Book a demo calendar Animation-1711692251158_1
Book a demo 0 Meta image 600x600

Signzy US

0 Meta image 600x600

Privacy Policy

Privacy Policy

1. Introduction

Signzy Technologies & Services Inc. (“Signzy,” “we,” “our,” or “us”) is a technology service provider for digital identity and verification solutions. We offer a suite of APIs to our customers (hereinafter referred to as “Customers”)—including but not limited to Driver’s License Verification, Face Match, Liveness Check, OCR, Passport Verification, EIN Verification, SSN Verification, and PEP Screening—that enable businesses to perform robust Know Your Customer (KYC), identity, business, age, and bank account verification (“Services”). Our solutions are available via our no-code platform as well as API integrations. In the case of APIs, the Customers of Signzy integrate such APIs into their websites, web-based applications, or mobile applications. Signzy processes the personal information of our Customer’s end-users (“You,” “Users,” “End-users”).

This Privacy Policy describes how we collect and process the Personal Information (as defined hereunder). By accessing or using our Services (including our API marketplace and associated use cases), you agree to the collection and use of information in accordance with this Privacy Policy.

As an organization that offers software for compliance with anti-money laundering requirements, Signzy advocates for transparency, accountability, and strict adherence to legal and regulatory standards. Signzy is equally committed to ensuring that its business model and operations comply with all relevant data protection laws and regulations. For example, Signzy ensures compliance not only with the European Union’s General Data Protection Regulation 2016/679 (“EU GDPR”) and the UK’s version of the EU GDPR, known as the “UK GDPR,” but also with U.S. data protection laws, Canadian privacy legislation, and any other applicable legal frameworks.

2. Short Summary & Scope

Signzy uses information about you to provide the Services or develop new Services aimed at verifying your identity and helping prevent fraud. We analyze the data we collect to create insights about fraud, which enables us to provide our Customers with information about potentially fraudulent transactions and/or fulfilling operational/ compliance requirements. For example, we use the data to identify commonly used fake identification documents or government identifiers.

This Privacy Policy generally outlines Signzy’s privacy practices in its role as a processor, handling Personal Information (as defined hereunder) on behalf of its Customers. While you are not obligated to provide your personal information directly to Signzy, failure to do so may prevent us from delivering our Services as instructed by our Customers.

As an organization that offers software or technology for the purposes of compliance with anti-money laundering requirements, Signzy advocates for transparency, accountability and compliance with legal and regulatory requirements. Signzy is equally passionate about ensuring that its business model and operations are compliant with all relevant laws and regulations including those that concern data protection.

In this Privacy Policy with detailed information on how we collect and process Personal Information. This Privacy Policy applies for when you’re a user of our website, APIs, mobile applications. This Privacy Policy applies to all personal information collected by Signzy through our website, APIs, mobile applications, and other channels related to our digital verification Services. It governs data provided both directly by end users and indirectly via our customers who integrate our APIs into their products.

3. Our Categorisation Under Data Protection Laws

Data protection and privacy laws in certain jurisdictions, differentiate between ‘controllers’ or ‘data fiduciaries’ and ‘processors’ or ‘service providers’ of personal information. A controller or business decides why and how to process personal information. A processor or service provider processes personal information on behalf of a controller, based on the controller’s instructions. We are categorised as a ‘data processor’ under data protection laws when operating our business and providing Services to our Visitors and Users. This is because we do not own the data nor determine the purposes or means of processing and act on the instructions of the data controller.

4. Information We Collect

Personally identifiable information, namely information that identifies an individual or may, with reasonable efforts, cause the identification of an individual, or may be of private or sensitive nature (“Personal Information”) may be provided by the Customers of Signzy.

To provide its Services, Signzy processes personal information on behalf of its Customers. Signzy assumes that the Customer has obtained the necessary consent from you, the end user, and has clearly specified the purpose for which the personal information is being processed.

We may collect and process various types of Personal Information, including but not limited to the following:

a. Personal and Contact Information
  • Examples: Name, date of birth, address, email, phone number, and other contact details provided during registration or via API payloads.
b. Government-Issued Identification and Verification Data
  • Examples: Images and data extracted from driver’s licenses, passports, national IDs, EIN documents, and SSN information submitted through our verification APIs.
c. Biometric Data
  • Examples: Facial images, facial biometric templates, and liveness check results collected via our Face Match and Liveness Check APIs.
  • Note: Such biometric data is processed with heightened security measures due to its sensitive nature.
d. Document Data
  • Examples: Documents scanned and processed through our OCR API, including text extraction for identity verification and age verification.
e. Screening and Risk Assessment Data
  • Examples: Data from PEP (Politically Exposed Person) Screening and other risk or fraud detection tools to support AML (Anti-Money Laundering) compliance.
f. Technical and Usage Data
  • Examples: IP addresses, device identifiers, browser types, cookie data, and usage logs that help us manage, secure, and improve our API Services.
g. Transactional Data
  • Examples: Digital signatures, records of verification events, and data associated with the use of our no-code platform or API integrations.
h.Geolocation information 
  • Example: the location of your device; and
i. Internet or other electronic network activity including information about your device’s operating system, browser type, browser settings
  • Example: Country, language preferences, or your use of our website or application (e.g., time access, duration of visit);

j.Inferences such as a transaction risk calculations and scores (e.g., Signzy may review whether the IP address or other available information is known to have been used in a fraudulent transaction and provide an assessment to a Customer of the likelihood the transaction is fraudulent).

To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or other information to help detect fraud and safety issues from third party service providers or partners, and combine it with information we have about you. These categories of third parties include consumer reporting agencies, fraud prevention Services, data brokers, government databases, and marketing and analytics providers.

5. How We Use Your Information

While serving the Customers, Signzy mainly processes your data as a processor for Customers’ benefit. Signzy processes Personal Information for the performance of agreements, including indicated Services, obligations arising from agreements with the Customers and related rights, as well as for the execution of rights and fulfilment of obligations deriving from legal acts and processing Users’ requests.

Generally, Signzy collects and further processes Personal Information for the Customers, which may include but not limited to the matters of compliance with applicable AML/CFT and/or other laws and regulations and/or Customer’s internal customer due diligence procedures. Once Personal Information is no longer necessary for the relevant purpose, acting on Customer’s written instructions, Signzy transfers the data to Customers and then erases it from its servers without leaving any backup copies.

The Personal Information may be collected or processed for the following purposes:

a. Service Provision and Improvement
  • Verification Services: To perform identity, document, and business verifications via our APIs, including comparing new scans of identification documents against scans of identification documents previously collected by Signzy and preventing the use of fraudulent identification documents.
  • Data Extraction & Analysis: To process documents using OCR and validate biometric data through Face Match and Liveness Check APIs.
  • Use Case Enablement: To support various use cases such as KYC, business verification, age verification, and bank account verification.
b. Regulatory Compliance and Risk Management
  • AML and Fraud Prevention: To conduct PEP screenings and monitor for fraudulent activities, ensuring compliance with AML and other regulatory mandates.
  • Legal Compliance: To meet our legal and regulatory obligations under applicable U.S. laws.
c. Communication and Customer Support
  • User Interaction: To communicate updates, security notifications, and customer support information.
  • Feedback and Improvement: To analyze user interaction and usage data, enabling continuous service improvement across industries like financial Services, banking, remittance, and gaming.
d. Business Operations
  • Integration Support: To facilitate seamless API integration and support our no-code platform, enhancing the user experience for our business partners and end users.
e. Other Purposes
  • Establish, exercise or defend legal claims;
  • Investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property, the property or physical safety of any person or third party;
  • Respond to valid and enforceable subpoenas, court orders, and other legal process, or as otherwise required by law; and
  • Comply with legal and/or regulatory requirements.

6. Personal Information From Public Registries

Signzy’s software has the ability to transfer certain data including Personal Information, from the public domain to its customers either via Signzy’s web-portal or API. In general, Signzy is permitted to transfer this data because it is necessary for its legitimate interests and its legitimate interests do not override the interests or fundamental rights and freedoms. We believe we have a compelling legitimate interests of preventing and detecting crime This is because Signzy’s software is helpful in combating money laundering and therefore ensuring that we have a stronger and safer society. Signzy has created its business based on the principle of privacy by design and data minimisation and as such, it does not store any data that it transfers from public registries to its customers.

7. Legal Basis for Processing

We process personal and sensitive data on one or more of the following legal bases:

  • Consent: When you have provided explicit consent for specific processing activities. By using Signzy’s Services, you consent to the collection, processing, and use of your personal information. In case we are collecting, processing the Personal Information for provisioning of the Services to our customers, the consent is procured by the Customers in their capacity as data controllers/ data fiduciaries.
  • Contractual Necessity: When processing is necessary to perform our contractual obligations with our customers, business partners or API consumers, who are acting as data controllers.
  • Legal Obligations: When required by law or regulation (e.g., AML, fraud prevention, regulatory reporting, tax, etc.).
  • Legitimate Interests: For the purposes of improving our Services, preventing fraud, and maintaining security, provided that such interests do not override your fundamental rights.

We will only use the Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the data protection and privacy laws, where this is required or permitted by law.

Special notice to residents of the states of Illinois, Washington, or Texas (USA)

Personal Information processed by Signzy may include certain ‘biometric identifiers’ (such as scans of facial geometry or voiceprints) and ‘biometric information’ (data extracted from and based on biometric identifiers), which are used to verify the identity of Users.

Whenever such biometric identifiers and/or biometric information (collectively ‘biometric data’) are used as part of the Services rendered by Signzy to any Customer, such data shall be processed by Signzy on behalf of such Customer and permanently deleted as stated in this Notice. In the latter case, Signzy shall not perform any operations regarding such data other than its storage for the period required by the applicable law.

The Customers are independently responsible for complying with the privacy regulations, including the BIPA (Biometric Information Privacy Act of 2008 in Illinois, US) and  providing all necessary disclosures and obtaining all required consents.

8. Sharing, Transfer and Disclosure of Information

We do not sell your Personal Information. However, we may share your information under the following circumstances:

a. With Business Customers and Partners
  • Data Processing on Behalf: When integrating our APIs, our customers (acting as data controllers) may provide and process data using our platform. In such cases, Signzy acts solely as a data processor.
b. With Third-Party Service Providers
  • Service Providers: Trusted vendors who assist us with hosting, data processing, analytics, security, and other functions under strict confidentiality obligations. Further, Signzy has partnered with third-party service providers, whose Services and solutions complement, facilitate, and enhance our own. We do not allow our third-party service providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions, except for when such third-parties are regulators and other governmental organizations.
c. For Regulatory and Legal Purposes
  • Compliance: When required to disclose information by law, regulation, or legal process, or to protect the rights, property, or safety of Signzy, our users, or others.
d. In Connection with Business Transactions
  • Transfers: During mergers, acquisitions, or asset sales, Personal Information may be transferred to the acquiring entity, which will be required to continue protecting your data in accordance with this Privacy Policy.

Personal Information may be maintained, processed, and stored by Signzy and our authorised affiliates, partners and service providers in the United States of America, India, and other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law.

9. Data Retention

We retain your personal and sensitive information only for as long as necessary to achieve the purposes for which it was collected or as required by applicable law. Specific retention periods may vary based on the type of data and regulatory requirements. Once data is no longer needed, it will be securely deleted or anonymized.

10. Security Measures

Protecting your information is paramount to us. We have implemented technical and organisational security measures to prevent your Personal Information from being accidentally lost, falsified, used, or accessed in an unauthorised way, altered, or disclosed. Signzy uses commercially reasonable physical, electronic, and procedural safeguards designed to protect your personal information against loss or unauthorized access, use, modification, or deletion. However, no security program is foolproof, and guarantees absolute security.

We implement comprehensive security measures including but not limited to the following:

  • Encryption: Data is encrypted both in transit and at rest using industry-standard encryption protocols.
  • Access Controls: Strict authentication and authorization controls ensure that only authorized personnel have access to sensitive information.
  • Regular Audits: Continuous monitoring, vulnerability assessments, and periodic security audits help maintain the integrity and confidentiality of the data.
  • Incident Response: A dedicated incident response plan is in place to address and mitigate any potential data breaches.

We also regularly monitor our systems for possible vulnerabilities and attacks and regularly seek new ways to further enhance the security of our Services.

11. Your Rights and Choices

Under applicable U.S. privacy laws, EU GDPR, UK GDPR, Canadian privacy legislation, and any other relevant international data protection standards, you may have the following rights regarding your Personal Information:

  • Access and Correction: Request access to and correction of your Personal Information.
  • Deletion: Request deletion of your Personal Information, subject to any legal or contractual constraints.
  • Objection and Restriction: Object to or request restrictions on certain processing activities.
  • Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.

To exercise these rights or for any privacy-related inquiries, please contact us using the information provided in Section 15.

Upon request, Signzy will provide you with information about whether we hold any of your Personal Information. You may access, correct, or request deletion of your Personal Information. You may object to the processing of your Personal Information, withdraw your consent, and/or request the transfer of your Personal Information. However, if Signzy is acting as data processor only, Signzy shall direct such request to the customers, who are the data controllers.

When you exercise a privacy right, Signzy may request you submit additional personal information in order to verify your identity to the extent necessary prior to fulfilling your request. In addition to the personal information listed above, Signzy may collect the following:

  • Images of Identification documents (e.g., photographs and other information including personal identifiers, demographic characteristics, physical characteristics, etc.);
  • Government identifiers (e.g., driver’s license numbers, passport numbers, etc.) please note that Signzy redacts certain government identifiers in accordance with applicable national laws;
  • Images or recordings (e.g., photographs and visual or audio recordings); and
  • Biometric data.

This personal information, including any biometric data, will only be collected and used to verify your identity.

We will make all reasonable efforts to honour your request promptly. We may need to request specific information from you to help us confirm your identity. This is a security measure also in your own interest to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

12. International Data Transfers

While Signzy primarily processes data within the United States, there may be occasions when data is transferred internationally in order to support our global operations (e.g., for global remittance or gaming platforms). These countries may have data protection laws that differ from or are less stringent than those in your country of residence. However, we will implement adequate safeguards to ensure that your data remains protected in accordance not only with U.S. laws but also with the EU GDPR, the UK GDPR, Canadian privacy legislation, and any other applicable international data protection standards. In circumstances where additional legal requirements arise, we will comply with such laws by utilizing the processes set out in Section 11.

13. Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If it is discovered that we have inadvertently collected data from a minor, we will take steps to promptly delete such information.

14. Updates to the Privacy Policy

Signzy may update or modify this Privacy Notice from time to time to reflect changes in our Services, legal requirements, or other operational needs. We reserve the right to amend this Notice at our sole discretion and for any reason.

Any amendments will become effective immediately upon the posting of the revised Privacy Notice on our website, unless otherwise required by applicable law. Users are deemed to have accepted these amendments by continuing to access or use our Services after the updated Privacy Notice is posted.

By using our Services, you acknowledge and agree that you waive the right to receive specific notice of such amendments. We encourage you to periodically review this Privacy Notice to stay informed of any updates.

If material changes are made to this Notice that significantly affect your rights, we may provide additional notice, as required by applicable law, such as via email or through prominent notices on our website.

15. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your Personal Information, please contact our Data Protection Officer (DPO) at: Privacy@Signzy.com

Last Update: 20th February, 2025

Scroll to Top