Legal Center

Privacy Policy

How Kizuna collects, uses, stores, and protects personal data in connection with our platform and services.

Last updated: March 24, 2026 Applies to: All Users & Website Visitors

Summary

This Privacy Policy explains what personal data Kizuna collects, how we use it, and the choices and rights available under applicable law. Kizuna provides workflow software for background check review and is not a consumer reporting agency or furnisher of consumer reports.

Table of contents
  1. 1. Introduction
  2. 2. Key Terms
  3. 3. What Personal Information We Collect
  4. 4. How We Use Personal Information
  5. 5. Retention
  6. 6. Security Measures
  7. 7. AI and Model-Hosting Providers
  8. 8. How We Share Personal Information
  9. 9. Customer-Routed Candidate Data and Requests
  10. 10. State Law Privacy Rights
  11. 11. Privacy Rights
  12. 12. International Data Transfers
  13. 13. Third-Party Sites & Services
  14. 14. Changes to this Policy
  15. 15. Contact Us

1. Introduction

Kizuna provides configurable workflow software that helps organizations structure and document their internal review of background screening reports obtained from consumer reporting agencies ("CRAs"). Kizuna is not a consumer reporting agency, does not create, modify, or furnish consumer reports, and does not make employment, eligibility, or adverse-action determinations. The original report furnished by the CRA remains the authoritative record, and our customers are responsible for their screening criteria, workflows, and decisions.

This Privacy Policy explains how Kizuna handles personal information in connection with our website, marketing and business contacts, account administration, and the Kizuna Platform. When customers submit, route, or authorize us to retrieve Screening Reports, Report Artifacts, or related candidate data through the Platform, Kizuna generally acts as a processor or service provider on the customer's behalf under the Platform Terms and Data Processing Addendum ("DPA"). This Policy does not govern how our customers, CRAs, or other third parties handle personal information under their own policies and legal obligations.

Who we are: Kizuna Solutions Inc. ("Kizuna," "we," "us").

2. Key Terms

"Customer" means the business customer that contracts with Kizuna for access to the Platform or Services. If a CRA or other channel partner accesses Kizuna under a separate written partner, reseller, or integration agreement, that separate agreement governs to the extent of any conflict.

"Consumer Reporting Agency" or "CRA" means a third-party entity that furnishes consumer reports or similar screening reports and is legally responsible for the underlying source data it provides.

"Screening Reports" means background screening reports, including consumer reports and investigative consumer reports where applicable, that a Customer obtains directly from a CRA under the Customer's own account or contractual relationship with that CRA.

"Report Artifacts" means the files, payloads, report data elements, identifiers, and related metadata contained in, derived from, or associated with Screening Reports that a Customer or its authorized providers submit to, route through, or authorize Kizuna to retrieve through the Platform for processing on the Customer's behalf. Report Artifacts are supplied by the Customer or its providers, are not created or furnished by Kizuna, and remain distinct from Kizuna-generated outputs.

"Aggregated and De-identified Data" means data derived from Customer Data that has been aggregated and/or de-identified such that it cannot reasonably be used to identify any individual or Customer and cannot reasonably be used to reproduce the substantive content of any Screening Report or Report Artifact.

Capitalized terms used but not defined in this Policy have the meanings given in the Platform Terms or, where applicable, the DPA.

Children: The Site and Platform are intended for business professionals and are not directed at children under 16. We do not knowingly collect personal information from children; if we learn that we have done so in violation of this Policy, we will delete that information and take reasonable steps to prevent further collection.

3. What Personal Information We Collect

Depending on how you interact with Kizuna, we may collect the following categories of personal information:

3.1 Website and Marketing Data

Contact details, company information, form submissions, cookies, IP address, device identifiers, and analytics data relating to visits to our Site, demo requests, scheduling tools, and marketing interactions.

3.2 Account and Authorized User Data

Name, business email, company, role/title, account identifiers, billing-related information, sign-in history, and limited profile information received from an identity provider if single sign-on is enabled.

3.3 Customer Configuration Data

Customer Configurations such as workflow selections, rule definitions, review criteria, communication templates, integration settings, and other non-source-data instructions configured within the Platform.

3.4 Customer-Routed Candidate Data

Screening Reports, Report Artifacts, candidate context submissions, employer annotations, workflow metadata, and related audit information that Customers or their authorized providers submit to, route through, or authorize Kizuna to retrieve through the Platform.

3.5 Integration and Credential Data

API keys, webhook tokens, OAuth tokens, service-account credentials, connection settings, and related metadata used to authenticate and operate approved integrations.

3.6 Usage, Diagnostics, and Security Data

Log data, request metadata, timestamps, feature activation, performance metrics, error diagnostics, and related security information about how users and integrations interact with the Platform.

3.7 Credentialing and Compliance Data

Information used to verify business legitimacy, eligibility, and appropriate use of the Platform, such as business details, tax information, certifications, and supporting compliance materials.

4. How We Use Personal Information

We use personal information to:

  • operate, secure, and improve the Site and Platform;
  • create, provision, authenticate, administer, and support customer accounts and Authorized Users;
  • process payments, invoices, commissions, usage attribution, and related account administration;
  • provide the Platform and Services, including processing Customer-routed Screening Reports, Report Artifacts, Customer Configurations, and related data in accordance with the Customer's instructions, enabled features, integrations, and workflows;
  • operate approved integrations, APIs, webhooks, and related connection features;
  • monitor performance, prevent misuse, investigate incidents, and maintain the security and integrity of the Platform;
  • communicate with Customers and users about service operations, support issues, updates, and account-related notices; and
  • where permitted by law, send B2B marketing communications and measure campaign performance.

When Kizuna processes Customer-routed candidate data through the Platform, we generally do so on the Customer's behalf as a processor or service provider, as described in the Platform Terms and DPA.

You may opt out of marketing emails at any time. We do not sell your data for money.

5. Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, including to provide the Site and Platform, maintain accounts, support Customers, comply with law, resolve disputes, and enforce our agreements.

In general:

  • marketing and business-contact information is retained until you opt out or we no longer reasonably need it for our B2B relationship;
  • account, billing, and compliance records are retained for the duration of the customer relationship and for a reasonable period afterward for audit, tax, legal, and recordkeeping purposes;
  • logs, diagnostics, and security data are retained in accordance with our security and retention practices; and
  • Customer-routed data processed through the Platform is retained in accordance with the applicable customer agreement, DPA, Customer instructions, and legal obligations.

6. Security Measures

We use commercially reasonable measures designed to protect personal information and the sensitive credentials you entrust to us. Our security program includes safeguards which are appropriate given the sensitivity and volume of information processed. This may include, as appropriate:

  • Encryption: sensitive data is encrypted in transit using TLS 1.2+ and at rest using AES-256 (or stronger).
  • Secrets Management: We use dedicated key-management systems to isolate and encrypt the Provider Credentials (API keys) you store with us.
  • Access Control: We enforce Role-Based Access Controls (RBAC) and Multi-Factor Authentication (MFA) for all internal privileged access.
  • Personnel Security: All Kizuna employees undergo security awareness training and, where legally permissible, undergo background checks appropriate for their roles.
  • Monitoring: We employ continuous logging, monitoring, and regular vulnerability scanning to detect threats.
  • Shared Responsibility: No system is perfectly secure. You are responsible for maintaining the security of your account credentials and for the physical security of your own network and endpoints.

7. AI and Model-Hosting Providers

Some Platform features may use third-party model-hosting, inference, automation, or language-processing providers acting as Kizuna subprocessors. We disclose only the inputs and outputs reasonably necessary to provide the relevant feature, and we contractually prohibit those providers from using Customer Data to train their generalized models unless a Customer expressly opts in in a separate written agreement. Current subprocessors and hosting regions are described on our Subprocessor Page.

8. How We Share Personal Information

We do not sell personal information for money or share it for cross-context behavioral advertising. We may disclose personal information as follows:

  • Service Providers and Subprocessors. We share personal information with vendors and subprocessors that help us provide, host, secure, support, and improve the Site and Platform, subject to contractual restrictions and security obligations.
  • Integration Partners. At a Customer's direction, we may exchange information with third-party systems such as ATS, HRIS, identity providers, CRAs, and other approved integration partners to support the Customer's chosen workflow.
  • Payment Providers. Payment processors handle payment card and transaction information under their own terms and privacy policies.
  • Professional Advisors and Legal Compliance. We may disclose information to lawyers, auditors, regulators, law enforcement, or other third parties where required by law or reasonably necessary to protect Kizuna, our users, or others.
  • Corporate Transactions. We may disclose information in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets, subject to appropriate confidentiality and use restrictions.

9. Customer-Routed Candidate Data and Requests

When Customers submit, route, or authorize Kizuna to retrieve Screening Reports, Report Artifacts, candidate context submissions, or related candidate data through the Platform, Kizuna generally processes that information on the Customer's behalf as a processor or service provider. In those cases, the Customer is primarily responsible for providing notices, establishing a lawful basis for processing, and responding to privacy or access requests relating to that data.

If a request concerns the accuracy or completeness of a Screening Report, Report Artifact, or other source record furnished by a CRA or other provider, the Customer or originating CRA / provider is responsible for handling that request. Kizuna does not independently correct source report data supplied by third parties.

10. State Law Privacy Rights

Some state law provides residents of that state a number of rights as they relate to Personal Information. These are the "right to know", the "right to delete", and the "right to opt-out".

Right to Know. You may request Kizuna provide you the specific pieces of personal information that we process about you; categories of personal information we have collected about you; categories of sources from which the personal information is collected; categories of personal information that we sold or disclosed for a business purpose about you; categories of third parties to whom the personal information was sold or disclosed for a business purpose; and the business or commercial purpose for collecting or selling personal information. Please note that much of the information you can make a request for is already contained in this Policy. Should you wish to exercise this right, please see the section below which explains how to do so. If you do not have an account with Kizuna, we may ask for some Personal Information in order to verify your identity and your rights to the data subject to your request.

Right to Delete. California law gives residents a limited right to request deletion of their Personal Information. However, this right is limited by a number of exceptions. Fundamentally, if Kizuna has a permissible need to retain Personal Information, we are not under an obligation to delete such information, even when requested. Generally, we retain Personal Information so we may complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you; detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; debug to identify and repair errors that impair existing intended functionality of our online properties; enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Kizuna; comply with a legal obligation; or otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which your provided the information. As such, we generally do not accept requests to delete Personal Information. However, we will respond to requests to remove Personal Information from some of our systems as a part of a request to close or otherwise disable a membership account. If you would like to request deletion of Personal Information, please see the section below which explains how to do so. If you do not have an account with Kizuna, we may ask for some Personal Information in order to verify your identity and your rights to the data subject to your request.

Right to Opt-Out. Kizuna does not sell your Personal Information to third parties, and as such there is no need for you to opt-out of the sale of your Personal Information.

Designating an Authorized Agent. California law permits California residents to designate an agent to manage their rights under California law. If you would like to designate an agent to manage your privacy preferences, you may do so using the mechanisms noted below under "Exercising Privacy Rights". Note that If you do not have an account with Kizuna, we may ask for some Personal Information in order to verify your identity and your rights to the data subject to your request. We will also need sufficient Personal Information about your authorized agent to be able to identify them. As part of this process, you must have permission from your authorized agent to disclose their Personal Information to us for the purpose of acting as your agent.

Non-discrimination. California law does not permit Kizuna to discriminate against you because you exercised any your rights under this title, including, but not limited to, by: denying you access to goods or services; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level or quality of goods or services; suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Privacy Rights. If you are a California resident and would like to exercise any of your rights you may do so by emailing us at support@kizuna.solutions, or using our online privacy request form. You may also contact us by using the contact particulars noted in the "Contact Us" section below.

Appeals. Should you make a request to exercise your rights under this policy and we decline to fulfill this request, you may appeal our decision. In order to appeal, please use the same contact details in "Exercising Privacy Rights" and include the initial date of your request, the type of request, and any particulars which you feel would explain why you believe your request should be fulfilled. We will respond with a decision on your appeal within 45 days of our receipt of your appeal.

11. Privacy Rights

For personal information that Kizuna handles as a controller — such as Site visitor information, marketing contacts, and certain account administration data — you may submit a privacy request using the contact details below. We will respond in accordance with applicable law.

For personal information that Kizuna processes on behalf of a Customer through the Platform, please direct your request to the relevant Customer in the first instance. If we receive such a request directly, we may direct you to the Customer or, where appropriate, the originating CRA or provider.

12. International Data Transfers

Kizuna is headquartered and operates exclusively in the United States.

U.S. Processing: The Platform is intended for use by U.S. employers and candidates. If you access the Platform from outside the United States, you acknowledge that your personal information will be transferred to, stored, and processed in the U.S., where privacy laws may be less protective than those in your home jurisdiction.

13. Third‑Party Sites & Services

The Platform may integrate with CRAs, ATSs, and other services. Their privacy practices are governed by their own policies. When you connect those services, you instruct us to exchange information with them as needed to provide the integration.

Single Sign-On (SSO). If you choose to log in to the Platform using an identity provider (such as Google Workspace or another SSO provider), we receive limited account information from that provider, such as your name, work email address, and basic profile information, so that we can authenticate you, link your identity to a Kizuna account, and log sign-in activity. We do not gain access to your Google Drive, Gmail contents, or contacts as part of this login flow. Your use of any SSO provider remains subject to that provider's own terms and privacy policy. You can disconnect SSO access through your identity provider's settings at any time, although doing so may affect your ability to access the Platform using that login method.

Use of Google APIs (If Enabled by a Customer). Some Customers may choose to connect Google services (for example, Google Workspace email or calendar) to the Platform. When a Customer enables one of these integrations, Kizuna accesses only the Google data necessary to provide the requested feature (for example, specific emails related to candidate communications or scheduling information) and only while the integration remains active. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular, we do not use Google-sourced data for advertising, do not sell it, and do not allow humans to read it except where required for security, abuse investigation, support with your consent, or as otherwise permitted by Google's policies.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will update the Last Updated and provide additional notice where appropriate (e.g., banner, email, admin console).

15. Contact Us

Email: support@kizuna.solutions

Postal: Kizuna Solutions Inc., 2108 N St Ste C, Sacramento, CA 95816

Notices: Legal notices to Kizuna must be sent to legal@kizuna.solutions and to:

KIZUNA SOLUTIONS INC.
2108 N ST STE C
SACRAMENTO, CA 95816

Related documents

Data Processing AddendumContractual basis for data processing on behalf of platform customers.Read →SubprocessorsThird-party providers engaged to deliver the Kizuna platform.Read →Platform Terms of UseTerms governing access to and use of the Kizuna platform.Read →

Smarter hiring starts here

How it works Book a demo