Fastkey Logo

Fastkey Privacy Policy

Last Updated: Nov 16, 2023


Purpose and Scope of the Policy

Fastkey Technology Ltd.. ("Fastkey," "we," "us," or "our") is committed to respecting the privacy and security of your personal and financial information. The purpose of this Privacy Policy is to inform you about the types of information we may collect from you when you interact with our services, how we use such information, and the instances under which we may disclose such information. By using our website, mobile applications, or any of our services, you consent to the data practices described in this policy.

Legal Compliance

Fastkey operates in compliance with the laws and regulations of the United States and Canada, including the Fair Credit Reporting Act (FCRA).. This policy has been structured to meet the legal requirements of these jurisdictions. We are committed to upholding the highest legal and ethical standards and will continually adapt our practices and this policy to meet any changes in these laws.

Data Collection

Types of Information Collected

Fastkey collects various types of information to deliver our services effectively. This includes but is not limited to:

  • Personal Identifiable Information (PII) such as name, date of birth, Social Insurance Number or equivalent, and contact information.
  • Financial Information, including but not limited to credit reports, income, and employment history.
  • Criminal Background Information.
  • Rental History.
  • Ambiguous or Anonymized Information that cannot directly identify you but may be useful for analytical or statistical purposes.

Biometric Data Processing for Identity Verification

Fastkey employs biometric technology for enhanced identity verification, utilizing either Stripe's Identity API or Certn's API based on specific service requirements. This process includes the use of facial recognition technology to ensure accurate and secure identity verification.

Collection and Use of Biometric Data: The purpose of collecting biometric data, specifically through facial recognition scans, is to verify your identity accurately. This involves using a real-time photo of your face to create a digital facial map, which is then compared against your identity document.

Cross-border Data Transfer: In cases where your location differs from the locations of our data processors, your personal information may be transferred across borders. This will be done in compliance with our Privacy Policy and applicable privacy laws, ensuring the protection of your data.

User Rights and Inquiries: You have the right to request information about our biometric data processing practices. This includes rights to access, correct, delete, or obtain a copy of the data processed through Stripe's or Certn's systems. For such requests or any inquiries related to biometric data processing, please contact Fastkey's Privacy Officer at

Consent and Withdrawal: Your consent for biometric data processing is crucial for us to provide certain services. Should you choose to withdraw your consent, it may impact our ability to process your application or deliver specific services.

Method of Data Collection

We collect information through various methods:

  • Directly from the user: Information such as name, contact details, and financial data are collected when you sign up for our services or fill out forms on our website.
  • From third-party sources: We may obtain information like credit reports and criminal background checks from third-party agencies, subject to your consent and applicable laws.
  • Automated technologies: Information regarding your usage of our services, like IP addresses and browsing activity, may be automatically collected through cookies and similar tracking technologies.

Automated Decision-Making

Fastkey uses automated decision-making algorithms to evaluate various factors such as creditworthiness and risk profiles. This is to facilitate quicker and more accurate service delivery. We adhere to legal standards and ensure transparency in our automated decision-making processes

Data Usage

Purpose of Data Collection

Fastkey collects personal and non-personal data for the purpose of providing a comprehensive suite of evaluation services. These services include, but are not limited to, credit assessments, asset verifications, income verifications, tax document verifications, and criminal background checks. The data is used to serve a variety of requesters, such as landlords, property managers, mortgage brokers, and employers, for applications related to rental agreements, mortgage approvals, credit underwriting, and employment. The data may also be used for internal analytics to improve our services and offer personalized recommendations.


By using Fastkey's services, both requesters and applicants are providing explicit consent for the collection, storage, and use of personal and non-personal information as described in this Privacy Policy.

For services that require sensitive information, such as credit checks, a double opt-in process is employed to ensure informed consent:

Initial Consent: Upon sign-up and sign-in, applicants will be asked to share sensitive information (e.g., Social Insurance Number in Canada, Social Security Number in the U.S.) if a requester asks for a credit check. The applicant's credit information will be fetched via our Equifax API integration.

Report Review and Final Consent: After the credit report is compiled, it is first shared with the applicant for review. Only upon the applicant's second explicit consent will the report be shared with the requester.

This double opt-in mechanism reinforces Fastkey's role as an intermediary and ensures that applicants fully understand and agree to the sharing of their sensitive information. Consent is obtained through clear and straightforward opt-in mechanisms during the service setup and report request processes. Users have the right to withdraw their consent at any time, although this may impact the availability and functionality of certain services.

Data Storage and Security

Data Retention

Fastkey is dedicated to maintaining the privacy and security of personal and non-personal information while also ensuring compliance with legal and regulatory requirements. To this end, we adopt the following data retention practices:

Retention Period: Personal and non-personal information is retained only for the period necessary to fulfill the purposes for which it was collected, as outlined in the "Purpose of Data Collection" section of this Privacy Policy, or as required by applicable laws and regulations.

Applicant Reports: Reports generated for applicants, which include sensitive and comprehensive personal information, are maintained for a period of 90 days post creation to allow sufficient time for review and decision-making by the requesting parties. After 90 days, these reports will be permanently deleted from our systems.

Basic Applicant Information: Essential information required for the creation of a user account, such as email addresses, phone numbers, and other basic sign-up details, will be retained to maintain the account and for our users to utilize our services effectively.

Compliance and Audit Records: Notwithstanding the above, a record of the existence of the reports, excluding the detailed personal information contained within them, may be retained for a longer period as required for compliance with legal obligations, to resolve disputes, and to enforce our agreements.

Legal Requirements: In certain jurisdictions, we may be compelled to retain additional information for extended periods in accordance with local laws and regulations. In such cases, the retention will be in compliance with the legal requirements.

Data Security Measures

We employ stringent security protocols to protect your data. This includes the use of encryption technologies such as the Secure Sockets Layer (SSL) for data in transit and advanced encryption algorithms for data at rest. Our servers are secured behind firewalls and access is restricted to authorized personnel only. We also perform regular security audits to ensure the ongoing integrity and confidentiality of your information.

Data Sharing and Third Parties

Third-Party Sharing

Fastkey may share your data with third parties to fulfill the services you have requested, including but not limited to Equifax for credit checks, Plaid for asset and income verification, and Certn for criminal background checks. All third-party service providers are obligated to maintain the confidentiality and security of your data in compliance with this Privacy Policy and applicable laws.

FCRA Compliance

Fastkey is committed to complying with the Fair Credit Reporting Act (FCRA).

When we act as an intermediary for the collection and dissemination of consumer credit information, we adhere to the FCRA's guidelines and requirements, including but not limited to:

  • User Authorization: Before acquiring a consumer credit report, Fastkey ensures that the applicant has provided explicit written consent to share their credit information with the requester.
  • Dispute Resolution: In the event that any information in the consumer credit report is inaccurate or incomplete, Fastkey provides a mechanism for the applicant to dispute the information and seek corrections, in accordance with FCRA guidelines.
  • Data Integrity: Fastkey works closely with third-party service providers like Equifax to ensure that the consumer credit information is accurate, complete, and up-to-date.
  • Limited Use: Fastkey ensures that consumer credit information is used solely for permissible purposes as defined by the FCRA, including tenant and employment screening, and asset verification by mortgage brokers.

By using Fastkey services that involve consumer credit reporting, you acknowledge and consent to these practices, and you are advised to familiarize yourself with your rights under the FCRA and corresponding Canadian legislation.

User Rights

Access and Correction

Fastkey respects the rights of individuals to access and control their personal data. Applicants have the right to access their reports and correct any inaccuracies. Likewise, requesters can only access data for which they have received explicit consent from the applicant. Both parties may access their Fastkey account settings to modify or delete their data, in accordance with legal obligations and retention policies.

Opt-In/Opt-Out Options

Users have the option to opt-out of receiving marketing communications from Fastkey. To exercise this option, users may follow the opt-out link in our emails or contact Fastkey's customer support directly. Opting out of marketing communications will not affect the delivery of service-related notifications and transactional messages from Fastkey.

Accountability and Governance

Audits and Compliance Checks

Fastkey is committed to regular audits and compliance checks to ensure the effectiveness of our data protection measures. We cooperate with relevant regulatory bodies and are prepared to demonstrate our compliance with data protection laws upon request.


Cookies and Tracking

Fastkey uses cookies, web beacons, and other tracking technologies to enhance user experience and to analyze performance and traffic on our website. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

Dispute Resolution

Any disputes arising out of or related to this Privacy Policy will be addressed in accordance with the governing laws of the United States and Canada. Parties agree to resolve disputes through arbitration whenever possible.

Updates to the Privacy Policy

Fastkey reserves the right to update or modify this Privacy Policy at any time. When changes are made, we will update the "Last Updated" date at the top of this document. Your continued use of Fastkey services after any changes constitutes your acceptance of the new Privacy Policy.

Contact Information

Contact Details

For any questions or concerns regarding this Privacy Policy, you may contact Fastkey's Data Protection Officer at:
We welcome your feedback and will respond to your queries in a timely manner.

Data Processing Addendum (DPA)

Fastkey respects the importance of data processing transparency and compliance, especially when dealing with sensitive personal data. This Data Processing Addendum serves as an extension of our commitment outlined in this Privacy Policy.

1. Definitions

  • "Fastkey" represents our company and service platform.
  • "Personal Data" is information identifying individuals processed by Fastkey under your directive.
  • Processing encompasses operations like collecting, recording, organizing, structuring, storing, and deleting Personal Data.
  • Other terms like "Data Controller", "Data Processor", and "Data Subject" have their standard definitions per data protection legislation.

2. Roles & Responsibilities

When you use our services, you act as the "Data Controller", deciding the purpose and method of data processing. Fastkey, as the "Data Processor", processes data based on your instructions and for the explicit reasons agreed upon in our service provisions.

3. Processing & Limitations

Fastkey processes Personal Data strictly as described in this Privacy Policy and any additional directives you provide. If we must process data differently due to legal requirements, we'll inform you.

4. Data Retention & Erasure

As detailed in the "Data Storage and Security" section, we retain and erase Personal Data based on the service agreement, user requests, and legal obligations.

5. Security Protocols

Fastkey's commitment to data security is discussed in the "Data Security Measures" section of this policy. We employ industry-standard methods to protect your data.

6. Responding to Data Subject Requests

Fastkey respects user rights, as mentioned in the "User Rights" section. If a data subject inquires about their data, Fastkey will act promptly, ensuring transparency and cooperation.

7. Use of Subprocessors

In our role as a data processor, Fastkey may employ subprocessors. We ensure these subprocessors uphold Fastkey's data protection standards. Users will be notified of any significant changes to our subprocessor list.

8. International Transfers

If data transfers are made outside the jurisdictions mentioned in this policy, Fastkey commits to using recognized legal frameworks ensuring data protection.

9. Compliance & Modifications

Fastkey's adherence to data protection laws is a cornerstone of our operations. We may modify this DPA based on evolving legal and operational needs, always notifying users and maintaining transparency.