DATA SUBJECTS
Privacy Policy
Last Updated: July 1st, 2026
This Privacy Policy applies when you use our Services (described below). We respect your privacy so much that we meet the most stringent requirements imposed both in the USA and Europe for all our users, regardless of your location.
Table of Contents
- Introduction
- Data Subjects
- Data We Collect
- How We Collect Data
- How You Manage Your Data
- How We Protect Data
- Biometric Data and Retention Policy
- Marketing & Analytics
- Cookies & How We Use Them
- Your Data Protection Rights
- Privacy Policies of Other Websites
- Children’s Privacy
- How to Contact Us
1. Introduction
Services
TurboCheck is an online verification platform that helps employers and staffing firms identify and mitigate the risk of fraudulent job applicants. Professionals (“Professionals” or “candidates”), employers, and staffing firms (together referred to as “Employers” or “Prospect Employers”) use our Services to verify a candidate’s digital identity, confirm authenticity using facial recognition, and collect and verify professional references. Our Services are described in more detail below.
| Professionals | Employers |
|---|---|
|
Verify their digital identity Confirm authenticity with facial recognition Collect and manage their references Share with prospective employers Convert to PDF |
Verify candidates’ digital identity Detect potential fraud in recruitment Run facial recognition verification Collect and check references Streamline adverse actions Convert to PDF |
Changes to Our Privacy Policy
We keep this Privacy Policy under regular review and publish any updates on this web page. You acknowledge that your continued use of our Services after we publish or send a notice about changes to this Privacy Policy means that the collection, use, and sharing of your personal data is subject to the updated Privacy Policy, as of its effective date. This Privacy Policy was last updated on July 1st, 2026.
2. Data Subjects
Data subjects are all identified or identifiable natural persons about whom TurboCheck holds personal data. We separate data subjects into three categories:
- Professionals who either (a) use our Services to build their reference portfolio on their own, (b) respond to reference-check requests from Prospect Employers, or (c) have their digital identity or authenticity verified as part of the recruitment process.
- Employers who either (a) receive the references Professionals proactively share with them, (b) use our Services to check references on their candidates, or (c) use our Services to verify candidates’ authenticity. This category includes staffing firms and partner companies that act on an Employer’s behalf through our Partner Network.
- References whom we contact at the request of a Professional or Prospect Employer to provide feedback.
3. Data We Collect
The personal data we collect or process from the users of our Services and from site visitors are adequate, relevant, and limited to a specific, legitimate purpose as set forth herein.
| Source | Data Collected | Purpose for Collection |
|---|---|---|
| Professionals | Identifiers: Name Profile picture (optional) Preferred pronoun (he, she, or they) |
To set up your account and enable you to use the TurboCheck Services. To use the correct pronoun when we refer to you in our correspondence and surveys. |
| Professionals | Background information: Company, job title, dates of employment Or school, degree, field of study Or target job |
To personalize your reports. To verify your company, title, and dates of employment when asked by an Employer. |
| Professionals and/or Employers |
Reference information: Name Company Title Email address Phone number Country, State, City |
To contact your references. To show Prospect Employers that your references are legitimate, relevant, and trustworthy. |
| Professionals and/or Employers |
Digital identity information: Publicly available bio details Avatars Email registrations Online activity indicators Device fingerprints |
To verify candidates’ authenticity and detect potential fraud in the recruitment process. |
| Professionals | Biometric identifiers: Facial scans or facial geometry |
To verify your identity using facial recognition. To detect fake profiles or impersonation as part of our fraud-prevention efforts. See Section 7. |
| Professionals | Resume (optional) | To provide a complete copy of your file to you as required by law. |
| Professionals | Employer information: Name Company |
To share your references with the people you choose. To help you keep track of which companies have access to your references. |
| References | Reference information: Name Company Title Reporting relationship LinkedIn page |
To complete and/or validate the information we already have. To show Prospect Employers that your references are legitimate and trustworthy. |
| References | Reference feedback | To generate reference reports. |
| References |
Interest (opt-in): Open to a new job Target job titles (optional) Target cities (optional) Skills (optional) Contract type (optional) Resume (optional) Hiring needs (optional) |
To connect your references with new opportunities after they submit their feedback and only when they opt-in. |
| Employers | Identifiers: Name Company Title Profile picture (optional) Company logo (optional) |
To set up their account and enable them to use the TurboCheck Services. To personalize their correspondence to Professionals and References. |
| Employers | Candidate information: Name |
To contact a candidate when an Employer asks us to verify identity or collect references. |
| All users | Email correspondence | To keep a record of our correspondence if you contact us or reply to our emails. |
| Site visitors | Browsing information: IP address Browser version Pages you visit and clicks Location Date and time |
To evaluate usage of our website and improve performance. To protect the security and integrity of our web application. To deliver remarketing ads where applicable. |
Equal Employment Opportunity
Other than the biometric identifiers described in Section 7 (which we process solely for identity verification and fraud prevention with notice and consent), we do not request or process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, a person’s sex life, genetic data, or data concerning health. We invite anyone using our Services (whether as a Professional, a Reference, or an Employer) to refrain from requesting and/or sharing with TurboCheck any sensitive data about themselves or other individuals.
Legal Bases
The personal data we collect or process are justified, permitted by law, and limited to what is necessary for us:
- To fulfill our obligations to Employers (contract performance);
- To respond to your queries as part of delivering our Services to you (contract performance);
- To process data with your explicit consent, where required, including biometric data (consent);
- To enable us to improve our Services (legitimate interest);
- To comply with legal or regulatory obligations (legal obligations).
4. How We Collect Data
We collect personal information from you directly, from your References, and/or from Prospect Employers:
- when you register online or place an order for any of our Products or Services;
- when a Prospect Employer asks us to contact you to verify your identity or collect your references;
- when you voluntarily respond to a request from an Employer who uses our Services;
- when the References you have chosen answer questions about their experience working with you;
- when you consent to be contacted by a Prospective Employer about potential job opportunities or your recruitment needs as a hiring manager;
- when you contact us via email or reply to our emails;
- when you interact with our website via device fingerprints, cookies, or other tracking technologies;
- when we query publicly available online platforms to collect data such as your registration status, avatar, and bio information.
5. How You Manage Your Data
Your Account Settings
You can see and manage your personal identifiers (name, email, picture, and preferred pronoun) and your background information from your Account Settings.
Your Dashboard
We bring together your references and requests into a single dashboard so you can conveniently manage them. Use your dashboard to add, select, unselect, or delete references, and to see and control which companies have access to your information.
Sharing Your Information
When you use our web application, we create a protected page you can use to share your strongest references with Prospective Employers. Visitors must identify themselves with their email to have access. You grant and revoke access from your dashboard.
Requesting Data Deletion
If you wish to delete any data we hold about you, you may contact us directly using the details at the bottom of this page.
Account Closure
If you choose to close your TurboCheck account, any protected page we created for you will immediately become invalid. We will permanently erase your personal information from our system within 30 days of account closure, except as noted below. We might retain your personal data after closure if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse (e.g., if we have restricted your account for breach of our Terms), or fulfill your request to unsubscribe from further messages. We will retain de-personalized information after your account has been closed. We cannot recall emails already sent to your References and Prospect Employers, and we do not control any data that Employers in contact with you may have downloaded or copied from our web application.
6. How We Protect Data
TurboCheck ensures that appropriate technical and organizational security measures are taken against unlawful or unauthorized processing of the data we collect, and against the misuse, destruction, disclosure, acquisition, accidental loss of, or damage to those data. We use commercially reasonable technical, administrative, and physical controls to protect your personal information, including data encryption where appropriate; however, since the internet is not a 100% secure environment, we cannot guarantee protection against all potential attacks. Accordingly, you acknowledge that when you provide such personal information, you do so at your own risk. We strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. In the event of a confirmed security breach involving your personal data, we will notify you in accordance with applicable local laws.
7. Biometric Data and Retention Policy (BIPA Compliance)
Where we provide facial recognition as part of our Face ID Verification service, we treat facial scans and facial geometry as sensitive biometric data and handle them with heightened care. TurboCheck may collect biometric information—such as facial scans—for the sole purpose of identity verification and fraud prevention. In accordance with the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington biometric privacy law, and other applicable biometric laws, we:
- provide prior written notice and obtain informed, written consent from the individual before any collection of biometric data;
- use biometric data only for the limited purposes disclosed at the time of collection;
- do not sell, lease, trade, or otherwise profit from biometric information;
- do not disclose biometric data except as required to provide the Services, with the individual’s consent, or as required by law;
- permanently delete biometric data once the purpose has been fulfilled or within three (3) years of the individual’s last interaction with our Services—whichever comes first; and
- store biometric data using reasonable, industry-standard safeguards designed to protect sensitive information, including encryption.
If you have any questions about our biometric data practices, or wish to withdraw consent, please contact us at support@TurboCheck.com.
8. Marketing & Analytics
We may use third-party advertising companies that use tracking technologies to serve our advertisements across the Internet. These companies may collect information about your visits to our site and other websites and your interaction with our advertising and other communications. Some of those ads may be personalized based on information collected about your visits to our website and elsewhere over time. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt out through your ad-preference settings (in the European Union, via http://www.youronlinechoices.eu). Please note that opting out of interest-based ads does not mean you will no longer see ads; you will continue to receive generic, non-personalized ads. We never sell or rent your data to advertisers.
9. Cookies & How We Use Them
What They Are
Our website makes use of small text files called “cookies.” These are small files saved on the hard drive of your computer when you visit our website. By making use of cookies, TurboCheck is able to provide you a better overall website experience.
How We Use Cookies
- Strictly necessary cookies: required for the website to work properly. We use user-input cookies, for example, to keep track of your input, validate it, and show error or success messages. These are temporary and are erased when you close your browser.
- Fraud detection cookies: help us identify and prevent fraudulent activity, such as verifying your session or monitoring for suspicious behavior. They are persistent and remain active until you clear your browser’s cache or cookies.
- Session cookies: exist only during an online session and disappear when you close your browser. We use authentication cookies, which contain encrypted information to uniquely identify you while you are logged in.
- Analytical/performance cookies: track visitors’ usage of the website (time spent, areas visited, etc.) so we can improve functionality. We use Google Analytics cookies, for example.
How to Refuse Cookies
You may refuse our use of cookies at any time by configuring your browser settings to limit or exclude the use of cookies, or to delete cookies already placed on your computer. In such case, you might not be able to use certain functionalities on our website. Cookie settings vary from one browser to another; consult your browser’s help pages for guidance on disabling or deleting cookies (Chrome, Internet Explorer/Edge, Mozilla Firefox, and Safari each provide instructions).
10. Your Data Protection Rights
We respect your privacy so much that we meet the most stringent requirements imposed both in the USA and Europe for all our users, regardless of your location. Below are the data protection regulations we comply with:
- United States: Fair Credit Reporting Act (“FCRA”).
- California: California Consumer Privacy Act / California Privacy Rights Act (“CCPA/CPRA”).
- Colorado: Colorado Privacy Act (“CPA”).
- Connecticut: Connecticut Data Privacy Act (“CDPA”).
- Illinois, Texas, and Washington: biometric privacy laws (BIPA, CUBI, and the Washington biometric law). See Section 7.
- Nevada: Nevada Privacy Law (“SB-220”).
- Texas: Texas Data Privacy and Security Act (“TDPSA”).
- Virginia: Virginia Consumer Data Protection Act (“VCDPA”).
- Europe: General Data Protection Regulation (“GDPR”) and UK GDPR.
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, to opt out of certain processing, and to withdraw consent. To exercise any of these rights, please contact us using the details below.
11. Privacy Policies of Other Websites
Our Privacy Policy applies only to our website. It does not cover, and we are not responsible for, third-party sites or applications that may be linked from our sites; linking to them does not imply an endorsement. You should always review the privacy policy of any third-party site or application.
12. Children’s Privacy
TurboCheck is intended for use by adults in a professional and recruitment context. It is not directed at children under the age of 13, and we do not knowingly solicit or collect personal information from children under 13 without prior written and verifiable parental consent. If TurboCheck learns that a child under 13 has submitted personal information without parental consent, we will take all reasonable measures to delete such information from our databases. If you become aware of any personal information we have collected from a child under 13, please contact us.
13. How to Contact Us
If you have any questions about our Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
- By email: support@TurboCheck.com
- For report accuracy disputes: dispute@terefic.com
- By mail: TurboCheck, Inc., 43 Rainey St., Austin, TX 78701
USER
Terms of Service
Last Updated: July 1st, 2026
These Terms of Service (the "Terms") govern access to and use of the TurboCheck platform and services (the "Services") provided by TurboCheck, Inc., a Texas Corporation ("TurboCheck"). By creating an account, accepting these Terms, or accessing or using the Services, the entity doing so (the "Customer") agrees to be bound by these Terms, including the Data Processing Agreement incorporated herein. The individual accepting represents that they are authorized to bind the Customer. If the Customer does not agree, it must not access or use the Services.
Contract Terms
Acceptance and Effective Date
These Terms take effect with respect to the Customer (the "Effective Date") on the earliest of the date the Customer first accepts these Terms, creates an account, or accesses or uses the Services. Billing of Subscription Fees commences as set out in the applicable order form.
Initial Term
The Initial Term under this Agreement is a 1-month period running from the Effective Date based on the selected plan.
Renewal
Upon expiration of the Initial Term, this Agreement shall automatically renew for successive one (1) month periods (each a "Renewal Term"), based on the selected plan, unless either party provides the other party with written notice of its intent not to renew this Agreement prior to the start of the next Term.
Software Services
TurboCheck offers a comprehensive toolbox designed to help organizations identify and mitigate the risk of fraudulent job applicants. Our Digital ID Verification tool aggregates publicly available data to verify a candidate's digital identity.
Partner Network
TurboCheck's Partner Network allows the Customer to invite external partner, vendor, staffing, or subcontractor companies (each, a "Partner") to access the Services for the Customer's authorized candidate, consent, and requisition workflows. Partner access is by invitation only, is tied to accepted and active relationships, and is subject to server-side authorization checks; it does not grant a Partner unrestricted access to the Customer's account. The Customer controls each Partner relationship and may cancel, resend, edit, or remove it at any time. Upon acceptance, TurboCheck may clone the Customer's active consent and requisition templates into the Partner's account so the Partner can initiate requests on the Customer's behalf, and records such requests as sent on behalf of the Customer. The Customer retains visibility, through the platform's reporting, into Partner-initiated activity including the consent and verification requests sent on its behalf and the resulting reports for transparency and oversight.
The Customer is responsible for its Partners' use of the Services to the same extent as for its own use, and each Partner must accept TurboCheck's Partner Network Terms and Data Processing Agreement. Where a Partner acts on the Customer's behalf for a requisition, the Partner, as the Customer's authorized agent, is responsible for providing candidate disclosures, obtaining consent, and issuing any required pre-adverse action and adverse action notices for that requisition, as further described in the DPA. The Customer remains ultimately accountable as End User for ensuring these obligations are met.
Compensation
Fees
The fees for the Services, the applicable plan, and the billing period are set out in a separate order form or pricing schedule agreed between the Customer and TurboCheck, which is incorporated into and forms part of this Agreement. Billing of Subscription Fees commences on the Effective Date.
Payments of Fees
All sales are final. A valid credit card is required at the beginning of the Initial Term. The customer will be charged at the end of each billing period. If the payment is declined or not received by the due date, a late fee of 2.0% of the total invoice amount will be applied monthly for each 30-day period the payment remains overdue.
Delivery Services
Customer Training
TurboCheck provides training at the start of the Initial Term to ensure users can effectively use the platform. Training includes an overview of platform features, best practices for interpreting results, and guidance on maximizing the platform's capabilities. Training sessions will be conducted via live demonstrations.
Customer Support
TurboCheck provides support for product-related inquiries as part of its standard service. Customer's users can contact our Technical Support Team via email at support@TurboCheck.com Monday - Friday, 9:00am - 7:30pm Eastern Time.
Proprietary and Data Rights
Intellectual Property
Customer acknowledges and agrees that TurboCheck retains all rights, title, and interest in and to its proprietary technology, including but not limited to its API, fraud detection models, and underlying methodologies, including but not limited to software, methodologies, and data analytics. Any reproduction, modification, distribution, or reverse engineering of TurboCheck's technology without prior written consent from an authorized officer of TurboCheck is strictly prohibited. Customer shall use TurboCheck's technology solely for its intended purpose as outlined in this Agreement. Any unauthorized use, disclosure, or misappropriation of TurboCheck's proprietary technology, whether directly or indirectly, will constitute a material breach of this Agreement. In such cases, TurboCheck reserves the right to pursue all available legal remedies, including but not limited to seeking injunctive relief, damages, and attorney's fees, to the fullest extent permitted by law to protect its intellectual property rights.
Data Ownership
The Customer retains ownership of all data it submits to TurboCheck for processing. TurboCheck will not sell, share, or use this data for any purpose other than providing fraud detection services as outlined in this Agreement. TurboCheck will store Customer data only for the duration necessary to provide the agreed-upon services.
Compliance with Laws
In performing its respective obligations under this Agreement, each Party shall materially comply with all applicable laws, regulations, rules, orders and other requirements, now or hereafter in effect, of any governmental authority of competent jurisdiction (including, without limitation, all applicable consumer privacy and consumer reporting laws, regulations, rules, orders and other requirements), to the extent applicable to its performance or deliveries hereunder. The Parties agree that the Data Processing Agreement ("DPA") accepted by the Customer is incorporated into and forms part of these Terms. The DPA clarifies the roles and responsibilities of the Parties with respect to the Processing of Personal Data, including where the Customer authorizes Partners to act on its behalf. In the event of a conflict between this Agreement and the DPA, the DPA shall control with respect to the Processing of Personal Data.
Other Terms and Conditions
Usage Restrictions
TurboCheck's digital ID verification system is designed for single-pass verification. Customers may request candidates to validate their primary email address and run a second verification using that updated email. However, running multiple searches using additional email addresses and/or phone numbers, or any attempts to manipulate verification results, is strictly prohibited. TurboCheck reserves the right to monitor and flag such activities and, if necessary, suspend or terminate access to the service to safeguard its integrity and prevent misuse or fraudulent activity. Furthermore, TurboCheck reserves the right to suspend access to the service in the event of an outstanding balance on the customer's overdue account. Service may remain suspended until full payment of the overdue amount is received. In the event of suspension or termination due to a violation of this contract, including misuse of TurboCheck's verification system, fraudulent activity, or non-compliance with the stated usage restrictions, TurboCheck shall not be obligated to provide any refunds, reimbursements, or credits for any fees already paid by the customer.
Use of Results and Employment Decisions
Customer acknowledges that TurboCheck provides risk indicators based on available data and proprietary analysis. While such indicators reflect meaningful risk signals, they do not constitute definitive findings of fraud or misconduct. Customer agrees that TurboCheck results, including any designation such as "Suspicious" or "Review," shall not be used as the sole basis for withdrawing an offer of employment. Any decision to withdraw an offer must be based on Customer's own independent investigation and supported by documented findings that can be clearly communicated to the candidate and defended if challenged. Customer retains full responsibility for all employment decisions. TurboCheck does not make, influence, or participate in employment decisions of any kind, including decisions to hire, not hire, or withdraw an offer, and disclaims any liability arising from Customer's use of TurboCheck results in connection with such decisions. TurboCheck does not perform automated decision-making; any decision regarding a candidate requires human, individualized review by the Customer or, where a Partner manages the requisition, by the Partner. Where a Partner manages a requisition on the Customer's behalf, the candidate disclosures, consents, and any required pre-adverse action and adverse action notices are the responsibility of the Partner as set out in the DPA, without relieving the Customer of its accountability as End User.
Dispute Handling
If a candidate disputes the accuracy of information contained in a TurboCheck report, such dispute must be submitted to dispute@terefic.com. TurboCheck will review and handle such disputes in accordance with applicable laws. Any dispute related to an employment decision, including withdrawal of an offer, is the sole responsibility of Customer. TurboCheck does not participate in or support the justification of such decisions.
Candidate Communications
To preserve the integrity of TurboCheck's systems and methodologies: Customer shall not share, disclose, or discuss TurboCheck reports or underlying signals with candidates, whether verbally or in writing; Customer may only provide the candidate-facing version of the report made available through the platform; and Customer shall direct candidates to dispute@terefic.com for any questions or disputes regarding report content. Any unauthorized disclosure of reports, underlying signals, or detection methodologies constitutes a material breach of this Agreement and may result in suspension or termination of access without refund.
Use of Logo
Customer grants TurboCheck permission to use Customer's name and company logo in marketing, sales, and public relations materials and other communications solely to identify Customer as a TurboCheck customer. TurboCheck grants to Customer the right to use TurboCheck's name and logo solely to identify TurboCheck as a provider of services to Customer. Other than as stated herein, neither party shall use the other party's marks, codes, drawings or specifications without the prior written permission of the other party.
Exclusion of Warranties
Customer expressly understands and agrees that the use of TurboCheck.com is at its sole risk and that the site is provided "as is" and "as available". TurboCheck expressly disclaims all warranties of any kind, including but not limited to implied warranties of merchantability and fitness for a particular purpose.
Limitation of Liability
To the fullest extent permitted by law, neither party shall be liable to the other for any indirect, incidental, special, consequential, or exemplary damages arising in connection with TurboCheck.com or in connection with any failure of performance, error, omission, interruption, defect, delay in operation or transmission, computer virus, or system failure.
Indemnification
Each party ("Indemnifying Party") agrees to indemnify, defend, and hold harmless the other party ("Indemnified Party") from and against all third-party claims, damages, losses and expenses (including, but not limited to, reasonable attorneys' fees) arising out of or relating to: (i) the Indemnifying Party's gross negligence or willful misconduct; or (ii) any breach of this Agreement by the Indemnifying Party. TurboCheck indemnifies Customer and holds Customer harmless from any third-party claim that TurboCheck infringes an intellectual property right.
Warranty
TurboCheck warrants that its software solution does not infringe any intellectual property rights. TurboCheck does not warrant that its services will detect all instances of fraudulent activity or guarantee 100% accuracy in verification results.
Survival
The terms, conditions and warranties contained in this Agreement that by their sense and context are intended to survive the performance thereof by either party hereunder will so survive the completion of the performance, cancellation or termination of this Agreement, including without limitation, Confidentiality, Infringement and Limited Warranties.
Governing Law
These Terms constitute a contract made under, governed by, and construed in accordance with the laws of the State of Texas. Customer agrees that the state and federal courts located in Travis County, Texas, will have exclusive jurisdiction to hear and determine any claims or disputes arising from or related to these Terms. Customer also agrees to waive any right it may have to object to the venue of such courts and its constitutional right to a trial before a jury. In the event of a dispute, both parties agree to first attempt to resolve the issue through good-faith negotiations or mediation before pursuing litigation.
Amendment
TurboCheck may update these Terms from time to time. TurboCheck will provide notice of material changes by posting the updated Terms with a revised "Last updated" date or by other reasonable means. The Customer's continued access to or use of the Services after the updated Terms take effect constitutes acceptance of the updated Terms. If the Customer does not agree to the updated Terms, it must stop using the Services.
Assignment
Neither party may assign or transfer this Service Agreement without the prior written consent of the non-assigning party, which approval shall not be unreasonably withheld.
Entire Agreement
These Terms, together with the DPA and any applicable order form, constitute the complete agreement between the Parties and supersede all prior or contemporaneous agreements or representations, written or oral, concerning the subject matter hereof.
By accepting these Terms, creating an account, or accessing or using the Services, the Customer acknowledges that it has read, understood, and agrees to be bound by these Terms, including the Data Processing Agreement incorporated herein.
USER
Data Processing Agreement (DPA)
Last Updated: July 1st, 2026
This Data Processing Agreement ("DPA") forms part of, and is incorporated into, the TurboCheck Terms of Service (the "Agreement" or "Terms") accepted by the customer ("Customer") and TurboCheck, Inc. ("Service Provider" or "TurboCheck"). The Customer accepts this DPA at the same time as, and as part of, the Terms.
Purpose & Scope
This DPA sets out the obligations of the Parties relating to the processing of personal data by TurboCheck on behalf of Customer in connection with the TurboCheck platform and services. The Parties agree to comply with applicable data protection laws. For legal purposes:
- Under the U.S. Fair Credit Reporting Act (FCRA), Customer is the End User and TurboCheck is the Consumer Reporting Agency.
- Under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Customer is the Business and TurboCheck is the Service Provider.
- Under the EU General Data Protection Regulation (GDPR) and UK GDPR, Customer is the Controller and TurboCheck is the Processor.
- Under the Canadian PIPEDA, Customer is the organization and TurboCheck is the Service Provider.
Where the Customer authorizes a Partner to access and Process Personal Data on the Customer's behalf through the Partner Network, the Partner acts as the Customer's authorized agent and not as an independent controller with respect to such Personal Data. This DPA shall remain in effect for the duration of the Terms, unless otherwise terminated in accordance with the terms herein.
Definitions
Capitalized terms not defined in this DPA have the meanings set forth in the Agreement.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
"Partner" means an external company that the Customer invites through the Partner Network to access the Services and act on the Customer's behalf.
"Subprocessor" means any third party engaged by TurboCheck to process Personal Data.
"Personal Data Breach" means any actual or suspected breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
Customer Responsibilities
Customer's use of the Services constitutes its instructions to TurboCheck to process Personal Data solely for the purpose of providing the Services. Customer acknowledges that, as End User under the FCRA and Controller under the GDPR (and equivalent laws), it bears the primary responsibility for lawful collection and use of Personal Data. Accordingly, Customer is responsible for:
- ensuring that its use of the Services, and any Personal Data it submits, complies with applicable data protection and consumer reporting laws;
- providing all notices, disclosures, and obtaining all consents required by law prior to initiating searches or using Service results;
- issuing any pre-adverse action and adverse action notices required under the FCRA and equivalent laws in connection with decisions based in whole or in part on Service results;
- determining the legal basis for Processing and ensuring compliance with obligations toward Data Subjects, including access rights, dispute handling, and any notifications required under applicable law; and
- making any employment or engagement decisions and taking any related actions, including required communications with Data Subjects, based on its own determinations.
Shared Responsibility and Built-In Mechanisms
TurboCheck makes available built-in mechanisms and processes designed to support Customer's compliance with applicable data protection and consumer reporting laws. Use of such mechanisms does not relieve Customer of its responsibilities, which remain solely with Customer as End User under the FCRA and Controller under the GDPR and equivalent laws. Compliance is a shared responsibility: TurboCheck provides the platform and these mechanisms; Customer retains ultimate accountability for the lawful basis of Processing and for the notices and decisions described above.
TurboCheck Responsibilities
Processing on Instructions
TurboCheck will Process Personal Data only as necessary to perform the Services under the Agreement, in accordance with Customer's written instructions, or as required by law. TurboCheck shall not use Personal Data for any other purpose unless agreed in writing. TurboCheck shall immediately inform Customer if, in its opinion, an instruction violates Data Protection Legislation.
Restrictions
TurboCheck shall not: (a) "sell" or "share" Personal Data (as defined under CCPA/CPRA); (b) retain, use, or disclose Personal Data outside the direct business relationship; or (c) combine Personal Data with data from other sources, except as directed by Customer or expressly permitted by law.
Third Party Requests
Unless prohibited by law, TurboCheck shall immediately inform Customer if it receives: (i) a request from a Data Subject; (ii) a regulatory inquiry or investigation; or (iii) any third-party request relating to Personal Data. TurboCheck shall not respond except as authorized by Customer or legally compelled.
Assistance
TurboCheck shall provide reasonable assistance in responding to Data Subject requests, regulatory inquiries, privacy impact assessments, or other compliance obligations, and may be required to attest in writing to its material compliance with this DPA. TurboCheck shall promptly correct errors caused by it and, upon Customer's request, correct other inaccuracies identified by Customer.
Security
TurboCheck shall implement and maintain industry-standard technical and organizational measures designed to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include, at a minimum: encryption in transit and at rest; access controls and authentication; audit logs; and regular security testing.
Personal Data Breach
TurboCheck shall notify Customer without undue delay, and in any event within forty-eight (48) hours, after becoming aware of a Personal Data Breach. Such notice shall include, to the extent available: the nature of the breach; the categories and approximate number of Data Subjects affected; the categories and approximate number of records involved; likely consequences of the breach; and measures taken or proposed to address and mitigate the breach. TurboCheck shall promptly investigate, remediate, and cooperate with Customer in connection with notifications to regulators, Data Subjects, or other third parties as required by law.
Return & Deletion
Upon termination or expiry of the Agreement, TurboCheck shall, at Customer's choice, either return or securely delete all Personal Data, unless retention is required by law.
International Transfers
To the extent Customer submits Personal Data subject to the laws of the European Economic Area, the United Kingdom, or Switzerland, and such data is transferred to TurboCheck in the United States, the Parties agree that such transfer shall be governed by the EU Standard Contractual Clauses (Modules 2 and/or 3 as applicable) and, where relevant, the UK Addendum and the Swiss Addendum. TurboCheck shall also implement supplementary measures where required to ensure that such transfers provide a level of protection essentially equivalent to that required under Data Protection Legislation.
Partner Network and Authorized Agents
Where the Customer uses the Partner Network to authorize a Partner to access and Process Personal Data on the Customer's behalf, the Partner acts as the Customer's authorized agent and not as an independent controller with respect to such Personal Data. As between the Customer and TurboCheck, the Customer remains the End User and Controller and remains responsible for its Partners' compliance. The Customer shall ensure that each such Partner:
- Processes Personal Data only for the Customer's authorized workflows and on the Customer's instructions;
- provides candidate disclosures and obtains the consents required by applicable law before initiating a verification;
- issues any pre-adverse action and adverse action notices required under the FCRA and equivalent laws for requisitions the Partner manages on the Customer's behalf; and
- shares with the Customer all candidate and professional data it verifies or Processes to respond to the Customer's requisitions.
TurboCheck makes available built-in mechanisms to support these obligations but is not responsible for providing such candidate disclosures, consents, or notices. Each Partner is required to accept TurboCheck's Partner Network Terms and Data Processing Agreement, under which the Partner assumes these obligations directly. The acts and omissions of a Partner in connection with the Customer's workflows are the responsibility of the Customer as if they were the Customer's own.
Subprocessors
Customer authorizes TurboCheck to engage Subprocessors to support the Services, provided that: Subprocessors are bound by written agreements imposing obligations no less protective than this DPA; and TurboCheck remains liable for their acts and omissions.
Relation to Agreement
This DPA forms part of and is subject to the Agreement. In the event of a conflict between this DPA and the Agreement, this DPA shall control with respect to the Processing of Personal Data. Liability arising from this DPA shall be subject to the limitations of liability set forth in the Agreement.
The Customer accepts this DPA as part of the Terms of Service. It takes effect on the Effective Date of the Terms and remains in effect for their duration.
PARTNER NETWORK
Terms of Service
Last Updated: July 1st, 2026
TurboCheck, Inc., a Texas Corporation ("TurboCheck"), agrees to provide access to the Partner Network and related Services to the company that accepts these Partner Network Terms (the "Terms") as the "Partner," in accordance with the Terms and Conditions set forth herein. The Partner accesses the Services solely to support one or more TurboCheck customers (each, a "Client") that have invited the Partner and authorized it to act on the Client's behalf for specific workflows. By accepting these Terms, the individual accepting represents that they are authorized to bind the Partner, and the Partner agrees to be bound by these Terms.
Partner Relationship
The Partner is an independent company, separate from each Client. Upon acceptance of a Client's invitation, the Partner becomes linked to that Client and may act on the Client's behalf for authorized workflows. The Client controls the relationship and may cancel, resend, edit, or remove the Partner's access at any time. The Partner has no right to access any Client's data except through an accepted, active relationship with that Client, and nothing in these Terms creates a relationship between the Partner and any Client other than as authorized through the Partner Network.
Term
These Terms become effective upon the Partner's acceptance and remain in effect for so long as the Partner has at least one accepted, active Client relationship, unless terminated earlier in accordance with these Terms. Termination or removal of a particular Client relationship ends the Partner's rights with respect to that Client but does not affect the Partner's other active relationships.
Software Services and Scope of Access
TurboCheck offers a comprehensive toolbox designed to help organizations identify and mitigate the risk of fraudulent job applicants, including its Digital ID Verification tool, which aggregates publicly available data to verify a candidate's digital identity. Partner access to the Services is limited and tied to accepted, active Client relationships. Subject to server-side authorization checks, the Partner may access only shared requisitions and templates and completed, visible requests associated with an accepted, active relationship with the relevant Client. The Partner does not receive unrestricted access to any Client's account.
On-behalf workflows. TurboCheck may clone a Client's active consent and requisition templates into the Partner's account so the Partner can initiate consent or candidate requests on that Client's behalf. When the Partner sends a request using a cloned template, TurboCheck records the request as having been sent on behalf of the Client. The Partner shall use cloned templates only for the Client to which they relate and only for that Client's authorized workflows, and shall not alter a cloned template in a manner that misrepresents the Client or the candidate-facing disclosures.
Fees
Any fees payable by the Partner for access to the Partner Network are set out in a separate order form or written pricing schedule between the Partner and TurboCheck and are not governed by these Terms. Where no such fees are agreed, access is provided in connection with the inviting Client's subscription at no separate charge to the Partner.
Proprietary and Data Rights
Intellectual Property
The Partner acknowledges and agrees that TurboCheck retains all rights, title, and interest in and to its proprietary technology, including but not limited to its API, fraud detection models, and underlying methodologies, including but not limited to software, methodologies, and data analytics. Any reproduction, modification, distribution, or reverse engineering of TurboCheck's technology without prior written consent from an authorized officer of TurboCheck is strictly prohibited. Cloned templates remain linked to the originating Client and are licensed to the Partner solely for authorized on-behalf workflows; the Partner acquires no ownership of them. Any unauthorized use, disclosure, or misappropriation of TurboCheck's proprietary technology will constitute a material breach of these Terms, and TurboCheck reserves the right to pursue all available legal remedies, including injunctive relief, damages, and attorney's fees.
Data Ownership
The Client retains ownership of all data submitted to or processed through the Services in connection with the Client's workflows, including candidate and professional data generated by verifications the Partner performs on the Client's behalf. The Partner acquires no ownership of such data and shall not sell, share, or use it for any purpose other than performing the Client's authorized workflows. As further set out in the DPA, the Partner shall share all such candidate data with the relevant Client.
Compliance with Laws
In performing its obligations under these Terms, the Partner shall materially comply with all applicable laws, regulations, rules, orders, and other requirements, now or hereafter in effect, of any governmental authority of competent jurisdiction, including all applicable consumer privacy and consumer reporting laws, to the extent applicable to its access to and use of the Services. The Parties agree that the Partner Network Data Processing Agreement ("DPA") accepted between TurboCheck and the Partner is incorporated into and forms part of these Terms. The DPA sets out the Partner's obligations with respect to the Processing of Personal Data, the allocation of data-protection roles, and the Partner's obligation to share candidate data with the relevant Client. In the event of a conflict between these Terms and the DPA, the DPA shall control with respect to the Processing of Personal Data.
Other Terms and Conditions
Usage Restrictions
The Partner shall use the Services solely for the Client-authorized candidate, consent, and requisition workflows for which it was invited. The Partner shall not access or attempt to access data outside its accepted, active relationships, circumvent server-side authorization checks, or access any Client or candidate data by passing another company's identifier or by any other unauthorized means. TurboCheck's Digital ID Verification system is designed for single-pass verification; running multiple searches using additional email addresses and/or phone numbers, or any attempt to manipulate verification results, is strictly prohibited. TurboCheck reserves the right to monitor and flag such activity and to suspend or terminate access to safeguard the integrity of the Services. In the event of suspension or termination due to misuse, fraudulent activity, or non-compliance, TurboCheck shall not be obligated to provide any refund, reimbursement, or credit for fees already paid.
Use of Results and Employment Decisions
The Partner acknowledges that TurboCheck provides risk indicators based on available data and proprietary analysis, which reflect meaningful risk signals but do not constitute definitive findings of fraud or misconduct. The Partner agrees that TurboCheck results, including any designation such as "Suspicious" or "Review," shall not be used as the sole basis for any adverse decision regarding a candidate. The Client retains full responsibility for all employment or engagement decisions; the Partner shall not represent to any candidate that it, rather than the Client, is responsible for such a decision. TurboCheck does not make, influence, or participate in employment decisions of any kind and disclaims any liability arising from use of its results in connection with such decisions.
Dispute Handling
If a candidate disputes the accuracy of information contained in a TurboCheck report, such dispute must be submitted to dispute@terefic.com, and TurboCheck will review and handle it in accordance with applicable laws. Any dispute related to an employment or engagement decision is the sole responsibility of the Client and the Partner, and TurboCheck does not participate in or support the justification of such decisions.
Candidate Communications
To preserve the integrity of TurboCheck's systems and methodologies, the Partner shall not share, disclose, or discuss TurboCheck reports or underlying signals with candidates, whether verbally or in writing; may only provide the candidate-facing version of the report made available through the platform; and shall direct candidates to dispute@terefic.com for any questions or disputes regarding report content. Any unauthorized disclosure of reports, underlying signals, or detection methodologies constitutes a material breach of these Terms and may result in suspension or termination of access without refund.
Confidentiality
The Partner shall keep confidential all Client data, TurboCheck reports, underlying signals, and detection methodologies to which it gains access, and shall not disclose them to any third party except as necessary to perform the authorized workflows for the Client and subject to equivalent confidentiality obligations. The Partner shall restrict access to authorized personnel with a need to know and shall promptly notify TurboCheck of any suspected unauthorized access.
Use of Logo
Each party grants the other the right to use its name and logo solely to identify the parties' relationship in connection with the Services. Other than as stated herein, neither party shall use the other party's marks, codes, drawings, or specifications without the prior written permission of the other party.
Exclusion of Warranties
The Partner expressly understands and agrees that use of the Services is at its sole risk and that the Services are provided "as is" and "as available." TurboCheck expressly disclaims all warranties of any kind, including but not limited to implied warranties of merchantability and fitness for a particular purpose.
Limitation of Liability
Neither party shall hold the other liable for any direct, indirect, incidental, special, consequential, or exemplary damages arising in connection with the Services or with any failure of performance, error, omission, interruption, defect, delay in operation or transmission, computer virus, or system failure.
Indemnification
The Partner shall indemnify, defend, and hold harmless TurboCheck and each Client from and against all third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising out of the Partner's gross negligence or willful misconduct, its breach of these Terms, or its unauthorized use or disclosure of candidate data or TurboCheck reports. TurboCheck indemnifies and holds the Partner harmless from any third-party claim that TurboCheck's technology infringes an intellectual property right.
Warranty
TurboCheck warrants that its software solution does not infringe any intellectual property rights. TurboCheck does not warrant that its Services will detect all instances of fraudulent activity or guarantee 100% accuracy in verification results.
Survival
The terms, conditions, and warranties contained in these Terms that by their sense and context are intended to survive will so survive the completion, cancellation, or termination of these Terms, including without limitation Confidentiality, data protection and data-sharing obligations, Intellectual Property, Limitation of Liability, and Indemnification.
Governing Law
These Terms constitute a contract made under, governed by, and construed in accordance with the laws of the State of Texas. The Partner agrees that the state and federal courts located in Travis County, Texas, will have exclusive jurisdiction to hear and determine any claims or disputes arising from or related to these Terms, waives any objection to the venue of such courts, and waives any right to a trial before a jury. In the event of a dispute, both parties agree to first attempt to resolve the issue through good-faith negotiations or mediation before pursuing litigation.
Amendment
TurboCheck may update these Terms from time to time. The Partner's continued use of the Partner Network after notice of an update constitutes acceptance of the updated Terms.
Assignment
The Partner may not assign or transfer these Terms without the prior written consent of TurboCheck, which approval shall not be unreasonably withheld.
Entire Agreement
These Terms, together with the DPA, constitute the complete agreement between TurboCheck and the Partner regarding the Partner Network and supersede all prior or contemporaneous agreements or representations, written or oral, concerning the subject matter hereof.
Open standalone Partner Network TermsPARTNER NETWORK
Data Processing Agreement (DPA)
Last Updated: July 1st, 2026
This Data Processing Agreement ("DPA") forms part of the Partner Network Terms (the "Terms") between TurboCheck, Inc. ("TurboCheck") and the partner company that accepts the Terms (the "Partner"). It sets out the Partner's obligations relating to the Processing of Personal Data in connection with the Partner Network and the candidate, consent, and requisition workflows the Partner performs on behalf of TurboCheck's customers (each, a "Client").
Purpose & Scope
This DPA governs the Partner's Processing of Personal Data when it accesses the Services and acts on behalf of a Client. The Parties agree to comply with applicable data protection laws. For legal purposes, with respect to candidate and professional Personal Data accessed through the Partner Network:
- Under the U.S. Fair Credit Reporting Act (FCRA), the Client is the End User, TurboCheck is the Consumer Reporting Agency, and the Partner acts as the Client's authorized agent.
- Under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Client is the Business, TurboCheck is the Service Provider, and the Partner Processes Personal Data on behalf of and at the direction of the Client.
- Under the EU General Data Protection Regulation (GDPR) and UK GDPR, the Client is the Controller, TurboCheck is the Processor, and the Partner acts as the Client's authorized agent or representative, and not as an independent controller, with respect to such data.
- Under the Canadian PIPEDA, the Client is the organization and TurboCheck is the Service Provider.
This DPA shall remain in effect for the duration of the Terms, unless otherwise terminated in accordance with the terms herein.
Definitions
Capitalized terms not defined in this DPA have the meanings set forth in the Terms.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Candidate Data" means Personal Data relating to candidates or professionals that is submitted to or generated through the Services in connection with a Client's workflows, including verification requests, results, status, and related records.
"Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
"Subprocessor" means any third party engaged by the Partner to Process Personal Data.
"Personal Data Breach" means any actual or suspected breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
Partner Responsibilities
The Partner accesses and Processes Candidate Data solely as the authorized agent of the relevant Client and solely to perform that Client's authorized workflows. The Partner acknowledges that the Client, as End User under the FCRA and Controller under the GDPR (and equivalent laws), bears primary responsibility for the lawful collection and use of Candidate Data. Accordingly, the Partner is responsible for:
- Processing Candidate Data only on the documented instructions of the Client and TurboCheck, as conveyed through the Services, and only for the Client's authorized workflows;
- not determining its own purposes or means for Processing Candidate Data and not acting as an independent controller of such data;
- ensuring that personnel authorized to Process Candidate Data are bound by appropriate confidentiality obligations; and
- complying with the data protection and consumer reporting laws applicable to its activities, and providing the candidate disclosures and notifications described below.
Shared Responsibility and Built-In Mechanisms
Compliance with applicable data protection and consumer reporting laws is a shared responsibility among TurboCheck, the Client, and the Partner. TurboCheck makes available built-in mechanisms and processes including consent and requisition templates, candidate-facing disclosures, and the cloned templates provided through the Partner Network designed to support compliance with such laws. The use of these mechanisms does not relieve the Partner or the Client of their respective responsibilities. TurboCheck provides the platform and these compliance mechanisms; the Client, as End User and Controller, retains ultimate accountability for the lawful basis of Processing; and the Partner, as the party that interacts with candidates on the Client's behalf for a given requisition, is responsible for the candidate disclosures and notifications set out below.
Candidate Disclosures and Notifications
Where the Partner initiates consent or candidate requests on a Client's behalf, the Partner is responsible for providing all proper disclosures, notices, and consents to candidates and professionals required by applicable law before initiating a verification, and for issuing any candidate notifications required in connection with the use of the Services for that requisition, including any pre-adverse action and adverse action notices required under the FCRA and equivalent laws. The Partner shall use the candidate-facing disclosures and consent language made available through the built-in mechanisms and shall not modify them in a manner that defeats their legal sufficiency. This responsibility is in addition to, and does not diminish, the Client's overarching responsibility as End User and Controller, and TurboCheck's provision of built-in mechanisms does not transfer this responsibility to TurboCheck.
Sharing with Client
The Partner agrees to share with the relevant Client all data related to candidates and professionals that the Partner verifies or Processes in order to respond to that Client's job requisition, including verification requests, results, status, reports made available through the platform, and related records. The Partner shall make such Candidate Data available to the Client promptly and through the mechanisms provided by the Services, and shall not withhold from the Client, retain exclusively, or restrict the Client's access to such Candidate Data. The relevant Client is an intended third-party beneficiary of this obligation. This obligation survives the termination or removal of the Partner Relationship to the extent necessary for the Client to receive the complete record of Candidate Data generated on its behalf.
Restrictions
The Partner shall not: (a) "sell" or "share" Personal Data (as defined under CCPA/CPRA); (b) retain, use, or disclose Personal Data outside the direct business relationship with the Client, except for the sharing with the Client required above; or (c) combine Personal Data with data from other sources, except as directed by the Client or expressly permitted by law.
Security
The Partner shall implement and maintain industry-standard technical and organizational measures designed to protect Personal Data against unauthorized or unlawful Processing, accidental loss, destruction, or damage. These measures include, at a minimum:
- encryption in transit and at rest where applicable;
- access controls and authentication;
- audit logs; and
- regular security testing.
Personal Data Breach
The Partner shall notify TurboCheck and the relevant Client without undue delay, and in any event within forty-eight (48) hours, after becoming aware of a Personal Data Breach. Such notice shall include, to the extent available: the nature of the breach; the categories and approximate number of Data Subjects affected; the categories and approximate number of records involved; the likely consequences of the breach; and the measures taken or proposed to address and mitigate it. The Partner shall promptly investigate, remediate, and cooperate in connection with notifications to regulators, Data Subjects, or other third parties as required by law.
Third Party Requests and Assistance
Unless prohibited by law, the Partner shall promptly inform the Client and TurboCheck if it receives a request from a Data Subject, a regulatory inquiry or investigation, or any other third-party request relating to Personal Data, and shall not respond except as authorized by the Client or legally compelled. The Partner shall provide reasonable assistance to the Client in responding to Data Subject requests, regulatory inquiries, privacy impact assessments, and other compliance obligations, and shall promptly correct errors in Personal Data caused by it and, upon the Client's request, other inaccuracies identified by the Client.
Subprocessors
The Partner shall not engage any Subprocessor to Process Candidate Data without the prior authorization of the Client or TurboCheck. Where a Subprocessor is authorized, the Partner shall bind it by a written agreement imposing obligations no less protective than this DPA, and the Partner shall remain fully liable for the acts and omissions of its Subprocessors.
International Transfers
To the extent a Client submits Personal Data subject to the laws of the European Economic Area, the United Kingdom, or Switzerland, and the Partner Processes such data outside those jurisdictions, the Partner shall ensure that any such transfer is governed by the EU Standard Contractual Clauses (and, where relevant, the UK Addendum and the Swiss Addendum) and shall implement supplementary measures where required to ensure a level of protection essentially equivalent to that required under applicable Data Protection Legislation.
Return & Deletion
Upon termination or expiry of the Terms, or upon removal of a Partner Relationship, the Partner shall first ensure that all Candidate Data required to be shared with the relevant Client has been made available to that Client, and shall then, at the Client's choice, either return or securely delete all Personal Data in its possession, unless retention is required by law or for audit and history purposes. The Partner acknowledges that removal of a Partner Relationship operates as a soft delete within the Services, preserving historical invitation and relationship records for audit.
Relation to Terms
This DPA forms part of and is subject to the Terms. In the event of a conflict between this DPA and the Terms, this DPA shall control with respect to the Processing of Personal Data. Liability arising from this DPA shall be subject to the limitations of liability set forth in the Terms.
By accepting the Partner Network Terms, the Partner accepts and agrees to be bound by this DPA as of the date of acceptance.
Open standalone Partner DPA