Plain language first. Full legal language second. The plain language always wins where the two conflict.
The candidate side of 2SRep exists to give a person a durable, transportable record of their trajectory. That record belongs to the person. Not to us. Not to an employer. Not to a reporting agency. Never to an advertiser.
Every stream — Khan Academy, Uber, Planet Fitness, Plaid, LinkedIn, your church platform, your gig apps — is opt-in via OAuth. You choose which platforms connect, and you can disconnect any of them from your dashboard at any time. Disconnection cascades within minutes and is anchored on the immutable ledger so we cannot silently retain a source you cut.
An employer, recruiter, or reporting agency cannot pull your record on their schedule. Every read is per-request click-approval by you, timestamped, and receipted. If you deny a request, they see nothing except that you exist on the platform. If you approve a request, they see the fields you approved for that specific request.
2SRep is not a consumer reporting agency (CRA) under the Fair Credit Reporting Act. We do not make adverse-action determinations. We do not sell files to employers. When a partner CRA integrates our context API to enrich the report they produce, the partner CRA remains the CRA of record and inherits the FCRA obligations for the report they issue. 2SRep is subject-consented, event-sourced, and disputable through the Resolution System (ROS).
Employer public scorecards are derived from publicly observable behavior (job posts, application funnel timing, response times), from feedback verified candidates submit after their process closes, and from data flowing through opt-in partner ATS integrations. Employers cannot make their scorecard disappear. They can subscribe to see their own inputs and dispute individual entries through ROS.
Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Verified events are cryptographically anchored on the XODIAK ledger. Access to production systems is logged, time-boxed, and subject to a break-glass audit trail. Peter Holcomb (Optimo IT) advises 2SRep on security posture as fractional CISO.
You may request a complete export, a correction, or a full deletion of your record at any time. Requests are processed within 30 days. Deletion is honored except where retention is legally required (for example, a court-ordered attendance log tied to an active case) or subject to a documented dispute pending in ROS. In both exception cases, the retained data is quarantined and inaccessible to any third party. Email privacy@2srep.com.
The public site uses only session cookies necessary for waitlist signups and account authentication. We do not run third-party ad tracking, pixel-based retargeting, session-recording tools, or cross-site fingerprinting. Aggregate traffic analytics are collected without cookies, on our own infrastructure.
Any material change to this policy is announced on the site at least 30 days before it takes effect and pushed to registered users by email. The full change log is public.
Privacy questions: privacy@2srep.com. Legal: legal@2srep.com. Postal address is provided on written request via email.