Effective Date: March 10, 2026. Last Updated: March 10, 2026.
This Privacy Policy ("Policy") governs the collection, processing, storage, use, and disclosure of personal data by Verifilite Inc. ("Verifilite", "Company", "we", "us", or "our") in connection with the services offered through verifilite.com and any associated APIs, SDKs, widgets, dashboards, or mobile applications (collectively, the "Platform").
By accessing or using the Platform, you ("User", "Merchant", "End User", or "Visitor") acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must immediately discontinue use of the Platform.
This Policy applies to: (a) Merchants, being businesses and developers who register for and access the Platform to process identity verifications; (b) End Users, being individuals whose identity data is submitted for verification through the Platform by a Merchant; and (c) Visitors, being individuals who access our website without registering.
Verifilite acts as a data processor with respect to End User personal data submitted by Merchants for verification purposes. The Merchant is the data controller and bears sole responsibility for: (a) obtaining lawful consent from End Users prior to submitting their data for verification; (b) ensuring a valid legal basis exists under applicable data protection law for the processing; (c) providing End Users with adequate privacy notices; and (d) complying with all applicable regulatory and legal obligations in their jurisdiction.
Verifilite accepts no liability arising from a Merchant's failure to comply with their obligations as data controller. By using the Platform, Merchants represent and warrant that they have obtained all necessary consents and authorisations required by applicable law.
When a Merchant registers for the Platform, we collect: full name, business name, business email address, billing information, account credentials, IP address, and device information. We use this data to operate, maintain, and secure the Merchant's account.
When an End User is submitted for verification through the Platform, the following categories of data may be collected and processed depending on the verification modules used:
We automatically collect technical data from all users of the Platform, including IP addresses, browser type and version, operating system, referring URLs, pages visited, time and date of access, and session duration. This data is used for security, fraud prevention, platform optimisation, and analytics.
We process personal data for the following purposes and on the following legal bases:
Verifilite retains End User verification data, including documents, biometric data, and verification results, for a limited period of a few hours following the completion of a verification event ("Retention Window"). During the Retention Window, the Merchant may access and download the verification data via the dashboard. Following expiry of the Retention Window, the verification data is permanently deleted from Verifilite's active systems.
Verifilite is not responsible for the retention, storage, security, or use of any verification data downloaded by a Merchant following the Retention Window. Merchants are solely responsible for managing downloaded data in compliance with applicable data protection laws.
Merchant account data, including registration information and billing records, is retained for the duration of the Merchant's account and for a period thereafter as required by applicable law or legitimate business necessity.
Verifilite does not sell, rent, or trade personal data to third parties for commercial purposes. We may disclose personal data in the following limited circumstances:
AML screening is conducted against third-party databases including OFAC, PEP lists, global sanctions lists, and adverse media sources. By using the AML module, Merchants acknowledge that End User data will be transmitted to these screening services as necessary to perform the check.
Verifilite operates infrastructure on Amazon Web Services (AWS). Data may be processed and stored in data centres located outside your country of residence, including in the United States and other jurisdictions that may not provide the same level of data protection as your home jurisdiction. By using the Platform, you consent to such transfers. Where required by law, we implement appropriate safeguards for cross-border data transfers, including standard contractual clauses.
We implement industry-standard technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration, including TLS encryption in transit, encryption at rest, access controls, and regular security reviews. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security. We are not liable for any breach that results from circumstances beyond our reasonable control.
Verifilite does not store private cryptographic keys for any wallet, whether belonging to Merchants or their End Users. The non-custodial wallet infrastructure is specifically designed to ensure that Verifilite at no point has access to, custody of, or control over any private keys.
Depending on your jurisdiction, you may have certain rights in relation to your personal data, including the right to access, correct, delete, or restrict processing of your data. Requests from End Users regarding their verification data should be directed to the Merchant that submitted the verification, as the Merchant is the data controller. Verifilite will assist Merchants in fulfilling such requests to the extent technically feasible within our systems.
Visitors and Merchants may submit data rights requests directly to us at privacy@verifilite.com. We will respond within the timeframes required by applicable law.
Our website uses cookies and similar tracking technologies. Please refer to our Cookie Policy for full details. By continuing to use the website, you consent to our use of cookies as described therein.
The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor without appropriate consent, we will take steps to delete it promptly. Merchants must not use the Platform to process verifications for individuals they know to be under the age of 18 without ensuring they have appropriate legal authority to do so.
We reserve the right to update this Policy at any time. We will notify Merchants of material changes via email or through the dashboard. Your continued use of the Platform following notification of any changes constitutes acceptance of the revised Policy. We recommend reviewing this page periodically.
For privacy-related enquiries, please contact us at: privacy@verifilite.com or through the contact form at verifilite.com/contact-us.