Privacy Policy
Legal

Privacy Policy

Last updated: April 10, 2026

This Privacy Policy describes how Scan2Verify (“we”, “our”, or “us”) collects, uses, and shares information about you when you use our website and verification services at scan2verify.com (“Services”). By using the Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly
  • Account Information: Name, email address, and password when you register.
  • Verification Submissions: Documents you upload for verification (passports, national IDs, business registrations, etc.), your name, phone number, country, and company name where applicable.
  • Payment Information: Billing details processed securely via our payment partners supporting international debit/credit cards and mobile money. We do not store full card numbers on our servers.
  • Contact Messages: Name, email, subject, and content of messages sent via our contact form.
1.2 Information Collected Automatically
  • Log Data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
  • Cookies & Session Data: We use session cookies for authentication and analytics cookies to understand how users interact with our site.
  • Device Information: Hardware model, operating system version, and unique device identifiers.

2. How We Use Your Information

  • To provide and process identity and document verification services.
  • To generate and send your tracking key and verification status updates via email.
  • To process payments securely and send receipts.
  • To authenticate your identity via Two-Factor Authentication (2FA).
  • To communicate with you about your account, submissions, and service updates.
  • To improve our services through analytics, error monitoring, and user research.
  • To comply with legal obligations, including anti-money laundering (AML) and know-your-customer (KYC) regulatory requirements.
  • To detect and prevent fraud, abuse, and security incidents.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to fulfill our verification services contract with you.
  • Legal Obligation: Processing required to comply with AML, KYC, and other applicable laws.
  • Legitimate Interests: Fraud prevention, service improvement, and security monitoring.
  • Consent: Where you have given explicit consent (e.g., marketing emails, cookies).

You have the following rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

To exercise any of these rights, contact our Data Protection Officer at [email protected] or write to the address below.

4. How We Share Your Information

We do not sell your personal data. We may share information with:

  • Verification Partners: Accredited government and institutional databases necessary to verify your documents.
  • Payment Processors: Our payment partners handle payment data under their own privacy policies. We support international debit/credit cards and mobile money providers.
  • Email Service Providers: To send transactional emails (submission confirmations, 2FA codes, status updates).
  • Legal Authorities: When required by law, court order, or to protect the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

5. Cookies

We use the following types of cookies:

TypePurposeDuration
EssentialSession management, CSRF protection, authenticationSession
FunctionalRemembering language and display preferences1 year
AnalyticsUnderstanding usage patterns to improve the service2 years

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

6. Data Retention

  • Account data: Retained for as long as your account is active, plus 2 years.
  • Verification documents: Retained for 5 years to comply with AML/KYC regulatory obligations, then securely deleted.
  • Security logs: Retained for 12 months.
  • Contact messages: Retained for 3 years.

7. Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Two-Factor Authentication (2FA) for all user accounts
  • Regular security audits and penetration testing
  • Role-based access controls with full audit logging

8. Contact Us

For privacy-related enquiries, to exercise your data rights, or to report a concern:

Scan2Verify
1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801, USA
General: [email protected]
Data / Privacy (DPO): [email protected]
+1 307 424 2684