Privacy Policy

VerifyID \ Privacy Policy
Last updated: January 2026

This Privacy Policy explains how VerifyID.io, operated by OmniSol Information Technology (Pty) Ltd (“VerifyID”, “we”, “us”, or “our”), collects, uses, stores, and protects personal information when you access or use our platform, APIs, and related services (the “Service”).

By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with it.

1. Scope of This Policy

This Privacy Policy applies to all users of VerifyID.io, including clients who submit data for identity verification (KYC), risk screening (AML / PEP / Crime), and watchlist monitoring.

2. Roles and Responsibilities

For the purposes of data protection laws:

  • Clients using VerifyID.io are typically the Data Controllers of personal information they submit.
  • VerifyID acts as a Data Processor where it processes data on behalf of Clients, and as a Data Controller for platform operational data.

3. Information We Collect

Depending on how the Service is used, we may process the following categories of information:

  • Identification data: names, identity numbers, dates of birth, document information, and similar identifiers provided by Clients.
  • Contact data: email addresses and notification endpoints configured by Clients.
  • Screening data: watchlist entities, AML / PEP / Crime screening results, match indicators, and related metadata.
  • Technical data: IP addresses, timestamps, device information, API usage, and system logs.

4. Purpose of Processing

We process personal information strictly for legitimate business and compliance purposes, including:

  • Providing identity verification (KYC) services
  • Performing AML, PEP, and Crime screening
  • Maintaining and running watchlists
  • Sending notifications (email or webhook) when new risk matches are detected
  • Maintaining audit trails and system logs
  • Improving system security, reliability, and performance

5. Lawful Basis for Processing

VerifyID processes personal information based on one or more of the following lawful grounds:

  • Consent obtained by the Client from the data subject where required
  • Compliance with legal or regulatory obligations
  • Legitimate interests in preventing fraud, financial crime, and identity misuse
  • Performance of a contract with the Client

6. Data Sources

Screening results are derived from third-party data sources such as sanctions lists, politically exposed person registers, and publicly available enforcement or crime datasets. VerifyID does not control the content of these sources and cannot guarantee their completeness or accuracy.

7. Automated Processing and Watchlists

Where Clients enable automated watchlists:

  • Entities may be screened on a scheduled or manual basis
  • Results are recorded for audit and compliance purposes
  • Notifications are sent only when new matches are detected
  • Historical screening and notification records may be retained even after entities are removed

8. Data Retention

Personal information is retained only for as long as necessary to fulfil the purposes outlined in this Policy, including compliance, audit, and legal obligations. Retention periods may vary depending on data type and regulatory requirements.

9. Data Sharing

VerifyID does not sell personal information. Data may be shared only:

  • With Clients who submitted the data
  • With trusted service providers acting under confidentiality obligations
  • Where required by law or lawful authority

10. Security Measures

VerifyID implements appropriate technical and organisational security measures to protect personal information against unauthorised access, loss, misuse, or alteration. These measures include access controls, encryption, logging, and monitoring.

11. Data Subject Rights

Depending on applicable law, data subjects may have rights including access, correction, objection, or deletion of personal information. Requests should be directed to the relevant Client acting as data controller.

12. International Transfers

Where data is processed or stored outside the Republic of South Africa, VerifyID ensures that appropriate safeguards are in place in accordance with applicable data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Continued use of the Service after updates constitutes acceptance of the revised policy.

14. Contact Information

If you have any questions about this Privacy Policy or our data practices, you can contact us: