Assure’s Identity Data Handling & Storage Policy
Assure recognizes the importance of proper & secure handling & storage of sensitive identity data.
Maintaining the integrity of the identity data of our users is of utmost concern for our team and thus we have developed a robust data handling policy to ensure our client data is not subject to a breach, is regulatory resistant & always will be accessible if it is ever needed.
Our Data Storage Policy
Assure has integrated an identity verification software via API which has been proven as a robust solution for a quick & effective means of performing the ID validation component of our business. Once completed, identity data (including document images & video capture) is stored securely on private encrypted servers by our trusted identity partner. The data handling and storage on the identity verification platform is subject to compliance with CCPA, GDPR, SOC2 type II & WCAG Accessibility Guidelines.
The data stored on the servers outlined above is maintained for 12 months and then permanently deleted.
When an Assure KYC identity verification is approved, the ID data is also backed up and stored indefinitely using Storj (storj.io), a trustless & securely encrypted decentralized data storage platform. Note that identity data associated with incomplete or declined KYC approval will not be stored by Assure.
Learn more about our data storage partner, Storj here:
This long-term data storage solution through Storj provides the following features & benefits:
Every file is encrypted, split into pieces, and stored on diverse nodes, making data breaches a thing of the past. This decentralized approach also protects your data from malicious attacks and protects your data from being stolen by bad actors.
Default encryption is standard on every file. Every file is encrypted using AES-256-GCM symmetric encryption. Everything is encrypted as standard before being uploaded — your data is only in the hands of the Assure authorized KYC reviewer. The risk of data being compromised by an unauthorized user during the upload/transfer process is mitigated.
Data is not maintained in a single centralized data center. Instead, we take advantage of a massive global network of storage nodes that enables unparalleled security, privacy and availability.
Our Data Handling Policy
In addition to the data storage policy outlined above, it is equally critical to have a robust policy and strict guidelines for data handling as well.
Assure uses GDPR guidelines as a baseline for our comprehensive and formal data handling policy.
Please view the details of our comprehensive data handling policy at the link below: