How we manage your personal information
You are rightly concerned about protecting your sensitive, personal information. As the vendor completing Form I-9 for your employer, Verifyi9 may have temporary access to your personal information normally found on the form. This information may include your name, address, date of birth, Social Security number, phone number, email address, citizenship status, and signature. This information may also include personal information commonly found on identification documents including passports, driver’s licenses and Social Security cards, among others.
This article explains the measures that we take to protect your personally identifiable information (PII).
Web forms and "the Cloud"
When you submit the information needed to complete Form I-9, we will receive it via a secure form at this web site. This site is hosted by Kinsta, a premium site host on the Google Cloud Platform. HTTPS access to web forms is forced and obsolete browsers are rejected, meaning that the data is encrypted in transit from your browser to our server via the web form. Both Kinsta and their CDN partner, KeyCDN, support TLS 1.3, the current and strongest encryption protocol available. The Google Cloud Platform provides encryption at rest, meaning that your PII is encrypted and useless to potential hackers for as long as we control it.
Your personal information is stored in the United States (South Carolina, specifically). Our web environment is self-contained and exclusive, meaning that we do not share space with other web sites that might be less secure or contain malicious files.
While on the secure server, the data is accessible only via a hashed URL. Files are deleted programmatically after the business purpose for which the data was collected has concluded.
We do not transmit PII by email unless requested by a client or the owner of the information and sending PII to us by email is strongly discouraged.
Local access and storage of PII
The PII on the secure server may be accessed by Verifyi9 personnel as we work to complete Form I-9 for your employer. All access to PII is controlled by our Information Security Policy and various other policies (linked below). When files containing PII are downloaded to workstations, the files are deleted programmatically at the end of each work day.
Verifyi9 personnel who have access to PII must periodically pass a background check and must agree to comply with applicable policies. We do not use independent contractors in our remote I-9 process; all personnel who have access to your information are Verifyi9 employees, vetted and trained by us, working in the United States, and subject to our data security policies.
Other platforms
Verifyi9 does not use a proprietary platform or application to store or process PII. We do use several publicly-available, premium services as components of our business processes including Airtable, Slack, and Google Workspaces. However, these services do not retain any of your PII except for name, email address, phone number, and Employee ID, if your employer provides it.
Policies
Verifyi9 is committed to earning your trust in our ability to protect your sensitive information. You are invited to review our policies on the topic and we welcome your questions.