Pre-Call Briefs surface customer data your tech wouldn't otherwise have. That raises real legal questions — FCRA, GLBA, fair lending, consumer privacy. Below is the actual compliance framework, in plain language. No defensive language, no spin. If you read it and still have concerns, our security team is happy to walk through specifics.
Yes, this is legal. ServiceScout does not pull credit reports (FCRA does not apply). It is not a financial institution handling nonpublic financial data (GLBA does not apply). All data is sourced from licensed marketing-grade providers and public records. The single operational rule — "orientation only · do not quote" — ensures indicators never affect pricing or service decisions, which keeps the system out of every consumer-protection framework that would otherwise apply.
Each of these is a real legal regime that touches data-driven sales. We've explained where ServiceScout sits relative to each — including the ones that don't apply and why.
What it covers: The use of "consumer reports" — credit reports, tradelines, full credit files pulled from the three major bureaus — for adverse decisions affecting consumers (employment, credit, insurance, housing).
Why it doesn't apply to ServiceScout: ServiceScout does NOT pull consumer reports. The credit rating bands in a Pre-Call Brief (e.g., "650–699") are statistical estimates from licensed marketing-grade data providers — they are not consumer reports under FCRA. They are also never used to deny service, change a quote, or take adverse action against a consumer.
How ServiceScout operates anyway: Even though FCRA doesn't technically apply, we follow the spirit. Indicators are never quoted to customers. They never affect pricing. They never trigger adverse decisions. The brief is for technician preparation, full stop.
What it covers: The privacy of nonpublic personal financial information held by "financial institutions" — banks, lenders, insurance, securities firms.
Why it doesn't apply to ServiceScout: ServiceScout is not a financial institution. We don't extend credit, hold deposits, or process payments. The data in a Pre-Call Brief is not "nonpublic personal financial information" as GLBA defines it — it's licensed marketing-grade segmentation data and public records (deeds, permits, tax assessments).
How GLBA still touches us: Our data provider contracts include the same data-handling safeguards a GLBA-covered institution would require. We pass through those protections to your tenant via DPAs (data processing agreements).
What it covers: Operational controls around security, availability, processing integrity, confidentiality, and privacy for service organizations handling customer data.
How ServiceScout complies: ServiceScout operates under SOC 2 Type II controls. All brief data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is role-based, logged, and audited. Subprocessors are vetted and listed publicly. Annual penetration testing and third-party security review.
What you get: Enterprise customers receive the full SOC 2 report on request, plus a DPA (data processing agreement) and the complete list of licensed third-party data providers and the data flows between them.
What it covers: Prohibits discrimination in credit transactions based on race, religion, national origin, sex, marital status, age, or receipt of public assistance.
How it touches Pre-Call Briefs: If a homeowner is offered financing for HVAC replacement, financing eligibility cannot be influenced by protected characteristics. ServiceScout's brief deliberately does NOT include any protected-class information — no race, religion, national origin, marital status (beyond joint-deed observation, which is public record), or age beyond what's inferable from family unit composition.
The operational guardrail: Quoted price and offered financing terms must be identical for identical service, regardless of any indicator in the brief. ServiceScout's role is to inform approach, not pricing. This is the single most important compliance principle we enforce — and the one we train every customer on during onboarding.
A Pre-Call Brief is assembled from three data sources, all licensed or publicly accessible. We don't scrape, we don't social-engineer, we don't access anything that wouldn't survive a privacy audit.
Marketing-grade segmentation data and statistical estimates from commercial data providers. The same data products used by direct marketers, research firms, and large consumer brands. Income bands, net worth estimates, credit rating ranges, premium card likelihood, household composition — all licensed under standard commercial data agreements with audit rights and use restrictions.
Records held by county and municipal governments, accessible to anyone — but normally inaccessible to a tech in the field without 30 minutes of digging. ServiceScout pulls these into the brief automatically so the tech walks in already knowing the property facts.
U.S. Census data, neighborhood-level demographic patterns, regional industry data. Used for the "Neighborhood" section of the brief — replacement cycle patterns, area age cohort, local trends. None of this data identifies individuals; it identifies patterns in the local area.
Every indicator in every brief carries this notice. It's not legal boilerplate. It's the single operational rule that makes the entire system work without crossing any line.
A tech never says "I see your household income is $100K." They never reference credit ratings, net worth estimates, or premium card status. The information shapes the approach, never crosses the tech's lips.
Identical service gets identical quote. A 580 credit rating and an 800 credit rating get the same dollar amount for the same HVAC replacement. The brief affects how the conversation goes — never what is charged.
No homeowner is turned away based on indicators. Every booked appointment gets served. The brief calibrates the conversation; it never gates whether the conversation happens.
Every indicator is statistical. Income bands, net worth ranges, credit rating bands — all are modeled probabilities. They're useful at the band level, not as individual data points to act on definitively.
When these four rules are followed — and ServiceScout trains every customer to follow them — Pre-Call Briefs operate well within the legal frame of every consumer-protection regime that touches our category.
No, because ServiceScout does not pull or use consumer reports. The credit rating bands in the brief are marketing-grade statistical estimates from licensed third-party providers — they are not pulled credit reports and do not constitute consumer reports under FCRA.
The brief is never used to deny service or change a quoted price, which is the specific use case FCRA governs. That said, ServiceScout operates as if FCRA applies anyway: indicators are never quoted to customers, never used adversely, and never the basis of a service decision.
GLBA applies to financial institutions handling nonpublic personal financial information. ServiceScout is not a financial institution, and the data in a Pre-Call Brief is not nonpublic — it's licensed marketing-grade data and public records (deeds, permits, tax records).
GLBA's safeguard rule applies tangentially through ServiceScout's data provider contracts, which include the same controls a financial institution would require. Enterprise customers receive the full DPA on request.
ServiceScout operates under SOC 2 Type II controls covering security, availability, and confidentiality. Brief data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is role-based and audited.
Enterprise customers receive a full security packet on request, including the SOC 2 Type II report, data processing agreements, and the list of licensed third-party data providers with the data flows between them.
Three sources, in this order of importance:
Licensed third-party consumer data providers — marketing-grade segmentation data, statistical estimates, household composition. These are commercial data products licensed under standard agreements with audit rights and use restrictions.
Public records — property deeds, building permits, tax assessments, all publicly accessible through county recorder systems. ServiceScout pulls these into the brief automatically so the tech doesn't have to look them up manually.
Open data — U.S. Census data, neighborhood-level demographic patterns, regional industry data for the "Neighborhood" section of the brief.
ServiceScout does NOT pull credit reports, access bank records, source data from social media, use health records, or include protected-class data.
It's the single operational rule that governs how briefs are used: every indicator in every brief is for the technician's preparation — never to be repeated to the customer, never to be used to deny service, and never to affect the price quoted.
A homeowner with a 580 credit rating and a homeowner with an 800 credit rating get identical quotes for identical work. The difference is whether the tech leads with financing language or full-price language — the dollar amount and the service are the same.
This rule is what keeps the system out of every consumer-protection framework. As long as the indicators inform approach and never pricing, the legal frame holds.
Yes. ServiceScout provides a standard DPA for all customers and a customized DPA for Enterprise customers. The DPA covers data flows, subprocessor list, security controls, breach notification, and termination procedures.
If your procurement team needs the DPA before signing, we can send it ahead of the demo. Most home service operators don't require this, but PE-backed roll-ups and multi-state operators usually do, and we have it ready.
Enterprise customers and procurement teams can request the full security packet — SOC 2 Type II report, DPA, subprocessor list, data flow diagrams, and the complete compliance review. Available before signing, no demo required.