Our Privacy Principles
These are the seven guiding principles that form the core of our mission. We strive every day to integrate them into our work and into the products we build.
Consumers have the right to know what data we have about them, how it is used, and who has access to it.
- All privacy notices are kept up to date with descriptions of Inflection’s data handling practices, and are modified accordingly if our data handling practices change.
- A designated resource is available to answer additional privacy-related questions.
We strive to ensure that all data about a consumer is accurate and up-to-date, acquired ethically, and attributable and tethered to a source.
- New data sources are analyzed to make sure they meet appropriate data accuracy thresholds before being incorporated into any Inflection datasets.
- All personal information is directly attributable to a data source, so that the cause of any inaccuracies can be pinpointed.
- We acquire data from legitimate original sources (e.g. courts, state or local record agencies, consumers who have given clear consent, etc.), or from data providers who acquire their data from legitimate original sources.
- We do not acquire personal information from data providers if there is sufficient reason to believe that the provider obtained it unethically or improperly.
- We do not scrape data from social networks.
We use data for its intended purpose, and implement reasonable controls to ensure our customers and partners do the same.
- We maintain separate databases for personal data and customer and analytics data, and do not use personal data for marketing purposes.
- If a customer indicates that they intend to acquire information from us for a purpose covered by the FCRA, we take steps to actively restrict that customer from accessing non-FCRA compliant products.
- Our products are not intended to be used as a marketing tool. As such, we do not sell or provide unrestricted access to bulk customer data.
- We periodically reassess data under our control to ensure that we retain only the minimum amount of information necessary to achieve the purpose for which it was collected, and securely destroy any outdated or unnecessary data.
Access & Control
Consumers have the right to access and correct their data as appropriate, as well as control where and how that data is used, with some exceptions for certain types of public records.
- We allow customers to access the personal information that we have about them.
- Customers may update, correct, and make their data private, where appropriate. For records that we do not or cannot allow customers to change (e.g. certain court records), we provide a dispute process and instructions for contacting the original data source.
- When a customer sets privacy preferences for use of their information, we implement filters to search for and set appropriate access controls on records that may be created about that customer in the future.
We follow best practices to ensure the security and proper use of all personal information and other customer data. This includes encrypting sensitive information, employing administrative, physical, and technical controls, and auditing by reliable external security vendors.
- Customer credit cards are stored in encrypted form, and passwords are securely hashed.
- All data is encrypted during transit between our datacenters.
- We maintain independently-audited PCI-DSS compliance.
- Where possible, we use HTTPS by default on our websites.
- Employee access to customer data is audited and restricted to the minimum necessary access level.
Privacy by Design
All products are designed and built to incorporate consumer privacy protections. We strive to align our use of personal data with societal privacy expectations.
- We work to incorporate the principles of the Privacy by Design framework into all products we create.
- We do not retain or display Social Security Numbers in our people search products, even when they are provided by a data source.
- We do not display religious, political, income, or sensitive character information.
- We do not knowingly display information about minors, and we take reasonable efforts to suppress or appropriately curate information about celebrities and public figures.
Education & Advocacy
We provide employees and customers alike with effective resources to help them understand good privacy and security practices. We always strive to act as advocates for our users, especially in situations where they may not be able to effectively protect their own privacy without assistance.
- We provide educational materials to help our users make informed decisions about their personal information.
- We provide resources to help our users with protecting their identity across the internet.
- We require a valid warrant or subpoena before providing customer information to any government or law enforcement agency, and will notify our customers of any such request where possible, unless forbidden by law or court order.