Get a demo of our new product!🔥

kizuna

Product

Why us

Science

About

Get demo

kizuna

kizuna

Privacy Policy

Privacy Policy

Privacy Policy

Last Updated: December 11, 2025

Kizuna provides decision-support software to facilitate background-check workflows. Kizuna is not a Consumer Reporting Agency (CRA) and does not independently collect, compile, or maintain background databases on individuals, nor do we investigate individuals or verify public records. We operate solely as a service provider and do not make hiring decisions; all eligibility determinations are made by our customers.

This Privacy Policy outlines how we handle personal information for website visitors, business contacts, and candidates, with specific obligations differing based on your user role. Please note that this policy does not apply to information managed independently by our customers or third-party services, and federal regulations like the FCRA may exempt certain background-check data from state privacy rights.



Who we are: Kizuna Solutions Inc. (“Kizuna,” “we,” “us”).

Key Concepts
To help you understand this policy, we use the following key definitions: 

“Customer”: The business entity (e.g., Employer, Staffing Agency, or CRA Partner) that uses our Platform to manage their screening process. 

“Candidate”: The individual (consumer or data subject) whose background report data is being analyzed on the Platform.

“Consumer Reporting Agency” or “CRA”: A third-party entity (such as a background check provider or credit bureau) that is in the business of assembling and evaluating public records to create consumer reports for a fee. CRAs are regulated by the FCRA and are legally responsible for the accuracy of the source data.

“Report Artifacts”: The individual pieces of background check reports (consumer reports)  uploaded or fetched by the Customer from a CRA. Kizuna processes these as a Service Provider. 

“Aggregated & De-identified Data”: Data that has been stripped of direct identifiers (like names, addresses and Social Security Numbers) so it cannot reasonably be linked to a specific individual.

Capitalized terms used but not defined in this Privacy Policy have the meanings given in our Platform Terms of Use or, where applicable, our Data Processing Addendum (“DPA”)

Scope and Applicability
This Privacy Policy is organized by user role. Our data processing obligations differ depending on your relationship with us.

1. Privacy for Site Visitors
2. Privacy for Registered Users & Integrated Partners (B2B)
3. Privacy for Candidates (Report Data) 

When this Policy Applies: This Policy applies to personal information that Kizuna processes in connection with: (1) operation of the public Site; (2) provision and administration of the Platform for Customers and their Authorized Users; and (3) processing of Candidate background-report data on behalf of Customers. 


When this Policy Does Not Apply: This Policy does not apply to information that our Customers or third parties process independently of the Platform. For example, data stored only in a Customer’s own HR, payroll, or ATS systems, or processing carried out solely by a Consumer Reporting Agency (CRA). Those activities are governed by the relevant party’s own privacy notices and contracts. 


Children: The Site and Platform are intended for business professionals and are not directed at children under 16. We do not knowingly collect personal information from children; if we learn that we have done so in violation of this Policy, we will delete that information and take reasonable steps to prevent further collection.


1. Privacy for Site Visitors


Who: People browsing www.kizuna.solutions, reading docs, booking demos, or contacting us.


What we collect: 

  • Device & Usage Data: Cookies, pixels, IP address, device identifiers. 

  • Contact Data: Information you submit via forms (e.g., "Book a Demo," "Contact Us"), such as name, work email, company, and role. 

  • Analytics Data: We use providers like Google Analytics and LinkedIn to collect non-identifiable usage data to help us measure traffic and target our B2B marketing. These partners may collect data about your browsing history on our Site.

  • Support & Session Tools: If you use in-product chat, support widgets, or we enable session analytics tools, these tools may capture limited interaction data (such as clicks, page views, and form usage) to help us troubleshoot issues and improve the Site and Platform. We configure such tools to avoid capturing sensitive report content or full Social Security numbers wherever technically feasible.


How we use it: 

  • To operate and secure the Site; 

  • To analyze trends and site traffic; and 

  • Where permitted by law, to send Kizuna B2B marketing (email) and to measure campaign performance. We do not “sell” PI for money or “share” PI for cross-context behavioral advertising.

  • You may opt out of marketing emails at any time. We do not sell your data for money. 


Role: For Site Visitor data, Kizuna is a business/controller.


Cookies & Tracking: We use cookies/SDKs and similar technologies to operate and improve the Site (including essential functions for security/load balancing/login flows, analytics and performance measurement such as page views and error rates, and forms/scheduling for demo booking and contact tools). 


Do Not Track/GPC: We honor Global Privacy Control (GPC) signals for Site contexts where applicable. We do not ‘sell’ personal information for money or ‘share’ it for cross-context behavioral advertising; if this changes, we will update this Policy and provide the required ‘Do Not Sell/Share’ and cookie preference controls.

Retention Summary: Data Retention: We retain marketing contact information until you opt out or your account becomes inactive for 24 months. Analytics data is retained in accordance with our provider settings (typically 14-26 months). 


2. Privacy for Registered Users & Integrated Partners (B2B)


Who: 

  • Direct Users: Admins and HR users who log in to the Kizuna application.

  • Integrated Users: Users accessing Kizuna features via embeddable widgets, webhooks, or third-party integrations (e.g., within an ATS or HRIS). 

  • Partner Admins: Developers or CRA staff managing API connections.


What we collect: 

  • Account & Identity Data: Name, business email, role, and billing details (collected directly or provisioned via a Reseller/Partner). 

  • Configuration Content: The specific adjudication rules, risk scoring parameters, decision matrices, workflow templates, and communication scripts you create or configure within the Platform to customize your background check review process.

  • Integration Credentials: API keys, webhook tokens, and OAuth tokens used to authenticate your connection with third-party platforms (e.g., your ATS session ID). 

  • Usage & Performance Data: Metadata about how you interact with the Platform—whether via our dashboard, API endpoints, or embedded widgets—including request volumes, latency, error rates, and feature activation.

  • Credentialing & Compliance Data: Documents and attestations provided to verify your business legitimacy and eligibility to use the Platform (e.g., business licenses, tax IDs, "Permissible Purpose" certifications, and sample consent forms).


How we use it: 

  • To provision and authenticate your account (including SSO or pass-through logins from Partners). 

  • To bill you or verify commission/usage attribution for a Reseller. 

  • To secure the API (e.g., detecting anomalous query patterns or compromised keys). 

  • To send operational alerts (e.g., "Webhook Failure," "Report Ready").

  • AI & LLM Processing: To provide automated features (such as parsing Report Artifacts, normalizing data, and drafting communications), we may transmit relevant input text to third-party LLM subprocessors (e.g., Anthropic). We operate under enterprise agreements that strictly prohibit these providers from using your data to train their models.


Role: For Registered User data, Kizuna is a business/controller. For Customer Data processed through the Platform, Kizuna acts as a service provider/processor under an applicable DPA.

Retention Summary: We retain Account and Identity Data for the duration of your Subscription Term plus a post-termination grace period (e.g., to allow for re-activation or billing audits), and thereafter for 7 years solely as required for tax and legal record-keeping. We retain raw Usage & Performance Data (logs) for 12 months for security analysis before aggregating or deleting it.

Payment Processors: We use third-party payment processors to securely process subscription and transaction payments. These providers process payment card information as independent controllers under their own privacy policies.


3. Privacy for Candidates 


Who: Individuals whose background-related records are analyzed within the Platform at a Customer's direction.


Our role: Kizuna acts as a Data Processor (Service Provider). We do not compile or furnish consumer reports. Our Customers (Either direct Employers or Authorized Resellers) upload, transmit, or authorize us to fetch (via API integration) existing background-check files (the “Report Artifacts”) to our Platform, and we process them strictly on their instructions.


What we process: 

  • Report Artifacts: Criminal-history text, court records, adjudication codes, offense descriptions, and PDF reports. 

  • Identity & Contact Data: Name, email, phone number, and other identifiers provided by the Customer (or by you directly via the Candidate Context portal) to facilitate invitations, disputes, or context-gathering. 

  • Pseudonymized Identifiers: Customer-assigned IDs and partial dates of birth (e.g., Month/Year) used to de-duplicate records. We practice data minimization and avoid processing full SSNs unless strictly required for a specific integration.

  • Biometric Information (rare): We do not intentionally collect biometric identifiers such as fingerprints, facial geometry templates, or voiceprints. To the extent such information appears within a background check report prepared by a CRA (for example, embedded in an arrest or corrections record), we process it only as part of that report and only at the Employer’s direction.

  • Candidate Context & Submissions: Information you voluntarily provide through the Platform at the specific request of the Employer (e.g., rehabilitation evidence, or further explanations of criminal history). 

  • Employer Annotations & Decisions: Internal tags, notes, status labels, and decision outcomes that the Customer records in the Platform (for example, “Review Completed” or internal comments).


Why we process it:

  • To help the Customer display, organize, and review data it already lawfully possesses; 

  • To format, classify, and present reason codes to support human review; 

  • To facilitate communication between the Customer and Candidate (e.g., for "Candidate Context" or dispute resolution); and 

  • To generate Aggregated and De-identified Data for research and modeling (which cannot be linked back to you).

  • To normalize and standardize the presentation of background check data (e.g., formatting inconsistent legal terminology) to facilitate the Employer's review.


Retention Summary: We retain Candidate data only for the duration required by the Customer (including any legal holds) or as necessary to demonstrate compliance with Customer instructions. We do not independently update or refresh this data absent instruction to do so from an appropriate party. 


Your Rights (FCRA Context): To the extent Candidate personal information contained in Report Artifacts and other background-check data is collected, processed, or disclosed pursuant to the Fair Credit Reporting Act (FCRA) at the direction of a CRA or Employer, that information may be exempt from certain state privacy requests (like CCPA deletion). 

  • Correction/Deletion: Requests to access, correct, or delete your background check data should be directed to the originating CRA or Employer. 

  • No Re-Verification: Kizuna does not alter, re-verify, or furnish consumer reports. We cannot correct source data contained in a report or individual Report Artifacts.

  • If you use Kizuna‑hosted tools to upload additional documents or statements at a Customer’s request, we still process those submissions for the Customer as a processor. Where we separately contact you to verify a dispute or abuse (e.g., identity, spam), we may handle that specific verification data as a controller for the limited purpose of security and compliance.


4. Data Accuracy & Dispute Resolution


Our Role: Because Kizuna acts as a Data Processor, we do not create, maintain, or control the source data in a background check report. That data comes from a regulated Consumer Reporting Agency (CRA).


Identifying the Error: If you believe there is an error in a report, it generally falls into one of two categories:


  • Source Data Errors (e.g., wrong criminal record, incorrect date): If the information contained in the original background check report (PDF) is incorrect, this is a dispute with the CRA. Kizuna cannot correct source data. You must file your dispute directly with the CRA that prepared your report. Their contact information is typically listed on the report copy provided to you by the potential employer.

  • Platform Display Errors (e.g., formatting): If the original PDF report is accurate, but you believe the Kizuna Platform is displaying it incorrectly (e.g., a parsing error), please contact the Employer. They can submit a technical support request to us to verify and correct the display issue.

  • Evaluation Inquiries (e.g., crime category classifications): If the underlying background check data is factually correct, but you disagree with how it has been categorized or labeled in the Platform, there are two possibilities:

    • Employer Policy Disputes: If you disagree with the weight given to a correct record (e.g., "My theft charge shouldn't be disqualifying"), this is a question regarding the Employer's hiring policy. The Employer configures their own risk models. Please contact the Employer to request an individualized assessment.

    • Technical Classification Errors: If you believe the Platform has factually misclassified a record (e.g., my report contains a "Misdemeanor" but the Platform incorrectly tagged it as a "Felony"), please contact the Employer, who can submit a Technical Support Ticket to Kizuna. If we confirm a technical error, we will correct the classification to match the source document. Note: We cannot change the source document itself.


Disputes, Corrections & Candidate Context: Because Kizuna acts only as a technology provider (Processor) and not a Consumer Reporting Agency (CRA), we cannot investigate your history, contact court clerks, or modify your background report. 


  • Disputing Inaccurate Data (Contact the CRA): If the information in your background report is factually incorrect (e.g., wrong name, incorrect criminal record details, incorrect dates, etc.), you must contact the CRA that prepared the report to file a dispute. Kizuna cannot correct source data. 


  • Providing Context & Evidence (Use the Portal): If you wish to provide "Candidate Context," rehabilitation evidence, or an explanation of your history: 

    • Do NOT email Kizuna Support: Our support team cannot evaluate or forward legal documents sent via email. 

    • Use the Secure Portal: If the Employer has invited you to provide context, you must upload your documents securely through the Candidate Portal link provided. These submissions are routed directly to the Employer for their review. Kizuna does not evaluate or verify this evidence. 


  • Updating Your Records: If you successfully dispute an error with the CRA, the correction may not immediately appear in the Kizuna Platform in real time. You should notify the Employer once your record has been corrected so they can order a fresh report.


  • Appeals: If we decline to act on your request, you may appeal by replying to our response; we will respond within 45 days with our decision and further recourse information.


5. Security Measures
We use enterprise-grade measures designed to protect personal information and the sensitive credentials you entrust to us. Our security program includes:


  • Encryption: Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 (or stronger).

  • Secrets Management: We use dedicated key-management systems to isolate and encrypt the Provider Credentials (API keys) you store with us.

  • Access Control: We enforce Role-Based Access Controls (RBAC) and Multi-Factor Authentication (MFA) for all internal privileged access.

  • Personnel Security: All Kizuna employees undergo security awareness training and, where legally permissible, undergo background checks appropriate for their roles.

  • Monitoring: We employ continuous logging, monitoring, and regular vulnerability scanning to detect threats.


Shared Responsibility: No system is perfectly secure. You are responsible for maintaining the security of your account credentials and for the physical security of your own network and endpoints.


6. AI/Model‑Hosting Services
We may use third‑party AI infrastructure (e.g., model‑hosting or inference services) to power certain features. These providers act as subprocessors under our DPA and process the minimal inputs/outputs needed to provide inference. We do not permit training of provider generalized models on Customer Data unless a Customer opts in in an Order/DPA exhibit. See our Subprocessor Page for current providers and regions.


7. Research & Model Improvement
Kizuna is committed to advancing the practice of fair-chance hiring and reducing recidivism through data-driven insights.
Our platform is built on fair hiring principles, including criminological research regarding "desistance" (the decline in offending over time). To ensure our risk models remain scientifically valid and fair, we partner with leading academic researchers (e.g., from institutions like Harvard and the University of Virginia) to study anonymized criminal conviction patterns.

Why We Do This: Our goal is to replace assumptions with evidence to advance fair-chance hiring. By analyzing historical patterns in Aggregated and De-identified Data, we generate insights that help organizations evaluate and improve the fairness of their hiring policies. Furthermore, our academic partnerships aim to contribute to the public understanding of desistance and recidivism, making high-quality research accessible to the broader community.


How We Use Data for Research:


  • Aggregated & De-Identified Data: We may aggregate and de-identify Candidate Data (stripping all direct identifiers like names, SSNs, and DOBs) to create "Research Datasets." These datasets are used to validate models, analyze hiring trends, and provide hiring insights to our Customers. We may retain Aggregated & De-identified Data (including Research Datasets) for longer than we retain identifiable personal information, because it no longer reasonably identifies an individual.

  • Academic Partnerships: We share Research Datasets (never identifiable PII) with approved academic institutions and research partners (e.g., university research labs) to conduct independent validation studies and advance the field of criminological study.

  • No "Selling" of Identity: We do NOT sell, rent, or trade identifiable candidate profiles to data brokers, advertisers, or background check companies. Our research focus is on patterns, not people.


8. How We Share Information

We do not sell personal information. We disclose data only as follows: 


  • Service Providers (Subprocessors): We share data with trusted vendors (e.g., AWS for hosting, OpenAI for automation, SendGrid for email) who are contractually bound to use data only to provide services to Kizuna and must maintain security confidentiality. 

  • Integration Partners: We share data with third-party platforms (e.g., your ATS, CRA, or HRIS) at the Customer’s specific direction to facilitate your chosen workflow. 

  • Academic & Research Partners: We share Aggregated and De-identified Data only with approved researchers (e.g., universities) to validate and improve our models. This data cannot reasonably be used to identify any individual. 

  • Legal & Safety: We may disclose data to law enforcement, regulators, or professional advisors (lawyers/auditors) if required by law (e.g., subpoena) or to protect the safety, rights, or property of Kizuna or others. 

  • Business Transfers: In the event of a merger, acquisition, or asset sale, customer data may be transferred as a business asset, subject to this Policy’s protections.


9. Your Privacy Rights (U.S. States)
Residents of states with comprehensive privacy laws (including California, Colorado, Connecticut, Delaware, Oregon, Texas, Utah, Virginia, and others) have certain rights regarding their personal information, subject to legal exemptions. These rights generally include: 


  • Right to Know/Access: Confirm if we are processing your data and get a copy. 

  • Right to Correct: Fix inaccurate data. 

  • Right to Delete: Request erasure of your data. 

  • Right to Opt-Out: Opt out of "sales," "sharing" (for cross-context ads), or targeted advertising. 

  • Right to Portability: Get your data in a usable format. 

  • Right to Limit Sensitive Personal Information: In some cases, you may have the right to request that we limit our use and disclosure of your Sensitive Personal Information. Because Kizuna uses Sensitive Personal Information only as reasonably necessary to provide and secure the Platform (and, for Candidates, generally in FCRA-exempt contexts), there is typically no additional use to limit, but we will review and respond to any such request in accordance with applicable law.


How to Exercise These Rights: 


  • For Site Visitors & B2B Users (Marketing/Account Data): Because Kizuna acts as the Controller of this data, you may exercise your rights directly by emailing privacy@kizuna.solutions. We will respond within the timelines required by your state’s law (typically 45 days). 


  • For Candidates (Background Check Data): Important Limitation: Personal information contained in Report Artifacts and other background-check data is governed by a federal law called the Fair Credit Reporting Act (FCRA). 

    • See the Exemption: For example, see California Civil Code § 1798.145(d) and similar exemptions in laws such as the Virginia VCDPA and Texas TDPSA.

    • Contact the Employer: For data where Kizuna acts as a Processor (e.g., your background report), we cannot process requests directly. You must contact the Employer or CRA who ordered the report. We will cooperate with them to fulfill valid requests. 


  • Verification: To protect your privacy, we must verify your identity before processing a request. We may ask you to confirm information associated with your account or use a third-party verification method.

  • Non-Discrimination: We will not discriminate against you (e.g., by denying services or charging different rates) for exercising your privacy rights. 


California Notice (CCPA/CPRA): 

  • No Sale/Share: We do NOT sell your personal information for money. We do not "share" Candidate Data for cross-context behavioral advertising. 

  • Sensitive Info: We use Sensitive Personal Information (like SSNs) only for the exempt purpose of performing background check services under the FCRA and as instructed by the Employer. We do not use it to infer characteristics for marketing. Data Categories: 

  • For a full list of categories collected, sources, and retention periods, please see our California Data Category Disclosures.

Automated Decision Tools

Where Kizuna qualifies as a ‘developer’ or similar provider under AI or AEDT laws, we will make available any required documentation on our AI Compliance page. For additional detail on the categories of personal information we collect, purposes of use, and types of third-party recipients (including California’s CCPA/CPRA requirements), please see our California Data Category Disclosures page, which we use as a baseline framework for other U.S. state privacy laws.


10. International Data Transfers
Kizuna is headquartered and operates exclusively in the United States. 


  • U.S. Processing: The Platform is intended for use by U.S. employers and candidates. If you access the Platform from outside the United States, you acknowledge that your personal information will be transferred to, stored, and processed in the U.S., where privacy laws may be less protective than those in your home jurisdiction. 

  • Transfer Mechanisms: For any incidental Business (B2B) data transfers from the EEA, UK, or Switzerland to the U.S., we rely on Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) as our legal transfer mechanism.


11. Third‑Party Sites & Services

The Platform may integrate with CRAs, ATSs, and other services. Their privacy practices are governed by their own policies. When you connect those services, you instruct us to exchange information with them as needed to provide the integration.

Single Sign-On (SSO). If you choose to log in to the Platform using an identity provider (such as Google Workspace or another SSO provider), we receive limited account information from that provider, such as your name, work email address, and basic profile information, so that we can authenticate you, link your identity to a Kizuna account, and log sign-in activity. We do not gain access to your Google Drive, Gmail contents, or contacts as part of this login flow. Your use of any SSO provider remains subject to that provider’s own terms and privacy policy. You can disconnect SSO access through your identity provider’s settings at any time, although doing so may affect your ability to access the Platform using that login method.

Use of Google APIs (If Enabled by a Customer). Some Customers may choose to connect Google services (for example, Google Workspace email or calendar) to the Platform. When a Customer enables one of these integrations, Kizuna accesses only the Google data necessary to provide the requested feature (for example, specific emails related to candidate communications or scheduling information) and only while the integration remains active. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular, we do not use Google-sourced data for advertising, do not sell it, and do not allow humans to read it except where required for security, abuse investigation, support with your consent, or as otherwise permitted by Google’s policies.


12. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will update the Last Updated and provide additional notice where appropriate (e.g., banner, email, admin console).


13. Contact Us

Email: privacy@kizuna.solutions
Postal: Kizuna Solutions Inc., 2108 N St Ste C, Sacramento, CA 95816

Notices: Legal notices to Kizuna must be sent to legal@kizuna.solutions and to:

KIZUNA SOLUTIONS INC.

2108 N ST STE C

SACRAMENTO, CA 95816

DMCA Agent: If you believe content on the Site infringes your copyrights, please send a notice to legal@kizuna.solutions and the mailing address above with the information required by 17 U.S.C. § 512(c)(3).