Login
Help
Get VerifiedData Retention in Veriff’s Service
Applicable privacy regulations require that personal data retention be limited to what is necessary for the purposes for which they are processed. Following this, Veriff adheres to strict data retention procedures ensuring that personal data that is no longer needed is assigned for deletion in due manner.
Veriff offers both Self-Serve and Enterprise service plans. If you signed up for one of our Self-Serve plans, please review the data retention details here under the “Overall Features” tab corresponding to your selected plan.
For our Enterprise plan customers, by default for identity verification service and any other service not expressly brought out in the table below, Veriff retains the End User’s Personal Data on behalf of the Customer for 90 days in the Service and then for 3 years in archive, with such archived data available to the Customer upon request submitted to support@veriff.com for the shorter of (i) the period the Customer remains a customer of Veriff’s Service, or (ii) three years. The retention period may differ in case certain Services or features are enabled:
Please note that:
- Veriff will not issue any notifications regarding upcoming retention expiry or data deletion.
- Upon termination, Personal Data is assigned for deletion as per the data processing addendum between Veriff and the Customer.
Biometrics limitation: The retention period of biometric face embeddings in active storage is set for 3 years as the maximum considering the requirements deriving from US Data Protection Laws (e.g. Illinois Biometric Information Privacy Act states that the data must be destroyed when the initial purpose for collecting or obtaining the data has been satisfied or within 3 years of the individual’s last interaction with the entity, whichever occurs first).
Changing the retention period: If the Customer wishes to adjust the default retention for identity verification, then by default the change will apply only to new sessions and will not apply to existing sessions. For more information about changing the default retention period, please see here.
Veriff’s independent retention: To the extent not prohibited by law, Veriff may retain the Personal Data for its own purposes irrespective of the retention schedule implemented for the Service provision. In such cases (e.g., for permitted business purposes, including service development) the above retention periods do not apply for using the data for Veriff’s purposes.
Information about security measures (including backup) applied to retained Personal Data is available here.