Compliance & Certifications
VerifyHQ is built with compliance at its core, meeting international standards for identity verification and data protection.
Certifications & Standards
| Parameter | Type | Description |
|---|---|---|
SOC 2 Type II | certification | Audited security controls for data handling |
ISO 27001 | certification | Information security management system |
GDPR | regulation | EU General Data Protection Regulation compliant |
NDPR | regulation | Nigeria Data Protection Regulation compliant |
POPIA | regulation | South Africa Protection of Personal Information Act |
PCI DSS | certification | Payment Card Industry Data Security Standard |
Data Handling
- Encryption at rest: AES-256 for all stored data
- Encryption in transit: TLS 1.3 for all API communication
- Data residency: African data centers (Lagos, Johannesburg) with EU fallback
- Retention: Configurable per client (default: 90 days, then purged)
- Right to erasure: GDPR/NDPR data deletion requests processed within 72 hours
Anti-Fraud Measures
- AI-powered document tampering detection
- Passive and active liveness detection
- Cross-verification fraud network (Fleet Brain)
- Sanctions and PEP screening integration
For compliance questionnaires, DPA agreements, or audit reports, contact compliance@verifyhq.com.