Get a demo of our new product!🔥
Last Updated: December 11, 2025
This page supplements the Kizuna Privacy Policy and is intended to meet the disclosure requirements of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA/CPRA”). It describes, for the preceding 12 months:
The categories of personal information and sensitive personal information we have collected about California residents;
The sources of that information;
Our business or commercial purposes for collecting it; and
The types of third parties to whom we disclose it for business purposes.
When we say “consumer” on this page, we mean:
Site Visitors – people browsing kizuna.solutions, reading docs, or contacting us;
Registered Users & Integrated Partners (B2B) – admins, HR users, and partner staff using the Kizuna Platform;
Candidates – individuals whose background-related records (“Report Artifacts”) are processed in the Platform at a Customer’s direction.
Unless we state otherwise, we do not sell personal information and we do not share it for cross-context behavioral advertising as those terms are used in the CCPA/CPRA.
Note on FCRA/DPPA/GLBA data: Many data elements appearing in Candidate background-check reports (“Report Artifacts”) are governed by federal laws such as the Fair Credit Reporting Act (FCRA), Driver’s Privacy Protection Act (DPPA), or Gramm-Leach-Bliley Act (GLBA). Where those laws apply, certain state privacy rights (such as deletion) may be limited or not available, as explained in our Privacy Policy and in the “Your Privacy Rights (U.S. States)” section.
How to Read These Disclosures
For each CCPA/CPRA category we indicate:
Whether we collect it (and for which personas: Site Visitors, B2B Users, Candidates);
Examples of the data;
Sources (who or what it comes from);
Purposes (why we use it); and
Disclosures (which broad types of third parties receive it for business purposes).
These descriptions are intended to be read together with the role-based sections of our main Privacy Policy (Site Visitors, Registered Users & Integrated Partners, Candidates).
A–K: Categories of Personal Information
Category A – Identifiers
Do we collect this? Yes (Site Visitors, B2B Users, Candidates)
Examples we collect
Names, aliases, and business contact details (e.g., work email, company, job title)
Account identifiers and usernames for the Kizuna Platform
IP addresses and other online identifiers (browser/user-agent, cookie IDs, session IDs)
Candidate identifiers included in background-check reports (e.g., name, address)
Sources
Directly from you (forms, account creation, support communications)
From your employer or another Customer (e.g., when they create a Candidate record)
From Consumer Reporting Agencies (CRAs) or other background-check providers (Report Artifacts)
From your browser, device, and our applications (logs and analytics)
Purposes
Provide, secure, and troubleshoot the Platform and Site
Create and manage user accounts and access controls
Associate Report Artifacts, Candidate Context, and configuration data with the correct Customer and Candidate
Detect and prevent fraud, abuse, or security incidents
Maintain audit trails and compliance records
Measure Site performance and marketing campaigns (for Site Visitors)
Disclosed for a business purpose to
Cloud infrastructure and Platform subprocessors (e.g., hosting, logging, monitoring, AI infrastructure)
Integration partners you choose to connect (e.g., CRA, ATS, HRIS), at your direction
Professional advisors and, where required, regulators or courts
Category B – Customer Records (Cal. Civ. Code § 1798.80(e))
Do we collect this? Yes, in limited contexts.
Examples we collect
Business contact details (name, address, business email, phone) for billing, legal, and account administration
In Candidate Report Artifacts: government ID numbers or similar identifiers included in CRA-provided reports, to the extent not redacted by the CRA or Customer
Sources
Directly from B2B Users and Customers (Orders, billing, account setup)
From CRAs and background-check providers (Report Artifacts)
Purposes
Provide and support Customer subscriptions
Maintain billing and account records
Display background-check results and related information in the Platform at Customer direction
Meet legal, regulatory, tax, and audit obligations
Disclosed for a business purpose to
Payment processors (for business billing contacts, not Candidate report contents)
Cloud hosting and Platform subprocessors
Professional advisors as needed under confidentiality
Category C – Protected Classification Characteristics (under California or federal law)
Do we collect this? Not intentionally from Site Visitors or B2B Users; may appear in Candidate Report Artifacts or Candidate Context
Examples that may appear
Age or age range (e.g., from date of birth within a background-check report)
Other protected characteristics (e.g., gender) if included in CRA report content or Candidate-provided context
Sources
Consumer Reporting Agencies (Report Artifacts)
Candidate submissions (Candidate Context)
Purposes
Display Report Artifacts and Candidate Context at the Customer’s direction to support their review and documentation
Support Customers’ compliance and audit needs (e.g., documenting individualized assessments)
Disclosed for a business purpose to
Cloud and Platform subprocessors (hosting and processing of Report Artifacts)
The Customer and its integration partners (e.g., ATS/HRIS) that the Customer connects to the Platform
Note: We do not use protected classifications to create marketing profiles or to target advertising
Category D – Commercial Information
Do we collect this? Yes (for B2B Users; not for Candidates’ consumer purchases)
Examples we collect
Records of Kizuna products and services purchased or subscribed to
Account status, plan type, seat counts, usage tiers, and feature enablement for Customer accounts
Sources
Directly from Customers and B2B Users (Orders, contracts)
Our billing and subscription systems
Platform usage and configuration data
Purposes
Provide and manage Customer subscriptions
Monitor usage to support capacity planning and service levels
Improve, secure, and support the Platform
Internal business analytics and financial reporting
Disclosed for a business purpose to
Payment and billing providers
Cloud and Platform subprocessors
Professional advisors under appropriate confidentiality
Category E – Biometric Information
Do we collect this? Generally no
Examples
We do not enroll or store biometric identifiers such as fingerprint templates, facial-geometry templates, or voiceprints for our own purposes.
Background-check reports may reference fingerprint-based searches or include narrative descriptions that incidentally touch on biometric-related processes; Kizuna processes those reports only as provided by the CRA and at the Employer’s direction.
Sources
May appear in CRA-generated Report Artifacts in narrative form
Purposes
Display Report Artifacts at Customer direction
Support the Employer’s review workflow (decision-support only)
Disclosed for a business purpose to
Cloud and Platform subprocessors that host and process Report Artifacts
Category F – Internet or Other Electronic Network Activity
Do we collect this? Yes (Site Visitors, B2B Users, and, to a limited extent, Candidates using portals)
Examples we collect
Page views, browser type/version, referrer, timestamps
Clickstream and limited interaction data within the Platform (for diagnostics and support)
Authentication, session, and security logs (e.g., sign-in attempts, IP, device)
Sources
Your browser, device, and our applications
Site and Platform logs and diagnostics
Support and session tools, where enabled
Purposes
Operate, secure, and improve the Site and Platform
Prevent fraud and abuse, detect anomalies, and investigate incidents
Measure and improve performance and reliability
Disclosed for a business purpose to
Cloud infrastructure, security, and observability providers
Site analytics providers (for Site Visitors), as described in our Privacy Policy
Category G – Geolocation Data
Do we collect this? Limited
Examples we collect
Approximate location (e.g., city/region) inferred from IP address
We do not intentionally collect precise GPS coordinates from devices
Sources
IP addresses from your browser or device
Network routing information
Purposes
Security, fraud detection, and abuse prevention
Service reliability and performance (e.g., routing traffic)
High-level analytics on where the Platform/Site are being accessed from
Disclosed for a business purpose to
Cloud infrastructure and security providers
Category H – Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information
Do we collect this? Limited
Examples we collect
We do not systematically record phone calls or video meetings for product purposes.
Customers or users may occasionally upload screenshots or documents that contain images as part of support or Candidate Context; those are treated as Customer Data.
Sources
Customer-submitted materials
Support or troubleshooting interactions, if provided
Purposes
Provide customer support
Assist Customers in implementing and troubleshooting the Platform
Disclosed for a business purpose to
Cloud storage and support tooling providers
Category I – Professional or Employment-Related Information
Do we collect this? Yes (B2B Users; Candidates via Report Artifacts)
Examples we collect
For B2B Users: employer name, business title, department, and role in the Platform
For Candidates (via Report Artifacts): employment history, positions held, and related verification results included in CRA reports
Sources
Directly from B2B Users or their employers
From CRAs and background-check providers (Report Artifacts)
From Candidate Context submissions
Purposes
Provide and administer accounts and role-based access
Display Report Artifacts and Candidate Context at the Customer’s direction to support their review and documentation
Support compliance analytics and audit reporting at the Customer’s direction
Disclosed for a business purpose to
Cloud hosting, AI infrastructure, and other Platform subprocessors
Integration partners (e.g., ATS/HRIS) at Customer direction
Category J – Education Information (non-public, per FERPA)
Do we collect this? Yes, to the extent included in Report Artifacts
Examples we collect
Education history or verification results (schools attended, degrees, dates) that appear in CRA-provided reports
Sources
Consumer Reporting Agencies (Report Artifacts)
Candidate Context submissions (if Candidates provide education-related context)
Purposes
Display Report Artifacts and Candidate Context at the Customer’s direction to support their review and documentation
Support individualized assessments and audit trails for hiring decisions (at Customer direction)
Disclosed for a business purpose to
Cloud hosting and Platform subprocessors
Integration partners (e.g., ATS/HRIS) at Customer direction
Category K – Inferences Drawn from Personal Information
Do we collect this? Yes
Examples we create
Derived insights, flags, or categorizations related to potential risk, desistance, or cohort comparisons (e.g., how a Candidate’s record compares to similar historical patterns)
Internal analytics about how Customers configure and apply policies or workflows
Aggregated & De-Identified Data used in Research Datasets for model validation and fairness analysis (not reasonably capable of identifying any individual)
Sources
Data in Categories A–J above
Platform configurations, workflows, and usage patterns
Purposes
Provide decision-support tools and analytics to Customers (Kizuna does not make or override final employment decisions)
Improve and validate Kizuna’s risk, desistance, and cohort models
Conduct research using Aggregated & De-Identified Data, as described in the “Research & Model Improvement” section of our Privacy Policy
Disclosed for a business purpose to
Cloud and AI infrastructure providers
Academic or research partners using Aggregated & De-Identified Data under strict data-use agreements
Sensitive Personal Information (SPI)
The CCPA/CPRA defines certain Sensitive Personal Information (SPI) that receives additional protections. Kizuna primarily encounters SPI in the context of Candidate background-check data governed by FCRA and related laws. We do not use SPI to create marketing profiles or for cross-context behavioral advertising.
SPI – Government Identifiers (e.g., SSN, driver’s license, state ID)
Do we collect this? Limited and primarily via Report Artifacts
Examples
Government ID numbers (e.g., driver’s license number, state ID, or similar identifiers) included in CRA-generated reports, to the extent not redacted by the CRA or Customer
We generally avoid storing full Social Security numbers in application logs, analytics, and prompts, and we encourage Customers and CRAs to use truncated or masked formats where possible.
Sources
Consumer Reporting Agencies (Report Artifacts)
Purposes
Display and help Customers interpret Report Artifacts at their direction
Support Customers’ FCRA-context background-check workflows as a processor/service provider (for example, by displaying CRA-provided identifiers within Report Artifacts at the Customer’s direction)
Comply with legal and recordkeeping obligations (e.g., FCRA-related retention)
Disclosed for a business purpose to
Cloud hosting and Platform subprocessors that store Report Artifacts
SPI – Account Log-In Credentials
Do we collect this? Yes (B2B Users; Candidates using portals)
Examples
Account log-in identifiers, hashed passwords, and authentication tokens for the Kizuna Platform
Single sign-on (SSO) identifiers and related metadata when Customers enable SSO
Sources
Directly from you (when you create or use an account)
From your employer or Customer (SSO configuration; identity provider)
Purposes
Authenticate users, maintain sessions, and enforce security controls
Protect against unauthorized access, fraud, and abuse
Maintain security and access logs for compliance
Disclosed for a business purpose to
Cloud hosting and security infrastructure providers
We use this SPI only as reasonably necessary to provide and secure the Platform and do not “sell” or “share” it for cross-context behavioral advertising.
Other SPI Categories
Other types of Sensitive Personal Information defined by the CCPA/CPRA (such as precise geolocation, racial or ethnic origin, citizenship or immigration status, union membership, the content of certain communications, genetic data, or biometric templates used for identification) are not intentionally collected by Kizuna for our own purposes. In those cases:
Kizuna processes the information solely as part of the Customer’s instructions, as a processor/service provider;
We do not use it for separate profiling or marketing; and
It may be subject to exemptions under FCRA, DPPA, GLBA, or other laws that limit certain CCPA/CPRA rights.
Retention and Rights
We retain each category of personal information for as long as reasonably necessary to fulfill the purposes described above or as required by law (including FCRA-related retention for Candidate data), consistent with the “Retention Summary” sections for each role in our Privacy Policy.
California residents can exercise their CCPA/CPRA rights (such as access, correction, deletion, and opt-out of “sale”/“sharing” and, where applicable, the right to limit our use and disclosure of Sensitive Personal Information) as described in the “Your Privacy Rights (U.S. States)” and “California Notice (CCPA/CPRA)” sections of our Privacy Policy.
For more detail on our privacy practices, including your rights and how to exercise them, please see the full Kizuna Privacy Policy.