service-related notifications (consent requests, questionnaire links, completion notifications)
  • Respond to your inquiries and requests
  • Send important updates about our Services
  • Send marketing communications (with your consent, which you can opt-out of at any time)

3.3 Service Improvement

  • Analyze usage patterns and trends
  • Identify and fix technical issues
  • Improve platform performance and user experience
  • Develop new features and functionality
  • Conduct product analytics, including session replay where enabled, to understand how the Services are used and to prioritize improvements
  • Conduct research using aggregated or de-identified data where possible

3.4 Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests and court orders
  • Enforce our Terms and Conditions
  • Protect the rights, property, and safety of Verify Ref, our users, and others
  • Detect, prevent, and address fraud, security issues, and abuse
  • Identify potential conflicts of interest by analyzing connection data (including IP addresses) between Candidates and References
  • Prevent unauthorized access and maintain security

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 With Your Consent

We share information when you explicitly consent, such as when a candidate consents to their references being contacted.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

  • Clerk: User authentication and account management
  • Stripe: Payment processing (payment card details are not shared with us)
  • Resend: Email delivery services
  • Database Hosting: Secure storage of your data
  • Analytics and Experience Providers: Including PostHog (product analytics and, where enabled, session replay), Google Analytics (GA4), Ahrefs analytics, and Microsoft Advertising (Bing UET) for usage measurement, product improvement, and related advertising or attribution measurement. These providers may process online identifiers, device data, and interaction data on our behalf under contract
  • Cloud Infrastructure: Hosting and infrastructure services
  • AI Service Providers: To provide natural language processing and analysis features (e.g., OpenAI)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Reference Check Process

As part of the reference checking process, we share information between parties:

  • Candidate Information: Shared with employers who initiate reference checks and with references who need it to provide feedback
  • Reference Responses: Shared with the employer who requested the reference check
  • Reference Contact Information: Shared with candidates during the consent process so they know who will be contacted

4.4 Legal Requirements

We may disclose information if required to do so by law or in response to:

  • Valid legal requests, subpoenas, or court orders
  • Government investigations
  • Regulatory compliance requirements
  • To protect our rights, property, or safety
  • To prevent illegal activity or harm to others

4.5 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This may include statistical data about platform usage, industry trends, or research findings.

5. Data Security

We implement technical and organizational measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
  • Access Controls: Strict access controls and authentication requirements for our systems
  • Secure Infrastructure: Our platform is hosted on secure, reputable cloud infrastructure with regular security audits
  • Regular Updates: We regularly update our systems and software to address security vulnerabilities
  • Employee Training: Our team is trained on data protection and privacy practices
  • Monitoring: We monitor our systems for security threats and suspicious activity
  • Backup and Recovery: Regular backups ensure data availability and integrity

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

You also play a crucial role in protecting your information by maintaining the confidentiality of your account credentials and promptly reporting any suspected security breaches.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention practices include:

  • Account Data: Retained while your account is active and for a reasonable period after account deletion to comply with legal obligations
  • Reference Check Data: Retained to provide ongoing access to reference reports and may be retained longer if required by law or business needs
  • Transaction Records: Retained for at least 7 years to comply with tax and financial record-keeping requirements
  • Talent Pool Data: Candidate profiles in the Talent Pool are retained until manually deleted by the user or team, or until account termination
  • Legal Compliance: Some data may be retained longer if required by applicable laws, regulations, or legal proceedings
  • Analytics and Session Replay:Retained for the period configured in our analytics and session replay tools (typically days to months), after which it is deleted or aggregated according to the relevant provider's settings and our configuration

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable law.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. These rights may include:

7.1 Access

You have the right to request access to the personal information we hold about you.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information.

7.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing disputes).

7.4 Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

7.5 Objection to Processing

You have the right to object to certain types of processing of your personal information, such as direct marketing.

7.6 Restriction of Processing

You have the right to request that we limit how we use your personal information in certain circumstances.

7.7 Withdraw Consent

Where we process your information based on consent, you have the right to withdraw consent at any time.

7.8 Opt-Out of Marketing

You can opt-out of receiving marketing communications by clicking the unsubscribe link in our emails or contacting us directly.

To exercise any of these rights, please contact us using the information in Section 15. We will respond to your request within the timeframes required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

8. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer personal information from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by relevant data protection authorities
  • Adequacy decisions recognizing the recipient country's data protection laws
  • Other legally recognized transfer mechanisms

By using our Services, you consent to the transfer of your information to countries outside your country of residence, subject to the safeguards described above.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of our Services. Cookies are small text files placed on your device that allow us to:

  • Remember your preferences and settings
  • Authenticate your account
  • Analyze how you use our Services
  • Improve security and prevent fraud
  • Provide personalized features

Types of Cookies We Use

  • Essential Cookies: Required for the platform to function (cannot be disabled)
  • Functional Cookies: Remember your preferences and enhance user experience
  • Analytics Cookies: Help us understand how visitors use our platform

Analytics and Session Replay

We use analytics tools that may set cookies or use similar storage to distinguish visitors and sessions, and to measure traffic and product usage. Where session replay is enabled, recordings are used for troubleshooting and product improvement as described in Section 2. Depending on your location and the technology used, applicable law (including the EU ePrivacy rules and similar laws) may require prior consent before non-essential cookies or certain analytics or replay features run; where required, we present choices through a consent or preference mechanism and honor your selections.

For the European Economic Area, United Kingdom, and similar jurisdictions, our lawful bases for personal data processed through analytics and session replay may include your consent (where required), performance of a contract, or legitimate interests (where permitted and after a balancing test), assessed separately for each purpose. You may withdraw consent or object where applicable by adjusting cookie preferences, using browser controls, or contacting us as described in Section 15.

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

We may also use web beacons, pixel tags, and similar technologies to track email delivery and engagement.

11. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party sites or services you access.

We are not responsible for the privacy practices or content of third-party websites or services.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete personal information we have collected
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to opt-out of certain "sharing" of personal information for cross-context behavioral advertising, where that right applies under California law
  • Right to non-discrimination for exercising your privacy rights

We use analytics and measurement tools that may collect identifiers and online activity as described in this policy. You may use an opt-out preference signal (such as the Global Privacy Control) where we are required to honor it for applicable browsers or extensions, and you may adjust cookie or ad settings as described in Section 10.

To exercise your California privacy rights, please contact us using the information in Section 15.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Our lawful bases for processing personal data include consent, contract performance, legal obligations, and legitimate interests (including, where appropriate and after assessment, product analytics and session replay for service improvement). To exercise your GDPR rights, please contact us using the information in Section 15.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email or platform notification
  • Post a prominent notice on our website

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using our Services and contact us to delete your account.

15. Contact Us

Verify Ref is operated by Datalinc PTY LTD (ABN: 28682714030, ACN: 682714030).

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

  • Email: support@verifyref.com
  • Address: 81-83 Campbell Street, Surry Hills, NSW 2010, Australia
  • Data Protection Officer: dpofficer@verifyref.com

We will respond to your inquiry within a reasonable timeframe, typically within 30 days as required by applicable data protection laws.