Privacy Policy

1. Introduction

ReferenceCheck AI ("we," "us," or "our") is operated by Tech Easy IT. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered reference check platform (the "Service"). By accessing or using the Service, you agree to the practices described in this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and authentication credentials when you create an account via Google OAuth.
• Company Information: Company name, job title, and organizational details provided during onboarding or reference requests.
• Candidate Information: Names and details of candidates for whom you are requesting reference checks.
• Reference Contact Details: Names, phone numbers, email addresses, and professional relationship information of individuals you designate as references.
• Payment Information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.

2.2 Information Collected Automatically

• Call Recordings and Transcripts: Audio recordings and verbatim transcripts of automated reference check calls conducted through our Service via Twilio.
• AI-Generated Analysis: Defamation risk assessments, candidate scoring, and call script content generated by our AI systems powered by Google GenAI.
• Usage Data: Information about how you interact with the Service, including pages viewed, features used, and timestamps.
• Device Information: Browser type, operating system, IP address, and device identifiers.

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve the Service.
• To conduct automated reference check calls on your behalf.
• To generate AI-powered analysis, including candidate scoring and defamation risk assessments.
• To process payments and manage subscriptions through Stripe.
• To communicate with you about your account, updates, and support inquiries.
• To comply with legal obligations and enforce our Terms of Service.
• To detect, prevent, and address fraud, abuse, or technical issues.

4. Call Recording and Consent

Our Service involves automated AI-powered voice calls to references. These calls are recorded and transcribed for the purpose of generating reference check reports.

• References are informed at the beginning of each call that the conversation is being recorded.
• By using our Service, you represent and warrant that you have obtained the necessary consent from candidates to contact the references you provide.
• Call recordings and transcripts are stored securely and accessible only to authorized users of your account.
• You are responsible for complying with all applicable federal, state, and local laws regarding call recording and consent in your jurisdiction.

4.1 SMS Consent and TCPA Compliance

Before any reference call is placed, our Service sends a single transactional SMS to the reference's mobile number requesting opt-in consent. This complies with the Telephone Consumer Protection Act (47 U.S.C. § 227) and the FCC's express-written-consent requirement for automated calls to mobile numbers.

• Consent Flow: The reference receives one consent SMS containing the candidate name, the requesting party, and the keywords YES (to consent) and STOP (to opt out). No reference call is placed until a YES reply is received.
• Opt-Out Keywords Honored: STOP, CANCEL, UNSUBSCRIBE, QUIT, END, OPTOUT, and OPT-OUT immediately add the number to a Do-Not-Contact list and prevent any further messages or calls.
• Transactional-Only Scope: SMS is used solely for consent and call-status notifications related to the specific reference check. We do not send marketing messages, broadcast lists, or unrelated content to references.
• Standard Disclosure: Each consent SMS includes the disclosure "Msg & data rates may apply."
• Consent Records: The full consent transcript (request, reply, timestamp, message SID, signed Twilio webhook payload) is retained alongside the reference record for the same 12-month period as call recordings (see Section 7), and is available to the account owner via export and deletion callables (see Section 8).
• Account Holder Responsibility: By submitting a reference for contact, you represent that the candidate has obtained the reference's permission to be contacted. You remain responsible for compliance with TCPA, state mini-TCPA statutes, CAN-SPAM (where applicable), and any other federal, state, or local laws governing solicited business-to-business outreach in your jurisdiction.

5. Third-Party Services

We integrate with the following third-party services to operate our platform. Each has its own privacy practices:

• Firebase (Google): Authentication (Google OAuth) and Firestore database for data storage. Subject to the Google Cloud Privacy Policy.
• Stripe: Payment processing for subscriptions and one-time payments. Subject to the Stripe Privacy Policy.
• Twilio: Automated voice calls and telephony services. Subject to the Twilio Privacy Policy.
• Google GenAI (Genkit): AI-powered call script generation, candidate scoring, and defamation analysis. Subject to the Google Privacy Policy.

We do not sell your personal data to any third party. Data is shared with third-party services only as necessary to provide the Service.

6. AI-Generated Content Disclaimer

Our Service uses artificial intelligence to generate call scripts, analyze call transcripts, produce candidate scores, and flag potentially defamatory statements ("Defamation Guard"). This AI-generated content is provided for informational purposes only and should not be considered legal advice, a definitive character assessment, or a substitute for professional judgment.

We do not guarantee the accuracy, completeness, or reliability of any AI-generated analysis. Users should independently verify all information and consult with qualified professionals before making employment decisions based on reference check reports.

7. Data Retention

• Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
• Call Recordings and Transcripts: Retained for 12 months from the date of the reference check, unless you request earlier deletion or a longer retention period is required by law.
• AI Analysis Reports: Retained for the same period as the associated call recordings.
• Payment Records: Retained as required by applicable tax and financial regulations.

8. Data Deletion

You may request deletion of your personal data at any time by contacting us at nick@techeasyit.com. Upon receiving a valid deletion request, we will:

• Delete or anonymize your personal data within 30 days.
• Remove associated call recordings and transcripts.
• Notify relevant third-party service providers to delete your data.

Certain data may be retained if required by law or for legitimate business purposes such as fraud prevention.

9. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at nick@techeasyit.com. We will respond to your request within 30 days.

10. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of personal information we have collected from you.
• Right to Opt-Out: Opt out of the sale of your personal information. Note: we do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at nick@techeasyit.com. We will verify your identity before processing your request and respond within 45 days.

11. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your data, including:

• Encryption in transit (TLS/SSL) and at rest.
• Secure authentication via Google OAuth and Firebase Authentication.
• Access controls limiting data access to authorized personnel and systems.
• Regular security assessments and monitoring.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will promptly delete it.

13. International Data Transfers

Your data may be transferred to and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: