Skip to main content
FCRA Compliance

Compliance isn't an add-on.
It's the architecture.

Every feature in Gonos was designed around FCRA requirements from day one. Here's how we protect your platform and your candidates.

Consent & Disclosure
§1681b

Before any background check, the consumer must receive a clear, standalone disclosure and provide written authorization. Gonos enforces this with versioned disclosure documents, signature capture, and consent expiration tracking.

Permissible Purpose Verification
§1681b(a)

Every check must have a legally permissible purpose (employment, tenant screening, credit, etc.). Gonos validates the purpose at submission and enforces item-type restrictions per purpose category.

Accuracy & Matching
§1681e(b)

We use multi-factor matching (name, DOB, SSN, address) with configurable confidence thresholds. Records below the threshold are flagged for manual review, not auto-confirmed.

Pre-Adverse Action Notice
§1681m(a)

When adverse information is found, the platform must send a pre-adverse action notice with a copy of the report and consumer rights summary. Gonos automates this and tracks delivery.

5 Business Day Waiting Period
§1681m(a)

After the pre-notice, the consumer has at least 5 business days to review the report and dispute inaccuracies. Gonos calculates business days (excluding federal holidays) and blocks premature finalization.

Dispute Reinvestigation
§1681i

Consumers have the right to dispute any inaccuracy. Gonos enforces the 30-day reinvestigation deadline at the service layer and via housekeeping tasks. Extensions are tracked and audited.

Consumer File Disclosure
§1681g

Consumers can request their complete file at any time. Gonos provides a consumer portal with reports, disputes, security freezes, identity theft blocks, and annual free disclosure tracking.

Immutable Audit Trail
§1681e(a)

Every state change — consent, check submission, adverse action, dispute, report access — is logged with actor, timestamp, organization, and correlation ID. Audit logs are HMAC-signed for integrity verification.

Additional Protections

Security Freezes

Consumers can freeze their file to prevent new reports from being generated. Enforced at check submission time.

Identity Theft Blocks

4-day SLA for processing identity theft block requests. Proactive activation 2 days before deadline.

Data Retention

Configurable retention periods with automated purging. Minimum 5 years for FCRA, 7 years for audit trails.