Privacy Policy

Categories of Sources of Personal Data

We collect Personal Data from the following categories of sources:

• You (or Individuals Undergoing Verification)
  
  • When you submit information through a verification or onboarding flow powered by AiPrise (for example, uploading identity documents or taking a selfie).
  • When you fill out a form on our website to request a demo or more information.
  • When you create a customer account or use our platform.
  • When you contact us by email, chat, or other communication channels.
  • When you visit our website and information is collected automatically through cookies and similar technologies.
• Our Customers
  • When a Customer submits your information through our APIs or platform for identity verification, business verification, compliance screening, or fraud detection.
• Third-Party Data Sources
  • Government databases and registries (for identity and business verification, including through our One-Click KYC feature).
  • Identity verification and data enrichment partners (we access over 8,000 data sources through our verification network).
  • Sanctions, PEP, and watchlist screening providers.
  • Email, phone, and device intelligence providers (for fraud and risk scoring).
  • Publicly available sources (including business websites, social media profiles, and public registries, which may be accessed by our AI-powered agents as part of verification services).
  • Analytics and marketing platforms that help us understand how visitors interact with our website.

How We Use Your Data

• Providing Verification and Compliance Services (as Processor)
  • Performing identity verification (KYC), business verification (KYB), and beneficial ownership (UBO) checks on behalf of our Customers.
  • Conducting sanctions screening, PEP checks, adverse media screening, and watchlist monitoring.
  • Performing document verification and data extraction using AI-powered analysis.
  • Providing fraud and risk scoring, including analysis of device, email, phone, and behavioral signals.
  • Monitoring transactions for anti-money laundering (AML) compliance.
  • Conducting reverification during high-risk events such as fund withdrawals or new device logins.
  • Delivering verification results, risk assessments, and compliance reports to our Customers.
• Operating Our Fraud and Verification Network (as Controller)
  • Maintaining and improving our fraud detection network by processing fraud flags and indicators reported by Customers, and making de-identified fraud intelligence available across our Customer base.
  • Operating our verification network to confirm whether an entity has been previously verified through our platform, using tokenized identifiers that do not reveal the identity of the original verifying Customer.
• Providing, Improving, and Securing the Platform
  • Creating and managing Customer accounts.
  • Processing orders and billing.
  • Providing customer support and technical assistance.
  • Improving the Services, including testing, research, internal analytics, and product development.
  • Protecting the security and integrity of our platform, including detecting and preventing unauthorized access, fraud, and abuse.
• Advertising and Marketing
  • Advertising, marketing, and promoting our Services.
  • Sending newsletters, product updates, and other communications according to your preferences.
• Corresponding with You
  • Responding to inquiries, demo requests, or other correspondence.
  • Contacting you when necessary or requested, and sending you information about AiPrise or the Services.
• Meeting Legal Requirements and Enforcing Legal Terms
  • Fulfilling our legal obligations under applicable law, regulation, court order, or other legal process, such as preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities.
  • Protecting the rights, property, or safety of you, AiPrise, or another party.
  • Enforcing any agreements with you.
  • Resolving disputes.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How We Share Your Personal Data

We may disclose your Personal Data to the categories of service providers and other parties listed in this section. We do not sell or rent your Personal Data. However, under certain state privacy laws (such as the California Consumer Privacy Act), some types of data sharing described below may be broadly classified as a “sale” or “sharing.” For more information about your rights under state privacy laws, please refer to the “State Law Privacy Rights” section below.

• Our Customers. If you are an individual undergoing verification, we share verification results, risk assessments, and compliance reports with the Customer that initiated the verification. We do not share your data with other Customers in identifiable form.
• Verification and Data Partners. We work with a network of identity verification, business verification, and data enrichment partners to perform the Services. These partners may receive Personal Data necessary to conduct verification checks, including identity documents, government identifiers, and biometric data. We access over 8,000 data sources and work with over 80 verification partners worldwide. A current list of sub-processors is available upon request.
• Government Databases and Registries. We may access government identity databases and business registries to verify identity and business information, including through our One-Click KYC feature.
• AI and Machine Learning Providers. We use third-party AI and machine learning services to power features such as document analysis, fraud detection, and compliance automation. These providers process data in accordance with our contractual data processing agreements.
• Hosting and Infrastructure Providers. We use cloud hosting, storage, and infrastructure providers to operate the Services.
• Fraud and Risk Intelligence Providers. We share data with and receive data from email, phone, device, and behavioral intelligence providers to support fraud and risk scoring.
• Payment Processors. We use third-party payment processors to handle billing and payment transactions for our Customers.
• Marketing and Advertising Partners. We may share website visitor and marketing data with partners that assist us in promoting our Services and analyzing campaign effectiveness. We do not share verification data or data processed on behalf of Customers for marketing purposes.
• Analytics Partners. We use analytics providers to understand how visitors interact with our website and how Customers use our platform.
• Support and Communication Providers. We use third-party tools for customer support, live chat, and email communications.
• Other Customers (De-Identified, via Fraud and Verification Network Only). As described in the “Cross-Customer Data Use” section below, we may share de-identified fraud intelligence and verification status information across our Customer base as part of our fraud detection and verification network. This sharing does not identify the Customer that originally submitted the data.
• Legal Obligations. We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” above.
• Government and Law Enforcement Requests. We may disclose Personal Data to government authorities or law enforcement officials in response to a valid legal process such as a subpoena, court order, or search warrant. Where legally permitted, we will notify affected business Customers before disclosing their data, giving them an opportunity to seek protective measures. We do not voluntarily provide Customer data to government agencies outside of valid legal process.
• Business Transfers. All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
• Aggregated and Anonymous Data. We may create aggregated, de-identified, or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular individual. We may use such aggregated, de-identified, or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build, and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you. We do not sell or rent Personal Data, including biometric data.

Biometric Data

As part of our identity verification Services, AiPrise may process biometric data — including facial images (selfies), face geometry, and liveness detection signals — on behalf of our Customers. Our collection, use, retention, and protection of biometric data is governed by our separate Biometric Data Policy, available upon request by contacting privacy@aiprise.com. We do not sell, lease, trade, or otherwise profit from biometric data, and we do not share biometric data across Customers.

Cross-Customer Data Use

AiPrise operates a fraud detection and verification network that enables our Customers to benefit from aggregated intelligence across our platform. This section explains how that works and what data is involved.

Fraud Network

When a Customer reports that a company or individual is associated with fraudulent activity, we may store that fraud flag and related risk indicators. We may then make this fraud intelligence available to other Customers in de-identified form — meaning we share the fact that a particular entity has been flagged, but we do not identify which Customer reported the fraud.

This fraud intelligence applies to both business entities (KYB) and individuals (KYC). It is a core part of our Services and helps protect all Customers from known fraud risks.

Verification Network

We may operate a verification network that allows Customers to benefit from verifications previously completed through our platform. When an entity has been successfully verified by one Customer, we may indicate to another Customer that the entity has been previously verified within the AiPrise network, using tokenized identifiers. We do not disclose which Customer performed the original verification or share the underlying verification data.

What We Do Not Share Across Customers

• No raw Personal Data. We do not share raw Personal Data (such as names, documents, or contact information) across Customers.
• No biometric data. We do not share biometric data across Customers (see our separate Biometric Data Policy).
• No Customer identification. We do not identify which Customer submitted data or reported a fraud flag.

Legal Basis

We process fraud network and verification network data as a data controller based on our legitimate interest in preventing fraud and promoting trust within the AiPrise ecosystem. Customers are informed of this cross-customer data use through our Customer agreements. If you are an individual whose data may be included in our fraud or verification network, you may contact us at privacy@aiprise.com to exercise your rights under applicable law.

Information for Individuals Undergoing Verification

If you have been directed to complete a verification flow powered by AiPrise (for example, through an onboarding SDK, a verification link, or an embedded form), this section is for you.

Who Is Responsible for Your Data

The company that asked you to verify your identity or your business’s identity is the data controller for that process. They determine why your data is being collected and how it will be used. AiPrise processes your data on their behalf as a data processor.

What Data We Collect During Verification

Depending on the verification type and the Customer’s configuration, we may collect some or all of the following:

• Identity and contact information. Your name, date of birth, nationality, and contact information.
• Identity document. A photo of your government-issued identity document (such as a passport or driver’s license).
• Biometric data. A selfie or facial image for biometric verification and liveness detection.
• Business information. Your business’s legal name, registration number, address, ownership structure, and related documents.
• Device and technical data. IP address, device type, and browser information, collected automatically during the verification flow.

What Happens to Your Data

We use your data to perform the verification requested by the Customer and deliver results to them. We do not use your verification data for marketing, advertising, or any purpose unrelated to the verification service, except as described in the “Cross-Customer Data Use” section above (de-identified fraud and verification network data only).

Your Rights

Because the Customer is the data controller, please direct any requests to access, correct, or delete your data to the company that asked you to complete the verification. If you are unable to reach them, contact us at privacy@aiprise.com and we will assist in routing your request.

Biometric Data

If your verification involves a selfie or facial image, our collection and use of biometric data is governed by our separate Biometric Data Policy, available upon request by contacting privacy@aiprise.com.

Cookies and Tracking Technologies

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data — usually text files — placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support “Do Not Track” requests sent from a browser at this time.

We use the following types of Cookies:

• Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
• Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services. They do this by collecting information about the number of visitors to the Services, what pages visitors view on our Services and how long visitors are viewing pages on the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns to help us improve our campaigns and the Services’ content for those who engage with our advertising.

You can decide whether to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work.

To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.

AI and Machine Learning

AiPrise uses artificial intelligence and machine learning as a core part of our Services, including for document analysis and data extraction, identity and business verification, fraud detection and risk scoring, sanctions and watchlist screening, and compliance automation. AI processes run in the background — individuals undergoing verification do not interact directly with AI through a chat or similar interface.

How We Use AI with Your Data

We do not use identifiable Personal Data submitted by or on behalf of our Customers to train or improve our AI models. Customer data is used solely to provide the requested services to that specific Customer. We may use aggregated, de-identified data to improve the accuracy and performance of our Services, but only after removing all information that could identify a specific individual, business, or Customer.

Third-Party AI Providers

We use third-party AI and machine learning providers to deliver certain features of our Services. These providers are bound by data processing agreements that restrict how they may use data received from AiPrise, and we do not permit them to use Customer data for their own model training purposes. A current list of AI sub-processors is available by contacting privacy@aiprise.com.

Publicly Available Information

As part of our business verification and risk assessment services, AI-powered tools may access publicly available information — including business websites, social media profiles, and public registries — to gather and analyze data relevant to a verification request.

Data Retention

This section explains how long we retain your Personal Data and the factors that determine retention periods.

General Retention Principles

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements.

Specific Retention Periods