Protecting your data

Share your police check

Worker Checks private blockchain protecting your Police Check personal data

Protecting your data – How we keep your data safe

Sending data to Worker Checks

Worker Checks use the highest level of security for internet traffic, with all communications secured using HTTPS. Our certificates use 2048-bit keys with SHA256 signatures. Our infrastructure supports TLS. We ask that you send all your information via our secure web site.If we require additional information from you – we will send you a secure link to upload your information.  We will never ask for your personal data via email or SMS.

What do we do with your data once we receive it

Everything you send us is stored Encrypted-At-Rest. This includes database records, uploaded images and backups. When you send us confidential information such as identity document information, we electronically send this to the relevant government department and store the outcome. In some instances we are required to send identifiers to the relevant police department. We consider identifiers as the most sensitive information you provide, and these are stored with an additional level of encryption.Your police check results are subject to further security and storage requirements. We add an additional layer of encryption to your result and store this on our secure, private blockchain. (Read Worker Checks private blockchain protects police check data ). After 15 months we delete all of your police check data (submission and result). Whilst we love having you as a customer and will send you a reminder 12 months after you submit your check, we will not use your check for marketing purposes and will delete it at the 15-month mark (this is a requirement under Commonwealth Government Legislation)

Protecting your data – How do we protect our Technology

All Worker Checks servers and other parts of our IT solution are protected by firewalls and protective routing infrastructure including leading internet security products. Infrastructure is located within Australia and is ISO 27001 and SOC2 certified. We also conduct regular third-party reviews just to make sure we are doing what we should to keep your information safe.

All Data stored in Australia

All Worker Checks data is stored onshore in Australia.  This is a Commonwealth requirement specified by the Australian Criminal Intelligence Commission (ACIC).

Organisations are not permitted to store the results of any Nationally Coordinated Criminal History Check (NCCHC) on a shared storage or Human Resource (HR) solutions platform that is accessible by other entities or is located outside of Australia.

If you are a business / enterprise customer of Worker Checks and need to store the results of any Nationally Coordinated Criminal History Check (NCCHC) on a shared storage or Human Resource (HR) solutions platform, you must provide Worker Checks with:

–        the state/territory and country of data centres used to store NCCHC information. In addition, If cloud-based, describe a high-level architecture overview including geographic hosting information.

Worker Checks will provide this information and gain approval from ACIC.

Use of In-House AI Application Assistant (AI Agent) for Regulated Background Checks

What This AI Agent Does:
Our in-house AI assistant helps you submit your bankruptcy report by securely collecting, verifying, and submitting your personal information. It only collects the essential details, such as your name and date of birth, to process your request.

Scope of AI-Assisted Checks

Our in-house AI Application Assistant is used only to assist with the submission of the following regulated checks:

  1. Bankruptcy Check
  2. Qualification Verification Check
  3. ASIC Banned and Disqualified Persons Check

These are the only checks for which agentic information-gathering is used.

What This AI Agent Does:

Our in-house AI Application Assistant helps you securely submit your request for the above checks by collecting, validating, and submitting the minimum required personal information through our protected platform.

Depending on the check type, this may include:

  • Full name
  • Date of birth
  • Declared qualifications (for qualification checks)
  • Consent confirmations required under law

What We Do

The AI Application Assistant may:

  • Retrieve your existing account details for convenience
  • Prompt you to confirm or update required personal information
  • Validate completeness and formatting of submitted details
  • Submit your request for:
    • Bankruptcy checks
    • Qualification verification
    • ASIC banned and disqualified persons searches
  • Generate and deliver confirmation receipts
  • Answer general questions using our approved help documentation only

What We DON’T Do:

We explicitly confirm that:

  • We do not use public AI systems to process your data
  • We do not send your information to ChatGPT, Google, OpenAI, or similar services
  • We do not use your data to train public or third-party AI models
  • We do not access the open internet or external systems outside our secure platform
  • Your data is not searchable, indexable, or publicly accessible
  • We do not retain data longer than required for processing and compliance

AI Application Agent – Data Privacy and Security

Private, Secure Architecture:
All AI-assisted processing occurs within our isolated enterprise environment.

Data Flow Overview:

  1. You interact with our secure website
  2. Requests are transmitted to our private web servers
  3. Microsoft Azure Bot Service securely connects internal components
  4. Our private AI model processes the request
  5. Data and conversations remain entirely within our controlled systems

At no point is your data shared with or exposed to public AI platforms.

Key Privacy Protections:

Isolated Infrastructure
All AI processing occurs within a closed, private environment.

Enterprise-Grade Security
Encryption is applied both in transit and at rest. Access is restricted to authorised systems only.

Data Minimisation
Only information required for the specific check is collected.
No passwords, banking details, or payment credentials are requested.

Limited Retention
Conversation and session data is retained only as required for:

  • Processing
  • Audit
  • Legal compliance
    and is deleted in accordance with applicable retention laws.

Your Rights and Control

You retain full control over your information. You may:

  • Review the data before it’s submitted
  • Correct any errors in your data
  • Cancel the submission process at any time
  • Request deletion of your data (subject to statutory retention requirements)
  • Contact support if you have concerns about your data

Technical Security Measures

We protect your data with:

We protect your information through:

  • Encryption — All data encrypted in transit and at rest
  • Strict Access Controls — Only authorised internal systems can access AI workflows
  • Private AI Model — Hosted in Microsoft Azure; not connected to public AI services
  • Audit Logging & Monitoring — Continuous monitoring and compliance logging

Compliance and Legal

We comply with all applicable data protection laws, including:

  • Commonwealth Privacy Act 1988 (Australia)
  • Australian Privacy Principles (APPs)
  • Bankruptcy and insolvency reporting obligations
  • ASIC regulatory requirements
  • Qualification verification compliance obligations
  • Azure enterprise security and compliance standards

Your Legal Rights:

  • Right to access, correct, or delete your data
  • Right to file complaints with authorities if concerned

What Data We Collect and Why

We only collect the minimum information required to complete your requested check and meet legal obligations.

Data Collected Purpose Usage Retention
First Name Identification Included in check submission Per legal requirements
Middle Name (optional) Identification Included if provided Per legal requirements
Last Name Legal identification Included in check submission Per legal requirements
Date of Birth Identity verification Required for all checks Per legal requirements
Declared Qualifications (if applicable) Qualification verification Validation and submission Per legal requirements
Conversation History Session continuity Temporary processing only Deleted after statutory retention period

Data minimisation: We only collect the minimum information necessary to process your requested check and meet legal obligations.

We Do NOT Collect:

  • Passwords or security credentials
  • Credit card or banking information
  • Social Security Numbers (unless required by bankruptcy regulations)
  • Information about other people

Bottom Line:

Our AI Application Assistant operates entirely within a secure, private environment and is used only to assist with:

  • Bankruptcy checks
  • Qualification verification checks
  • ASIC banned and disqualified persons checks

Your data is never shared with public AI systems and is used exclusively for lawful, requested background screening services.

Want to know more?

Our business customers may be granted a more extensive overview of our security information when they sign our Service Level Agreement (SLA).  Access to this requires the signing of a Non-Disclosure Agreement as component of the SLA. If you would like to become a business customer with Worker Checks, please contact our business team.