Trust Center

Security, privacy, and compliance at CheckHumans.

We build trust scoring tools — and we take the trust our customers place in us seriously. This page outlines our security practices, data handling commitments, and compliance readiness.

Start Free See pricing

5 outputs

Human trust score, intent score, classification, recommended action, and risk reasons on every event

1 trust layer

The same model powers signups, leads, logins, WordPress flows, and agent access decisions

0 blanket friction

Trusted users move through cleanly, while risky traffic gets targeted control instead of universal CAPTCHAs

Security operations

Secret key rotation with full audit trails, session protections with CSRF and rate limiting, encrypted data in transit (TLS 1.2+) and at rest, and documented incident response procedures.

Data protection

CheckHumans processes only the data you send. We act as a processor for event data and as a controller for account data. No personal data is sold or used for advertising. Enterprise DPAs available on request.

Infrastructure

Hosted on isolated infrastructure with automated backups, database encryption, access controls with principle of least privilege, and continuous monitoring for security anomalies.

Compliance readiness

Designed with GDPR, CCPA, and SOC 2 principles in mind. Cookie consent management, data retention controls, right-to-deletion support, and subprocessor transparency.

Enterprise commitments

Data Processing Agreements

Enterprise customers can request a formal DPA covering data processing terms, subprocessor lists, and Standard Contractual Clauses (SCCs) for cross-border transfers.

Subprocessor transparency

We maintain a list of subprocessors (hosting, email, payment, analytics) and notify enterprise customers of material changes before they take effect.

Incident response

Documented incident response procedures with notification to affected customers within 72 hours of confirmed data breaches, in compliance with GDPR Article 33.

Data retention & deletion

Event data retention is configurable per customer. Account data is retained for the duration of the service relationship. You can request full data export or deletion at any time.

Access controls

Role-based access, audit logging for all administrative actions, API key rotation without downtime, and workspace-level isolation for multi-tenant deployments.

Security questionnaires

We respond to security questionnaires and vendor risk assessments for enterprise customers. Contact legal@checkhumans.com to initiate the process.

Legal documents

📄 Privacy Policy 📋 Terms of Service (incl. Acceptable Use & Refund Policy)

📑 Data Processing Agreement — available on request

Contact

PBT Construction LLC d/b/a CheckHumans

Security & legal inquiries: legal@checkhumans.com

Privacy requests: privacy@checkhumans.com

General support: support@checkhumans.com