Privacy Policy

This policy applies to (a) visitors to our website at veridianapi.com, (b) customers who access our API and platform services, and (c) individuals whose personal data is submitted by our customers for identity verification or compliance purposes (“end users”).

Where Veridian processes personal data on behalf of customers (acting as a data processor), the customer's own privacy policy governs the relationship with end users.

Account and billing information: When you register, we collect your name, email address, company name, billing address, and payment method details. Payment card data is handled by our PCI-compliant payment processor and is not stored by Veridian.

API usage data: We collect logs of API requests and responses, including timestamps, endpoint paths, status codes, latency, and IP addresses. This data is used for billing, debugging, and security monitoring.

End-user verification data:When customers submit individuals' data for KYC or sanctions screening, this may include names, dates of birth, government ID images, and selfie photos. This data is processed strictly to deliver the verification result and is not used for any other purpose. Document images and selfies are deleted after verification completes.

Website analytics: We collect anonymized usage data on our marketing website using privacy-preserving analytics tools. We do not use tracking cookies that require GDPR consent banners.

We use the information we collect to:

• Provide, operate, and improve the Services
• Process transactions and send billing-related communications
• Respond to support requests and troubleshoot issues
• Monitor for security threats, fraud, and abuse
• Comply with legal obligations and respond to lawful requests
• Send product updates and announcements (opt-out available)

We do not sell personal data to third parties and do not use end-user verification data for advertising, profiling, or any purpose beyond delivering the requested compliance service.

For individuals in the European Economic Area, UK, or Switzerland, our legal bases for processing personal data are:

• Contract performance: Processing necessary to provide the Services you have contracted for
• Legitimate interests: Security monitoring, fraud prevention, and service improvement
• Legal obligation: Compliance with applicable laws and regulatory requirements
• Consent: For marketing communications (withdrawable at any time)

We share personal data only in the following circumstances:

• Service providers: We use vetted third-party providers for cloud infrastructure (AWS eu-west-1, Ireland), payment processing, and sanctions database access. Contact us for a current list of providers.
• Legal requirements: When required by applicable law, court order, or government authority
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate data protection obligations
• With your consent: For any other purpose with your explicit authorization

We retain account and billing information for the duration of your subscription and as required for tax and financial record-keeping. API logs are retained for 90 days.

End-user document images and selfies are deleted after verification completes. Verification results (status, risk score, extracted identity fields) are retained for the duration of your subscription. You may request deletion at any time via hello@veridianapi.com.

Veridian's API infrastructure runs on AWS eu-west-1 (Ireland). Data submitted through the API is stored and processed within the EU. For customers in the EEA or UK, we can provide a Data Processing Agreement (DPA) on request — contact hello@veridianapi.com.

We implement technical and organizational safeguards appropriate to the sensitivity of the data we process. These include AES-256 encryption at rest, TLS 1.3 in transit, and role-based access controls.

No system is perfectly secure. We will notify affected customers of any confirmed data breach within 72 hours of discovery, as required by GDPR and applicable law.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your personal data
• Object to or restrict certain processing activities
• Data portability (receive your data in a machine-readable format)
• Withdraw consent where processing is based on consent
• Lodge a complaint with your local supervisory authority

To exercise these rights, contact us at hello@veridianapi.com. We will respond within 30 days (or sooner as required by law).

Our website uses only essential cookies required for authentication and security. We do not use third-party advertising cookies. See our Cookie Policy for full details. You can control cookies through your browser settings.

The Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact us immediately at hello@veridianapi.com.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent in-product notice at least 14 days before the changes take effect. The “Last updated” date at the top indicates when the current version was published.