Nothing runs without the applicant's consent.
Before anything is verified, the applicant sees which property requested screening and which steps are in the package. Each source connection is authorized by the applicant, one provider at a time, and the screening runs only on what was requested. Consent is the order of operations here, not a checkbox at the end.
Applicants keep clear rights through the process:
- See exactly what the property requested before starting
- Choose the document-upload fallback if a source login is not available
- Get help at any step through applicant support
- Dispute consumer-report information through the FCRA-regulated partner identified in the report or notice
Burnt is not a consumer reporting agency.
Burnt is not a consumer reporting agency and does not assemble or sell consumer reports. Credit, background, and eviction checks inside a Burnt screening package are produced by FCRA-regulated partners. Those partners remain the consumer reporting agencies for the reports they issue, including the dispute process behind them.
What Burnt provides is the workflow around those modules: applicant consent capture, operator-configured criteria, source-verified income and employment, package status, and the record of what ran. Partner data is displayed alongside the operator's own criteria. It is never re-scored, summarized into a recommendation, or used by Burnt to rank applicants.
Operator-set criteria, applied consistently.
Screening criteria in Burnt, such as income thresholds and required verifications, are configured by the operator and can be set per property, portfolio, or market. Once set, the same criteria apply to every applicant, which is the practical foundation of fair-housing consistency. And when a market's rules change, criteria change in one place: every screening retains the criteria that were in force at the time it ran, so past decisions can be read against the standard that actually applied.
Burnt never scores, ranks, approves, or rejects an applicant. Results appear next to the operator's configured criteria, and the decision belongs to the operator. That boundary is deliberate: it keeps judgment with the party that owns the legal obligation. And because source verification typically completes in minutes after the applicant connects, applying the same standard to every applicant is operationally realistic, not just a line in the policy manual.
Adverse action stays with the operator and the partner.
When an operator declines an applicant, or approves with conditions, based in whole or in part on a consumer report, the Fair Credit Reporting Act requires an adverse-action notice that identifies the consumer reporting agency that supplied the report. With Burnt, that agency is the FCRA-regulated partner behind the credit, background, or eviction data, and the notice and dispute process follow that partner's workflow.
Burnt's role is to preserve the context an operator needs at that moment: which checks ran, which criteria were configured, what the partner report showed, and when the decision was made. Burnt does not issue adverse-action notices on the operator's behalf and does not adjudicate disputes. State and local rules can add requirements on top of the federal baseline, which is one more reason adverse-action processes belong in counsel-reviewed policy.
A record of how each decision was reached.
Every screening leaves a reviewable record, so when a decision is questioned by an applicant, an auditor, or a fair-housing investigator, the operator can reconstruct what happened without digging through inboxes.
The record is consistent by construction: the same fields for every applicant, regardless of who ran the screening or when. Because income and employment are verified at the source, it also carries less raw PII than upload-and-review screening — fewer documents to retain, secure, and eventually delete. And when the rules shift, the record is what shows the process held steady. It supports a consistent, reviewable screening process; it does not replace the operator's decision or the operator's counsel.
- Applicant consent and when it was given
- Which checks were requested and completed
- The criteria configured at the time of screening
- Source-verified income and employment results
- Partner report status and references
- Timestamps for results and review
Credentials never change hands.
The most common question we hear, from applicants and from operators running diligence, is the breach question: if a login is involved, who is holding it, and who answers for it if something goes wrong?
The answer is structural. The applicant authenticates directly with their payroll or bank provider, the same way they would on that provider's own site. The credential is never given to the property, never relayed through the leasing office, and never stored by Burnt as a source account password. A property cannot leak a login it never held.
For the applicant, the step looks like logging in to an account they already use, then returning to the application. Verified results typically come back within minutes of connecting, so the application keeps moving while the login stays where it belongs.