• Data Retention in Veriff’s Service

Data Retention in Veriff’s Service

Applicable privacy regulations require that personal data retention should be limited to what is necessary for the purposes for which they are processed. Following this, Veriff adheres to strict data retention procedures ensuring that personal data that is no longer needed is assigned for deletion in due manner.

Veriff offers Self-Serve as well as Enterprise service plans. If you signed-up for one of our Self-Serve plans, please review the data retention details here under "Overall Features" tab according to your selected plan.

For our Enterprise customers, as a default, Veriff retains the End User’s  Personal Data on behalf of the Customer for 90 days in the Service and then for 3 years in archive, available to the Customer upon request submitted to for the shorter of (i) the period the Customer remains a customer of Veriff’s Service, or (ii) three years. The retention period may differ in case certain Services or features are enabled:

Biometrics limitation: The retention period of biometric face embeddings in active storage is set for 3 years as maximum considering the requirements deriving from US Data Protection Laws (e.g. Illinois Biometric Information Privacy Act states that the data must be destroyed when the initial purpose for collecting or obtaining the data has been satisfied or within 3 years of the individual’s last interaction with the entity, whichever occurs first). 

Upon termination, Personal Data is assigned for deletion as per the data processing addendum between Veriff and the Customer. 

Information about security measures (including backup) applied to retained data is available here.