At VerifyID, we adhere strictly to the principles of data protection by design and by
default. We have implemented robust technical and organizational safeguards to ensure
the highest level of security for all identity data processed through our platform.
Regular Data Protection Impact Assessments (DPIAs) are conducted, and access to customer
information is strictly limited to authorized personnel with top-level clearance—only
after receiving explicit permission from the client.
To ensure full compliance with GDPR, we provide dedicated EU API endpoints, guaranteeing
that all personal data remains within EU borders during processing and storage.
Additionally, we partner exclusively with reputable, GDPR-compliant data center
providers to handle all data operations, ensuring secure and lawful management of your
customers' information.
VerifyID is trusted by healthcare providers and insurers to verify the identities of both onsite and remote patients—particularly in the growing telehealth sector. Integrating VerifyID into your patient or customer onboarding process does not compromise your organization’s HIPAA compliance. This is because VerifyID only processes identity data independently, without collecting or storing any Protected Health Information (PHI) as defined by HIPAA regulations. Our role is to digitize and authenticate user identities, but we do not access, process, or retain any medical data linked to those individuals. The responsibility to maintain HIPAA compliance lies with your organization, particularly in how you store and manage the identity data in conjunction with PHI. When used correctly, VerifyID remains a secure and compliant tool that supports HIPAA-aligned workflows without introducing regulatory risk.
When configured with biometric verification, VerifyID’s ID Verification API aligns with
the Identity Assurance Level 2 (IAL2) requirements as defined by NIST.
IAL2 mandates identity proofing through either remote or in-person verification
methods—both of which are supported by our integrated ID and biometric solutions.
Using VerifyID, your system can automatically assess the real-world existence of a
claimed identity and confirm that the user is legitimately associated with it. This
ensures a high level of assurance in digital identity verification, supporting
compliance with modern security and regulatory standards.
At VerifyID, your security and privacy come first. That’s why we’ve implemented a strict
No Log Policy. When you choose to disable our secure vault storage, we do not retain any
of the information you upload—including images, identity documents, or personal data.
This means that even in the unlikely event of a security breach, there will be no
personal information available for anyone to access. With VerifyID, you can use our
services confidently, knowing that your data remains private and protected.
