BESKAR · ALLOY
Customer Onboarding Guide
Compliance, candidate notification, and best practices for using Alloy verification in your hiring workflow.
1. What Alloy Does
Beskar Alloy verifies factual claims made on a candidate's resume by checking publicly available sources. It does not predict job performance, access private records, or make hiring decisions.
Every point in the Alloy Score traces to a specific, verifiable public source — such as SEC EDGAR filings, Credly certification badges, GitHub profiles, or government contract registries.
Key distinction: Alloy is a verification tool, not a background check service. It does not access criminal records, credit reports, driving records, or any non-public data. It confirms whether publicly visible information matches what a candidate has stated on their resume.
2. Your Responsibilities as a Customer
2.1 Candidate Notification
When posting job adverts or collecting applications, we recommend including language that informs candidates their resume claims may be verified against publicly available sources. This is good practice and builds trust with candidates.
Recommended Job Advert Language
As part of our hiring process, we may verify information provided in your application — including employment history, certifications, education, and professional presence — using publicly available sources. This verification confirms factual claims only and does not constitute a background check or consumer report.
2.2 Application Terms
Include the following in your application terms, privacy notice, or candidate-facing terms of service:
Recommended Application Terms Clause
Information Verification
By submitting your application, you acknowledge that [Company Name] may use third-party tools to verify the accuracy of information provided in your resume and application materials. This verification is limited to publicly available sources and may include professional certifications, employment registries, public code repositories, and professional networking profiles.
This process does not access private records, credit reports, or criminal history. It is used solely to confirm the accuracy of information you have provided.
If you believe any verified information is inaccurate, you may contact us at [your email] to request a review.
2.3 Internal Usage Guidelines
- Do not use the Alloy Score as the sole basis for rejecting a candidate. The score reflects verification coverage, not candidate quality. A low score may simply mean limited public presence.
- Use verification results alongside other assessment methods — interviews, skills tests, references — as part of a holistic evaluation.
- Do not share raw Alloy reports externally beyond your hiring team without appropriate context. The branded PDF report is designed for internal use and client submissions.
- Treat "Insufficient Data" as neutral, not negative. Some excellent candidates simply have limited public footprints.
3. Candidate Dispute Process
If a candidate believes their verification results contain errors, they should be directed to:
- Email: admin@beskar.io
- Include: their full name, the specific claim they believe is incorrect, and any supporting evidence
Beskar will review the dispute, re-run verification if necessary, and respond within 5 business days.
4. Data Handling
- Resume storage: Uploaded resumes are stored securely in encrypted cloud storage and associated with your organisation's account.
- Verification data: Results are derived from publicly available sources at the time of verification. They are not permanently cached and may produce different results if re-run.
- No data sharing: Candidate data is not shared between customer organisations. Each organisation's data is isolated.
- Candidate self-assessment: Candidates who use score.beskar.io to check their own score retain full control of their data and can request deletion.
5. What Alloy Checks
All verification sources are publicly accessible:
- GitHub — profile existence, repository count, language match, activity
- Credly — certification badges, active/expired status
- SEC EDGAR — employer existence as public company
- SAM.gov — government contract registrations
- LinkedIn — profile accessibility (public profiles only)
- Academic institutions — verified against known institution databases
- Web presence — identity triangulation across public sources
- Email — deliverability check (does the address exist)
Important: Alloy does NOT access: criminal records, credit reports, driving records, medical records, social media private content, or any data requiring authorisation to obtain.
6. ATS Consent Configuration
If you use an ATS, configure the built-in consent fields so candidates acknowledge verification as part of their application. This creates an audit trail within your ATS before any data reaches Beskar.
Ashby
Built-in consent field
Ashby has a native data consent acknowledgment field (
_systemfield_data_consent_ack in their API). This is the cleanest option — it shows up in reporting with submission timestamp, submitter, and latest-choice tracking, which is better for audit trails than a custom yes/no field.
Setup: Settings → Data Privacy → enable consent collection. Add the consent statement to your job application form. The field auto-tracks consent status, timestamp, and source.
Greenhouse
GDPR consent tables
Greenhouse provides two dedicated consent tables accessible via API:
gdpr_consent_requests (timestamped requests to candidates) and
gdpr_consent_decisions (timestamped approvals/denials).
Greenhouse supports single-purpose consent by default for new accounts. Candidates can consent to processing while separately controlling retention.
Setup: Settings → Data Privacy → enable GDPR features. Choose "Single-purpose consent" for granular control. Consent status appears on candidate profiles and is available in the Business Intelligence Connector for reporting.
HubSpot
Legal basis contact property
HubSpot provides the
hs_legal_basis contact property which tracks the legal basis for processing each contact's data (consent, contract, or legitimate interest). This can be updated via the Contacts API and the Forms API includes legal consent options.
Setup: Settings → Privacy & Consent → enable data privacy settings. Add the consent notice to your forms. The
hs_legal_basis property auto-populates when contacts submit forms with consent enabled.
Lever
Explicit consent with audit trail
Lever supports explicit consent as a lawful basis — candidates are prompted to consent to data processing when submitting their application. Consent actions are timestamped and stored in a retrievable audit trail. Opportunity owners can refresh consent when needed.
Setup: Settings → Data Compliance → set lawful basis to "Explicit consent." Customise consent statements with your company name, retention period, and privacy policy link. Candidates receive a consent link as part of their application flow.
Recommended consent statement for all ATS platforms
Add to your application consent text
By submitting this application, you acknowledge that [Company Name] may verify information provided in your resume using publicly available sources, including professional certifications, employment registries, public code repositories, and professional networking profiles. This verification does not access private records and is used solely to confirm the accuracy of information you have provided. If you believe any result is inaccurate, you may request a review by contacting [your email].
7. Recommended Adverse Action Process
While Alloy verification is not a consumer report, we recommend the following best practice if verification results contribute to a decision not to advance a candidate:
- Inform the candidate that publicly available information was verified as part of your process
- Provide them with the opportunity to explain or correct any discrepancies
- Allow reasonable time (3-5 business days) for the candidate to respond before making a final decision
- Direct them to admin@beskar.io if they wish to dispute specific findings
7. Contact
For questions about compliance, data handling, or this guide: