Privacy Notice

Comp AI provides Background Check to businesses that ask candidates, employers, and references to complete verification steps. In most cases, the business requesting the check decides why the check is run, what data is needed, and how long final records should be retained. Comp AI processes the data to provide the service.

This notice is written for candidates, employer contacts, reference contacts, business users, and visitors to Background Check pages.

• Account and business-user data, such as name, email address, organization membership, authentication events, API key records, and dashboard activity.
• Candidate data, such as name, email address, legal name, identity document images, extracted document fields, right-to-work signals, liveness results, public profile URLs, employment history, references, disputes, and candidate-submitted evidence.
• Employer and reference response data, such as contact details, relationship to the candidate, verification answers, response timestamps, IP address, and user agent.
• Operational data, such as consent records, audit logs, webhook delivery logs, email delivery records, idempotency records, and security/debug metadata.
• Publicly available professional evidence, such as LinkedIn/profile evidence and public web research used to corroborate candidate-submitted employment or reference context.

Background Check uses AWS Rekognition Face Liveness to help confirm that a candidate is physically present during the selfie step. The candidate's short liveness video is streamed to AWS for analysis. AWS returns a liveness confidence score and may return a reference image and audit images. Background Check stores only the liveness reference image when needed to compare the selfie to the identity document or profile evidence.

Background Check uses AWS Rekognition CompareFaces to compare face images and AWS Textract to extract text from identity documents. These services are used only to provide verification, detect fraud or abuse, support manual review, and generate audit evidence for the requesting business.

Comp AI does not sell biometric data, lease it, trade it, or use it for advertising. Comp AI does not use personal data or biometric data to train AI models. Where AWS AI services are used, the production AWS account should be configured with the AWS AI services opt-out policy for Rekognition inputs.

We use service providers to run Background Check, including Convex for application data and file storage, AWS Rekognition and AWS Textract for identity verification processing, Resend for email delivery, Firecrawl for public web research, and LinkedIn/profile sources where candidates or public evidence provide professional profile context.

• To provide identity, right-to-work, employment, reference, public profile, and report workflows requested by the business customer.
• To detect fraud, abuse, duplicate or suspicious evidence, and identity mismatch signals.
• To support manual review, candidate dispute workflows, audit trails, webhooks, email notifications, and customer support.
• To comply with applicable legal obligations and enforce service terms.

Background Check does not make automated adverse employment decisions. Verification outputs are evidence for the requesting business to review under its own policies and legal obligations.

By default, raw identity artifacts are retained for up to 7 days after verification when raw-artifact deletion is enabled. Identity document images are deleted immediately after a successful identity pass. Structured check records and reports are retained for up to 365 days after a check reaches a terminal status, unless the requesting business configures a different retention period or a legal obligation requires otherwise.

When retention cleanup runs, storage objects are deleted before associated database records. Comp AI may retain a minimal non-PII audit tombstone showing that expired records were purged.

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing of your personal data. If a check was requested by a business, that business may be best placed to respond to certain requests because it controls the purpose of the check.

Privacy and data rights requests can be sent to privacy@trycomp.ai. You can also review the data subject request page.