Security & Compliance
We take security seriously because our clients trust us with sensitive data every single day. Here you can find everything about how we keep that data safe and what certifications back it up.
Certifications & Standards
We get audited regularly by independent third parties, and we make the results available so you can verify everything yourself.
ISO/IEC 27001:2022
Continuously certified since 2020. iDenfy holds an ISO/IEC 27001:2022 certificate (No. 1512120135) issued by TÜV Thüringen under DAkkS accreditation. This certificate covers the development and provision of identity and business verification, fraud prevention and anti-money laundering software. Our most recent surveillance audit found no non-conformities, confirming that our information security management system meets the highest global standards.
Valid until: 2026-06-02
View CertificateSOC 2 Type II
Independently audited for security, availability and confidentiality. iDenfy's SOC 2 Type II report covers a full 12-month investigation period, as certified by House of CPA. The report confirms that our controls are not only properly designed, but also operate effectively over time, providing customers and their auditors with documented assurance on how we handle and store data in a production environment.
Audit period: 2025-2026
Available upon request
eIDAS Compliance
Certified for remote authentication in accordance with EU regulation. iDenfy holds an eIDAS Declaration of Conformity (No. eIDAS250020) issued by the Electrotechnical Testing Institute (EZU) in Prague. The certification covers remote authentication using image identification assessed in accordance with Regulation (EU) No. 910/2014, ETSI TS 119 461 and ISO/IEC 30107-3:2023. This makes iDenfy one of the few authentication service providers that meets the highest European standards for electronic identification and trust services.
Valid until: 2027-09-26
View CertificateHow We Protect Your Data
Certifications are one thing, but what really matters is what happens day to day. Here is how we actually handle security at iDenfy.
Encryption
Everything is encrypted — both when data moves between systems (TLS 1.2+) and when it sits in storage (AES-256). Biometric data gets extra layers of protection on top of that, with tighter access restrictions than anything else we store.
Access Control
Nobody gets access to systems they do not need. We use role-based permissions with multi-factor authentication, and every time someone touches a production system, it gets logged and reviewed.
Vulnerability Management
We run penetration tests and automated vulnerability scans on a regular basis. If something critical comes up, we patch it within 24 hours. We also have a responsible disclosure program if external researchers find something we missed.
Monitoring & Incident Response
Our systems are monitored around the clock with automated alerts. When something goes wrong, the incident response team jumps on it following a clear playbook with defined SLAs — no guessing, no delays.
Data Residency
All data lives in the EU. If your business has specific residency requirements, we can accommodate those too. We are fully compliant with GDPR, CCPA, and other privacy regulations that apply to our clients.
Business Continuity
We built redundancy into everything — if one system goes down, another picks up automatically. We test disaster recovery regularly and maintain a 99.9% uptime SLA. All backups are encrypted and tested to make sure they actually work when needed.
Regulatory Compliance
Wherever your business operates, we have got the compliance covered. Here are the key regulations and frameworks that iDenfy supports.
GDPR
EU General Data Protection Regulation
CCPA
California Consumer Privacy Act
AML/KYC
Anti-Money Laundering & Know Your Customer
AMLD5/6
EU Anti-Money Laundering Directives
PSD2
Payment Services Directive
FATF
Financial Action Task Force recommendations
Cyber Insurance
On top of everything else, all iDenfy products are backed by cyber insurance and Technology Errors & Omissions coverage from Lloyd's of London. If something ever goes wrong on our end, our clients are protected.
Documents in Force
Current versions of iDenfy Trust Service governing documents.
| Name | Version | Date Published | Valid From |
|---|---|---|---|
| Practice Statement | 1.1.0 | 2025-09-09 | 2025-09-09 |
| Terms and Conditions | 1.1.0 | 2025-09-09 | 2025-09-09 |
| Practice Statement | 1.0.0 | 2023-03-12 | 2023-03-12 |
| Terms and Conditions | 1.0.0 | 2023-03-12 | 2023-03-12 |
| Terms and Conditions (Romanian) | 1.0.0 | 2023-03-12 | 2023-03-12 |
iDenfy Trust Service
Governing Documents
Third-party Registers
Registers used during identification to verify document validity.
| Name | Country |
|---|---|
| Lost / Stolen Document Register | Lithuania |
| No registries | Romania |
Incidents & Status
Real-time status and incidents can be viewed and subscribed to via the iDenfy status page.
Changes & Updates
Updated security documents will be published and notified via this page and by email to subscribers, customers, and supervisory bodies.
Have security questions?
If you need more details, want to see our SOC 2 report, or have specific compliance questions — just reach out. Our security team is happy to talk.
