Privacy Policy & Terms of Service

What Data We Collect

When processing KYC/KYB verifications, Certivant processes the following categories of personal data on behalf of our customers, who act as data controllers:

• Identity Documents — Passports, national IDs, driver’s licenses, and business registration documents
• Biometric Data — Facial images for liveness verification (where enabled by customer)
• Business Data — Company registration numbers, beneficial owner information, director details
• Verification Metadata — Timestamps, IP addresses, device information, and verification outcomes

How We Use Your Data

Data processed through Certivant is used exclusively for performing identity verification, AML/sanctions screening, fraud detection, generating audit-ready compliance records, and improving verification accuracy through aggregate anonymized model training.

We never sell personal data to third parties. We never use verification data for advertising or marketing purposes.

Data Storage & Security

All documents are stored using AES-256 encryption at rest on Azure Blob Storage or AWS S3 (your choice of region). TLS 1.3 encryption in transit. Zero-knowledge key management ensures Certivant staff cannot decrypt customer data. Right-to-erasure requests are processed within 30 days.

GDPR & PIPEDA Rights

Under GDPR and PIPEDA, individuals have the right to access their data, correct inaccuracies, request deletion, object to processing, and request data portability. To exercise these rights, contact compliance@certivant.com.

By accessing or using Certivant’s services, you agree to these Terms of Service. If using Certivant on behalf of a company, you represent that you have the authority to bind that entity.

Service Terms

Certivant provides identity verification infrastructure as a service. Customers are responsible for ensuring their use complies with applicable laws, obtaining proper consent from end users before verification, maintaining accurate account information, and protecting their API credentials.

Liability & Warranties

Certivant’s verification results are a decision-support tool and do not constitute legal compliance advice. Customers retain full responsibility for their compliance obligations. Certivant’s liability is limited to fees paid in the 12 months preceding any claim.

Termination

Either party may terminate with 30 days written notice. Customer data is retained for the regulatory minimum period required by law, then securely deleted. Customers may request data export before termination.