Blog

How Veriff keeps your data safe

Veriff is in the privileged position of handling the private data of a lot of people every day. This is not something we take lightly, so we wanted to enlighten you about how we keep your personal information safe at all times.

AuthorNino Gabrielashvili, November 12th, 2021

Verifying that an individual is who they say they are in the virtual world is becoming a top priority for many businesses. It’s essentially the core reason Veriff is founded on - the internet needs to be a better place for everyone, it needs less anonymity and greater trust. And for trust, you need to verify.

However, sharing your personal identification document online can raise some doubts. Identity verification should be a pathway to a safer online space and not a barrier, so it’s crucial that the online verification process is simple and provides end users with transparency. Veriff goes the extra mile to ensure compliance with data security and protection requirements. And to add further transparency, in this blog, we’ll outline some of the ways we make sure your data is always safe. 

Veriff is dedicated to its compliance with the highest standard of privacy laws, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Compliance with laws is always backed by Veriff’s own high priority to ensure the security of its service. At the heart of Veriff’s compliance are organisational and technical measures that ensure secure data processing. Here are some examples of the best practices Veriff follows:  

No selling or unauthorised sharing of end user data

As stated in Veriff's Privacy Policy, we’ll disclose end user's personal data to the client who has authorised us to provide the end user with the identity verification service. Additionally, as an integral part  of the identity verification service, the end user’s personal data may be disclosed to our carefully chosen sub-processors. These are service providers helping us with media processing and data storage, who are essential to provide our identity verification service. Internally, any access to data is granted on a need-to-know and least privilege basis. This means that our employees are only granted the information and access rights strictly necessary for their specific tasks. This ensures your data is always kept safe with no unauthorised access.  

Fixed data storage periods

Considering the nature of processing, the term of keeping end user data is fixed in internal policies and client agreements. Veriff never keeps data indefinitely. For example, as a standard, personal data which is processed on behalf of our clients is stored for no longer than 3 years. 

Encryption at rest and in-transit

In Veriff, data is encrypted at rest and in-transit.  Encryption is the process of converting information or data into a code that can only be accessed or decrypted by a user with the correct encryption key. This is done to prevent unauthorised access. Encryption allows digital communication and transfer of data to be secure and confidential.

Data in transit is encrypted using Transport Layer Security TLS 1.2+. TLS is the protocol that allows digital devices (such as computers and phones) to communicate over the internet securely without the transmission being vulnerable to an outside audience. Data at rest is encrypted via highly secure algorithms including advanced encryption standard AES-256. AES is a symmetric key cipher. This means the same secret key is used for both encryption and decryption, and both the sender and receiver of the data need a copy of the key. And AES-256 is the most secure version of AES.

This is all slightly complex, but we hope it demonstrates that we always try to adhere to the highest security standards in the market to secure our client's end user's data.

Security by design

Veriff has acquired SOC 2 Type 2 compliance certification. It confirms that Veriff’s systems are designed to keep its clients’ data secure. When it comes to working with the identity verification service provider, such reliability is absolutely crucial, because we are well aware that cases of data breaches and/or leaks might have life-altering consequences. More details about Veriff’s devotion to security can be found here. To further enhance security by design, Veriff is moving towards ISO 270001 certification in 2022.

These security measures are just some examples that are put in place here in Veriff. We take all necessary precautions to give you peace of mind when using our identity verification service. We always follow the relevant updates and implement additional measures to ensure compliance. By choosing Veriff, you’re assured that your data is treated with the utmost respect.

Nino Gabrielashvili

Nino Gabrielashvili

Legal Counsel

Nino Gabrielashvili is Legal Counsel at Veriff with a MA in Information Technology Law. Having worked in the legal & compliance field since 2012, she has experience in labor law, administrative law, personal data protection, and regulatory compliance.

Stay up to date on Veriff news, product updates, and more