VICTIG Connect — Privacy Policy

Effective date: June 29, 2026  ·  Last updated: June 29, 2026

1. Introduction & Scope

This Privacy Policy explains how Victig Background Screening (“VICTIG,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with VICTIG Connect — our browser extension for Google Chrome and Apple Safari (the “Extension”) and the associated backend API and web portal (together, the “Service”).

VICTIG is an employment background-screening company. VICTIG Connect is a business-to-business (B2B) tool provided to VICTIG’s business clients — employers, human-resources teams, recruiters, and their authorized staff (each, a “Client User”) — to help them initiate employment background-check orders for job applicants and candidates (“Candidates”).

VICTIG Connect is not directed to individual consumers for personal use and is not directed to children. It is used by authorized personnel of VICTIG’s business clients in the course of their work.

This policy covers:

This policy does not cover:

By using VICTIG Connect, Client Users agree to the practices described in this policy and represent that they are authorized to use the Service on behalf of their organization.

A note on roles (FCRA, GDPR, and CCPA/CPRA)

VICTIG Connect operates in a consumer-reporting context governed by the U.S. Fair Credit Reporting Act (“FCRA”) and analogous state laws. The information entered or captured in VICTIG Connect is used to initiate a background check (a “consumer report”). The permissible purpose for the report, and the disclosures and written authorizations that must be provided to and obtained from the Candidate, are the responsibility of the requesting employer/client and the screening platform provider (the consumer reporting agency). VICTIG Connect is the intake tool that transmits the order; it does not itself adjudicate, score, or make hiring decisions about any Candidate.

2. Information We Collect

We have intentionally designed VICTIG Connect to collect only the limited information needed to initiate a background-check order. We describe each category below.

2.1 Candidate personal data (collected through user-initiated page reading)

When a Client User is viewing a Candidate’s page in their ATS and chooses to open the VICTIG Connect Extension popup, the Extension reads the content of that single active browser tab to extract the Candidate’s contact details:

This page reading is strictly limited and user-initiated:

The captured Candidate contact details are used solely to initiate the requested background check (see Section 3).

2.2 Client User account data

To use VICTIG Connect, Client Users sign in to a VICTIG Connect account. We collect and process:

2.3 Operational and audit data

To operate the Service securely and to meet our compliance obligations (including FCRA-related recordkeeping and security best practices), we collect and retain:

We use this operational and audit data for security, fraud prevention, troubleshooting, integrity of the order trail, and compliance — not for advertising or profiling.

2.4 Web portal cookies and similar technologies

The VICTIG Connect web portal uses strictly necessary/session cookies (or equivalent local storage) to keep Client Users signed in and to operate the portal securely. The portal does not use any analytics, advertising, performance-tracking, or other non-essential cookies or third-party tracking technologies.

2.5 What we do NOT collect or do

For clarity, VICTIG Connect does not:

3. How We Use Information

VICTIG Connect has a single, specific purpose: to let authorized Client Users initiate employment background-check orders. We use the information we collect only to deliver and support that purpose:

Legal bases (GDPR). Where the GDPR applies, we rely on the following legal bases:

No automated decision-making about Candidates. VICTIG Connect does not make automated decisions producing legal or similarly significant effects about Candidates. Hiring and adjudication decisions are made by the employer/client, not by VICTIG Connect.

4. Extension Permissions, and the Chrome Web Store “Limited Use” Statement

4.1 Permissions the Extension requests, and why

The Extension requests the minimum permissions needed to perform its single purpose. We do not request broad or persistent access to your browsing.

PermissionWhy we request it
activeTabGrants the Extension temporary access to the currently active tab only at the moment you invoke the Extension (open the popup). This lets the Extension read the Candidate contact details on the ATS page you are actively viewing. It does not grant ongoing or background access, and it does not apply to other tabs or sites.
scriptingLets the Extension run a small content script — only when you invoke it — to locate and extract the specific contact fields (name, email, optional phone) from the active page so you can review and edit them.
storageLets the Extension store your authentication token(s) and minimal app preferences locally in your browser on your own device, so you stay signed in and the Extension functions.

The Extension also declares host permissions limited to (a) the VICTIG Connect backend API origin and (b) the Supabase authentication endpoint — used solely to make the authenticated API calls that place orders and manage your session. The Extension does not request broad host access to arbitrary websites.

4.2 Single-purpose declaration

The single purpose of VICTIG Connect is to enable authorized Client Users to initiate employment background-check orders by capturing, reviewing, and submitting a Candidate’s contact details to VICTIG’s screening platform. All permissions and data handling described in this policy exist to serve that single purpose.

4.3 Chrome Web Store “Limited Use” statement

VICTIG Connect’s collection and use of information from the Extension comply with the Chrome Web Store User Data Policy, including its Limited Use requirements. Specifically:

  1. Limited use of data. We only collect and use the data described in this policy, and we use it solely to provide and improve the single purpose of VICTIG Connect — initiating background-check orders. We do not use it for any unrelated purpose.
  2. No unauthorized transfer. We do not transfer this data to third parties except: (a) as necessary to provide or improve the single purpose (for example, transmitting order details to our screening platform and infrastructure sub-processors, as described in Section 5); (b) to comply with applicable law or a valid legal request; (c) to protect against security threats, fraud, or abuse; or (d) as part of a merger, acquisition, or sale of assets, with notice to affected users as required by law.
  3. No advertising use. We do not use or transfer this data for personalized, targeted, or any other form of advertising, and we do not use it for creditworthiness or lending purposes.
  4. No unauthorized human reading. We do not allow humans to read the data, except: (a) where necessary to provide or support the Service at your request or with your consent; (b) for security purposes (such as investigating abuse); (c) to comply with applicable law; or (d) where the data has been aggregated and de-identified for internal operations.

4.4 Safari and other distributions

Where VICTIG Connect is distributed for Apple Safari (via the App Store) or other browsers, we apply equivalent data-minimization and limited-use practices, and we comply with the applicable platform’s developer and privacy program requirements.

5. How Information Is Shared

We share personal information only as needed to provide the Service and to meet legal and security obligations. We do not sell or rent personal information, and we do not share it for cross-context behavioral advertising.

5.1 Screening platform provider

To fulfill an order, we transmit the Candidate’s contact details to VICTIG’s screening platform provider, TazWorks (InstaScreen), which performs and stores the background check. This provider acts as the system of record for background-check data and operates as a consumer reporting agency subject to the FCRA, including FCRA recordkeeping and retention requirements (typically up to approximately seven (7) years).

5.2 Infrastructure sub-processors

We use trusted service providers (“sub-processors”) to host and operate the Service under contractual confidentiality and data-protection obligations. They may process personal information only on our instructions and only to provide their services to us:

Sub-processorPurposeProcessing region
SupabaseAuthentication and databaseUnited States
Amazon Web Services (Lightsail)Application hostingUnited States
Amazon SESTransactional email (invites, password resets)United States

We keep this sub-processor list current. If we add further providers, we will update it here or on a separately linked sub-processor page.

5.3 Legal, safety, and corporate transactions

We may disclose information: (a) to comply with applicable law, regulation, legal process, or an enforceable governmental or court request; (b) to enforce our terms or protect the rights, property, security, or safety of VICTIG, our clients, Candidates, or others; and (c) in connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case we will require the recipient to honor this policy or provide notice as required by law.

5.4 At your client’s direction

Because VICTIG Connect is a B2B tool, we may share information with, or as directed by, the business client whose account a Client User is using (for example, the employer or organization that authorized the Client User’s access).

5.5 No sale or sharing for advertising

We do not sell personal information and do not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA or similar laws. We have not done so in the preceding 12 months.

6. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy or as required by law.

When personal information is no longer needed, we delete, anonymize, or securely retain it as required by applicable law.

7. Data Security

We maintain administrative, technical, and organizational safeguards designed to protect personal information, including:

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting personal information, we will respond and provide notifications as required by applicable law and our contracts.

8. Your Privacy Rights

Your rights depend on where you live and on the nature of the information. Important: where information is governed by the FCRA, certain rights are exercised through the FCRA framework (for example, disputing the accuracy of a consumer report is handled through the screening platform/consumer reporting agency and the employer, not through VICTIG Connect). The CCPA also exempts FCRA-regulated activity to the extent described in Section 1.

8.1 California (CCPA/CPRA)

Subject to applicable exemptions (including the FCRA exemption), California residents may have the right to:

8.2 EEA / UK (GDPR / UK GDPR)

Subject to applicable conditions and exemptions, individuals in the EEA or UK may have the right to: access; rectification (correction); erasure; restriction of processing; data portability; objection to processing (including processing based on legitimate interests); rights related to automated decision-making (which we do not perform, as noted in Section 3); and the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority (or, in the UK, the Information Commissioner’s Office).

8.3 Other U.S. states and jurisdictions

Residents of other U.S. states with comprehensive privacy laws (and individuals in other jurisdictions) may have similar rights. We honor applicable rights and disclosures required by the laws of the jurisdictions in which our users are located.

8.4 How to exercise your rights

To make a request, contact us at support@victig.com (see Section 12). Please tell us what right you wish to exercise and provide enough information for us to locate the relevant records.

9. Children’s Data

VICTIG Connect is a B2B tool intended for use by authorized adult personnel of VICTIG’s business clients. It is not directed to children, and we do not knowingly collect personal information from children. The Service is not intended for anyone under the age of 16 (or the applicable age of majority in your jurisdiction). If you believe a child’s information has been provided to us in error, please contact us at support@victig.com so we can address it.

10. International Data Transfers

VICTIG is located in Utah, United States, and we and our sub-processors process personal information in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in a country whose data-protection laws differ from those of your own.

Where required (for example, for any transfer of personal data subject to the EEA or UK GDPR), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum.

11. Changes to This Policy

We may update this policy from time to time to reflect changes to the Service, our practices, or legal requirements. When we make material changes, we will update the “Last updated” date above and, where appropriate or required, provide additional notice (for example, through the Service or by email to Client Users). The version published at https://connect.victigdevelopment.com/privacy-policy.html is the current version. Your continued use of VICTIG Connect after an update takes effect constitutes acceptance of the revised policy, to the extent permitted by law.

12. Contact Information

If you have questions about this policy or our privacy practices, or wish to exercise a privacy right, contact us at:

Victig Background Screening
Attn: Privacy
14442 S Center Point Way, Bluffdale, UT
Email: support@victig.com