Veriff is in the privileged position of handling the private data of a lot of people every day. This is not something we take lightly, so we wanted to enlighten you about how we keep your personal information safe at all times.
Nino Gabrielashvili, November 12th, 2021
ShareLove this blog? Why not share it with the world?
Verifying that an individual is who they say they are in the virtual world is becoming a top priority for many businesses. It’s essentially the core reason Veriff is founded on - the internet needs to be a better place for everyone, it needs less anonymity and greater trust. And for trust, you need to verify.
However, sharing your personal identification document online can raise some doubts. Identity verification should be a pathway to a safer online space and not a barrier, so it’s crucial that the online verification process is simple and provides end users with transparency. Veriff goes the extra mile to ensure compliance with data security and protection requirements. And to add further transparency, in this blog, we’ll outline some of the ways we make sure your data is always safe.
Veriff is dedicated to its compliance with the highest standard of privacy laws, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Compliance with laws is always backed by Veriff’s own high priority to ensure the security of its service. At the heart of Veriff’s compliance are organisational and technical measures that ensure secure data processing. Here are some examples of the best practices Veriff follows:
Considering the nature of processing, the term of keeping end user data is fixed in internal policies and client agreements. Veriff never keeps data indefinitely. For example, as a standard, personal data which is processed on behalf of our clients is stored for no longer than 3 years.
In Veriff, data is encrypted at rest and in-transit. Encryption is the process of converting information or data into a code that can only be accessed or decrypted by a user with the correct encryption key. This is done to prevent unauthorised access. Encryption allows digital communication and transfer of data to be secure and confidential.
Data in transit is encrypted using Transport Layer Security TLS 1.2+. TLS is the protocol that allows digital devices (such as computers and phones) to communicate over the internet securely without the transmission being vulnerable to an outside audience. Data at rest is encrypted via highly secure algorithms including advanced encryption standard AES-256. AES is a symmetric key cipher. This means the same secret key is used for both encryption and decryption, and both the sender and receiver of the data need a copy of the key. And AES-256 is the most secure version of AES.
This is all slightly complex, but we hope it demonstrates that we always try to adhere to the highest security standards in the market to secure our client's end user's data.
Veriff has acquired SOC 2 Type 2 compliance certification. It confirms that Veriff’s systems are designed to keep its clients’ data secure. When it comes to working with the identity verification service provider, such reliability is absolutely crucial, because we are well aware that cases of data breaches and/or leaks might have life-altering consequences. More details about Veriff’s devotion to security can be found here. To further enhance security by design, Veriff is moving towards ISO 270001 certification in 2022.
These security measures are just some examples that are put in place here in Veriff. We take all necessary precautions to give you peace of mind when using our identity verification service. We always follow the relevant updates and implement additional measures to ensure compliance. By choosing Veriff, you’re assured that your data is treated with the utmost respect.