Privacy Policy

1. Introduction

VerifiNow Inc. (“VerifiNow,” “we,” “our,” or “us”) provides real-time identity verification, biometric binding, fraud prevention, and compliance services to businesses (“Customers”) and their end users (“Individuals”). VerifiNow operates as a data processor on behalf of its Customers in most verification contexts. The Customer who deploys VerifiNow’s services is the data controller responsible for determining the purposes of processing.

This Policy applies to: Individuals who complete identity verification through VerifiNow’s platform; visitors to getverifinow.com; and business contacts who interact with VerifiNow directly.

2. Information We Collect

2.1 Identity Document Data

Images of government-issued identity documents; extracted data fields (name, date of birth, address, document number, expiration date); document authenticity signals (AAMVA barcode, ICAO MRZ); and document classification and country of issuance.

2.2 Biometric Data

Facial images captured during live selfie capture; biometric comparison scores; liveness detection signals and results; and presentation attack detection signals for photo, video, 3D mask, and deepfake attacks.

2.3 Verification Session Data

Session timestamp, duration, and unique session identifier; device type, OS, browser, and IP address; geolocation at country/region level; capture quality metrics and retry attempts; verification outcome (pass/fail/review); and confidence scores and decision rationale.

2.4 Compliance and Screening Data

Sanctions screening results (OFAC, UN, EU, FATF); PEP and adverse media screening results; employment verification data; income verification data; and KYC/eKYC decisioning records and audit trails.

2.5 Customer and Business Contact Data

Name, title, business email, and phone number; company name, industry, and role; and communications and engagement history with VerifiNow.

2.6 Website and Platform Usage Data

IP address and approximate geolocation; pages visited, time on page, and referral source; browser and device type; and cookie and analytics data (see Section 9).

3. How We Use Personal Information

• Authenticating identity documents against issuing source data
• Performing biometric comparison between live face and document photograph
• Conducting liveness detection to confirm physical presence
• Detecting document forgery, presentation attacks, and injection attacks
• Executing KYC/eKYC decisioning and AML watchlist screening on behalf of Customers
• Confirming employment and income data for lending and onboarding decisions
• Improving document authentication and liveness detection accuracy using aggregated, de-identified data
• Security monitoring, incident detection, and incident response
• Communicating with Customers and business contacts

4. Legal Basis for Processing

5. Data Sharing and Disclosure

5.1 With Customers

We share verification results, session records, and compliance outcomes with the Customer who initiated the verification. Customers are responsible for their own use of Individual data.

5.2 With Sub-processors

We engage vetted third-party sub-processors for cloud infrastructure, document authentication, sanctions data, employment/income data, and security monitoring. All sub-processors are bound by data processing agreements requiring equivalent protection.

5.3 Legal and Regulatory Disclosures

We may disclose personal data in response to valid legal process, regulatory examination, or emergency situations involving imminent risk to life or safety. We notify affected Customers of legal requests where permitted by law.

5.4 Corporate Transactions

Personal data may be transferred in a merger, acquisition, or asset sale. We will provide required notice and require successor entities to honor this Policy.

5.5 No Sale of Personal Data

6. Biometric Data — Special Protections

• Collection: Biometric data is collected only for the specific verification purpose for which the Individual is completing a session.
• Storage: Encrypted at rest (AES-256). Access restricted to authorized systems and personnel with documented need.
• Retention: Default retention is 90 days from collection. Biometric data is permanently deleted at end of the retention period.
• No Sale: Never sold, leased, or traded for any commercial purpose.
• No Unauthorized Disclosure: Not disclosed to third parties except as required to complete the verification or as required by law.

7. Data Retention

8. Data Security

• Encryption in Transit: TLS 1.2+ for all data in transit
• Encryption at Rest: AES-256 for all stored data; additional layers for biometric data
• Access Controls: Role-based access control; MFA required for privileged access
• SOC 2 Type II: Independently audited annually for security, availability, and confidentiality
• Penetration Testing: Regular third-party penetration testing and vulnerability assessments
• Incident Response: Documented plan with 72-hour breach notification for GDPR-covered processing
• Vendor Security: All sub-processors undergo security assessment prior to onboarding

9. Cookies and Tracking Technologies

We use essential, analytics, preference, and (with consent) marketing cookies on getverifinow.com. We do not use tracking technologies within the identity verification flow. You may manage cookie preferences through your browser settings.

10. Individual Rights

To exercise your rights, contact privacy@verifinow.io. We respond within 30 days or as required by applicable law.

11. International Data Transfers

VerifiNow is headquartered in the United States. For transfers from the EU/EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), and equivalent mechanisms as applicable.

12. Children’s Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe we have done so, contact privacy@verifinow.io.

13. Changes to This Policy

We may update this Policy periodically. We will notify Customers of material changes by email at least 30 days before the effective date and update the “Last Updated” date above.

14. Contact Information