Compliance · FCRA · GLBA · GDPR

Defensibleby default.

Because Ethur connects directly to payroll and bank data, compliance can't be an afterthought. Every consent, disclosure, source-of-record citation, and adverse-action notice is generated automatically and audit-logged forever.

Start free trial Talk to sales

FCRA & state-law compliantGLBA-aligned bank linkingSOC 2 Type II + ISO 27001GDPR & CCPA ready

Compliance posture

All 50 states · GLBA · GDPR · audit-ready

Verified

Audit log Live

Consent · payrollLogged
Consent · bank · GLBALogged
Disclosure · CA + NYDelivered
Adverse-action draftReady

U.S. states covered

100%

Auto-generated notices

7 yr

Immutable audit log

Manual disclosure templates

/ The reality

Connecting to bank and payroll
raises the compliance bar.

When you read directly from payroll providers and bank accounts, you're not just under FCRA — you're also under GLBA, state financial-privacy laws, and per-state ban-the-box and credit-pull rules. Ethur's compliance engine handles all of it inline.

Without Ethur

Generic consent forms that don't cover bank linking
No GLBA-aligned disclosures for bank-direct income
Manual state-by-state disclosure tracking
Adverse-action notices drafted in Word
Audit logs scattered across vendor portals

With Ethur

Consent flows tuned per state and per data source
GLBA-aligned bank-linking disclosures built in
All 50 states + EU data-residency options
FCRA pre-adverse and adverse notices auto-drafted
One immutable, queryable audit log per candidate

/ Built for you

What the engine
handles for you.

FCRA disclosures & authorizations

Standalone, plain-language disclosures with auditable e-signature, including standalone summary of rights.

GLBA bank-linking notices

Purpose-specified, scoped, candidate-controlled bank account access aligned with GLBA permissible-use.

State-by-state rules

Ban-the-box, salary-history, credit-check restrictions, marijuana adjudication, and seven-year reporting limits — applied per role and location.

Adverse-action workflow

Pre-adverse delivered with the report, statutory wait period enforced, final adverse with state-specific addenda generated automatically.

EEOC adverse-impact testing

Continuous adverse-impact monitoring across protected classes, with reports available to your legal team.

GDPR / CCPA / DPDP

Right to access, export, delete, and rectify built into the candidate portal. EU and APAC data-residency on request.

/ How it works

Compliance as code,
not as PDFs.

Every compliance step is a typed, versioned event in the audit log — searchable, exportable, and defensible.

Role + location → policy

Each requisition is mapped to a compliance policy: which checks are allowed, which disclosures fire, which states' rules apply.

Candidate consent capture

Standalone disclosures, GLBA bank notices, and biometric consents collected with cryptographic signatures.

Source-of-record citations

Every data point in the report links back to its source, with a timestamp and the consent version that authorized it.

Adverse-action automation

If adjudication trends adverse, pre-adverse fires with the report, the wait period is enforced, and final adverse is drafted with all state addenda.

Ready to see Ethur on your data?

Start a free trial in minutes, or get a tailored walkthrough with our team.

Start free trial Talk to sales

/ FAQ

Common questions

Are bank connections actually allowed for hiring?

Yes — under GLBA permissible-purpose and with explicit candidate consent for the specific employment-verification use. Ethur's flow is reviewed by outside counsel and aligned with current Plaid and MX use-case policies.

How do you handle ban-the-box states?

Criminal checks are gated by role and location. In ban-the-box jurisdictions, criminal data is not surfaced until the adjudication stage, after a conditional offer.

Can we export the audit log?

Yes. Per-candidate and per-tenant exports in JSON or CSV, signed for tamper-evidence.

Do you support EU data residency?

Yes — EU and U.S. residency options, with APAC available for enterprise customers.

Who reviewed your compliance posture?

Outside FCRA counsel reviews disclosures and adverse-action templates annually. SOC 2 Type II and ISO 27001 audits are continuous; reports are available under NDA.