Sensitive data protection
Consumer report data is handled through restricted workflows, encrypted transport, role-based access, and documented retention practices.
Trust and security
Security proof buyers can review before they order.
Background screening involves sensitive candidate and employer information. This center brings security, privacy, legal, FCRA, vendor diligence, and vulnerability disclosure resources into one place.
Operating posture
Built for compliance-conscious screening.
The strongest trust proof is not an old seal. It is clear process, careful data handling, documented legal resources, and a human support path when a report or rule needs attention.
FCRA-aware operations
Employment screening support includes permissible purpose review, authorization reminders, adverse action resources, and dispute handling paths.
Human-reviewed reports
Reports are reviewed by trained people before delivery. Information Direct does not position its reports as AI-only eligibility decisions.
Production monitoring
Public website, API health, deployment checks, database backup jobs, and security headers are part of the operating baseline.
Vendor diligence support
Security, legal, service agreement, DPA, capability statement, and access-fee resources are available for buyers and procurement teams.
Responsible disclosure
Security researchers can report suspected vulnerabilities through the disclosure path below.
Vendor diligence packet
Procurement teams, government contractors, enterprise buyers, and regulated employers can use these resources to understand how Information Direct handles screening scope, legal terms, privacy, source fees, and candidate-facing obligations.
- Service and website terms are separated so contract review stays cleaner.
- Pass-through access fees are explained separately from package pricing.
- Candidate, client, and consumer report resources are available before account creation.
Vulnerability disclosure
If you believe you found a security issue, email info@informationdirect.us with a concise report. Please include affected URL or endpoint, reproduction steps, expected impact, and a safe proof of concept if available.
- Do not access, modify, download, or disclose client, candidate, or consumer report data.
- Do not run denial-of-service, spam, social engineering, physical intrusion, or destructive testing.
- Give Information Direct a reasonable opportunity to investigate before public disclosure.
FAQ
Security questions
Do you publish a security.txt file?
Yes. The security contact file is available at /.well-known/security.txt and points to this Trust and Security Center.
How should a researcher report a vulnerability?
Email info@informationdirect.us with the affected URL, steps to reproduce, impact summary, and any safe proof of concept. Do not access, copy, change, or disclose candidate, client, or consumer report data.
Can buyers request security documentation?
Yes. Procurement and enterprise buyers can request security, legal, service, DPA, insurance, and capability statement materials through the contact form.
Does Information Direct make automated hiring decisions?
No. Information Direct provides background screening reports and workflow support. Employers remain responsible for hiring decisions, notices, disputes, and adverse action under applicable law.