'%3e%3cg%20id='Group_2'%20data-name='Group%202'%20transform='translate(0%200.086)'%3e%3cpath%20id='Path_2'%20data-name='Path%202'%20d='M1267.452,502.958c0-7.661,4.346-12.351,12.351-12.351,8.047,0,12.437,4.69,12.437,12.351V519.31h-6.972v-8h-11.017v8h-6.8Zm17.816,2.324v-2.324c0-3.873-1.679-5.9-5.508-5.9-3.787,0-5.508,2.023-5.508,5.9v2.324Z'%20transform='translate(-1267.452%20-490.607)'/%3e%3c/g%3e%3cg%20id='Group_3'%20data-name='Group%203'%20transform='translate(26.978%207.531)'%3e%3cpath%20id='Path_3'%20data-name='Path%203'%20d='M1341.062,521.937V510.92h6.455v11.017c0,3.357,1.635,4.777,4.045,4.777s4.045-1.42,4.045-4.777V510.92h6.455v11.017c0,7.144-4.218,10.8-10.5,10.8S1341.062,529.123,1341.062,521.937Z'%20transform='translate(-1341.062%20-510.92)'/%3e%3c/g%3e%3cg%20id='Group_4'%20data-name='Group%204'%20transform='translate(50.04)'%3e%3cpath%20id='Path_4'%20data-name='Path%204'%20d='M1403.99,510.77v-20.4h6.456V497.9h10.07v5.81h-10.07v7.058c0,2.238,1.033,2.926,2.452,2.926s2.453-.688,2.453-2.926v-.645h6.455v.645c0,6.068-3.615,8.951-8.908,8.951S1403.99,516.838,1403.99,510.77Z'%20transform='translate(-1403.99%20-490.372)'/%3e%3c/g%3e%3cg%20id='Group_5'%20data-name='Group%205'%20transform='translate(68.776%206.971)'%3e%3cpath%20id='Path_5'%20data-name='Path%205'%20d='M1455.11,520.583c0-6.455,4.733-11.189,11.447-11.189S1478,514.128,1478,520.583s-4.734,11.188-11.447,11.188S1455.11,527.038,1455.11,520.583Zm16.353,0c0-3.055-1.979-5.164-4.905-5.164s-4.906,2.109-4.906,5.164,1.98,5.164,4.906,5.164S1471.462,523.638,1471.462,520.583Z'%20transform='translate(-1455.11%20-509.394)'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_7'%20data-name='Group%207'%20transform='translate(94.042)'%3e%3crect%20id='Rectangle_1'%20data-name='Rectangle%201'%20width='42.838'%20height='42.838'%20rx='21.419'%20fill='%230a48ff'/%3e%3c/g%3e%3cg%20id='Group_13'%20data-name='Group%2013'%20transform='translate(100.19%2016.058)'%3e%3cg%20id='Group_9'%20data-name='Group%209'%20transform='translate(21.137)'%3e%3cg%20id='Group_8'%20data-name='Group%208'%3e%3cpath%20id='Path_6'%20data-name='Path%206'%20d='M1598.5,530a5.247,5.247,0,0,1,5.5-5.376,5.143,5.143,0,0,1,5.335,4.28h-3.143a2.273,2.273,0,0,0-2.192-1.385,2.485,2.485,0,0,0,0,4.963,2.274,2.274,0,0,0,2.192-1.385h3.143a5.142,5.142,0,0,1-5.335,4.28A5.247,5.247,0,0,1,1598.5,530Z'%20transform='translate(-1598.499%20-524.619)'%20fill='%23fff'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_10'%20data-name='Group%2010'%20transform='translate(10.504%200.328)'%3e%3cpath%20id='Path_7'%20data-name='Path%207'%20d='M1569.568,536.658h3.084c.309.678.843.946,1.83.946,1.357,0,1.953-.637,1.953-2.179v-1.007a2.9,2.9,0,0,1-2.529,1.357c-2.138,0-4.42-1.439-4.42-5.16v-5.1h3.084v5.1c0,1.6.782,2.282,1.933,2.282,1.11,0,1.932-.719,1.932-2.282v-5.1h3.084v9.807c0,3.536-2.262,4.955-5.037,4.955C1572.076,540.276,1570.082,539.166,1569.568,536.658Z'%20transform='translate(-1569.486%20-525.515)'%20fill='%23fff'/%3e%3c/g%3e%3cg%20id='Group_11'%20data-name='Group%2011'%20transform='translate(0%200.328)'%3e%3cpath%20id='Path_8'%20data-name='Path%208'%20d='M1540.825,525.515h3.084v4.276l3.228-4.276h3.824l-4.132,4.975,4.3,5.181h-3.906l-3.31-4.379v4.379h-3.084Z'%20transform='translate(-1540.825%20-525.515)'%20fill='%23fff'/%3e%3c/g%3e%3cg%20id='Group_12'%20data-name='Group%2012'%20transform='translate(17.453%209.231)'%3e%3cpath%20id='Path_9'%20data-name='Path%209'%20d='M1588.446,549.8'%20transform='translate(-1588.446%20-549.805)'%20fill='%23fff'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
'%3e%3cg%20id='Group_2'%20data-name='Group%202'%20transform='translate(0%200.086)'%3e%3cpath%20id='Path_2'%20data-name='Path%202'%20d='M1267.452,502.958c0-7.661,4.346-12.351,12.351-12.351,8.047,0,12.437,4.69,12.437,12.351V519.31h-6.972v-8h-11.017v8h-6.8Zm17.816,2.324v-2.324c0-3.873-1.679-5.9-5.508-5.9-3.787,0-5.508,2.023-5.508,5.9v2.324Z'%20transform='translate(-1267.452%20-490.607)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_3'%20data-name='Group%203'%20transform='translate(26.978%207.531)'%3e%3cpath%20id='Path_3'%20data-name='Path%203'%20d='M1341.062,521.937V510.92h6.455v11.017c0,3.357,1.635,4.777,4.045,4.777s4.045-1.42,4.045-4.777V510.92h6.455v11.017c0,7.144-4.218,10.8-10.5,10.8S1341.062,529.123,1341.062,521.937Z'%20transform='translate(-1341.062%20-510.92)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_4'%20data-name='Group%204'%20transform='translate(50.04)'%3e%3cpath%20id='Path_4'%20data-name='Path%204'%20d='M1403.99,510.77v-20.4h6.456V497.9h10.07v5.81h-10.07v7.058c0,2.238,1.033,2.926,2.452,2.926s2.453-.688,2.453-2.926v-.645h6.455v.645c0,6.068-3.615,8.951-8.908,8.951S1403.99,516.838,1403.99,510.77Z'%20transform='translate(-1403.99%20-490.372)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_5'%20data-name='Group%205'%20transform='translate(68.776%206.971)'%3e%3cpath%20id='Path_5'%20data-name='Path%205'%20d='M1455.11,520.583c0-6.455,4.733-11.189,11.447-11.189S1478,514.128,1478,520.583s-4.734,11.188-11.447,11.188S1455.11,527.038,1455.11,520.583Zm16.353,0c0-3.055-1.979-5.164-4.905-5.164s-4.906,2.109-4.906,5.164,1.98,5.164,4.906,5.164S1471.462,523.638,1471.462,520.583Z'%20transform='translate(-1455.11%20-509.394)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_7'%20data-name='Group%207'%20transform='translate(94.042)'%3e%3crect%20id='Rectangle_1'%20data-name='Rectangle%201'%20width='42.838'%20height='42.838'%20rx='21.419'%20fill='%234A73FF'/%3e%3c/g%3e%3cg%20id='Group_13'%20data-name='Group%2013'%20transform='translate(100.19%2016.058)'%3e%3cg%20id='Group_9'%20data-name='Group%209'%20transform='translate(21.137)'%3e%3cg%20id='Group_8'%20data-name='Group%208'%3e%3cpath%20id='Path_6'%20data-name='Path%206'%20d='M1598.5,530a5.247,5.247,0,0,1,5.5-5.376,5.143,5.143,0,0,1,5.335,4.28h-3.143a2.273,2.273,0,0,0-2.192-1.385,2.485,2.485,0,0,0,0,4.963,2.274,2.274,0,0,0,2.192-1.385h3.143a5.142,5.142,0,0,1-5.335,4.28A5.247,5.247,0,0,1,1598.5,530Z'%20transform='translate(-1598.499%20-524.619)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_10'%20data-name='Group%2010'%20transform='translate(10.504%200.328)'%3e%3cpath%20id='Path_7'%20data-name='Path%207'%20d='M1569.568,536.658h3.084c.309.678.843.946,1.83.946,1.357,0,1.953-.637,1.953-2.179v-1.007a2.9,2.9,0,0,1-2.529,1.357c-2.138,0-4.42-1.439-4.42-5.16v-5.1h3.084v5.1c0,1.6.782,2.282,1.933,2.282,1.11,0,1.932-.719,1.932-2.282v-5.1h3.084v9.807c0,3.536-2.262,4.955-5.037,4.955C1572.076,540.276,1570.082,539.166,1569.568,536.658Z'%20transform='translate(-1569.486%20-525.515)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_11'%20data-name='Group%2011'%20transform='translate(0%200.328)'%3e%3cpath%20id='Path_8'%20data-name='Path%208'%20d='M1540.825,525.515h3.084v4.276l3.228-4.276h3.824l-4.132,4.975,4.3,5.181h-3.906l-3.31-4.379v4.379h-3.084Z'%20transform='translate(-1540.825%20-525.515)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_12'%20data-name='Group%2012'%20transform='translate(17.453%209.231)'%3e%3cpath%20id='Path_9'%20data-name='Path%209'%20d='M1588.446,549.8'%20transform='translate(-1588.446%20-549.805)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Legal
Data Processing Addendum
Effective 18 June 2026
This Data Processing Addendum (“DPA”) is a public template for customer review. It becomes binding only if incorporated into a signed order, statement of work, master services agreement, or other written agreement between AutoKYC and the relevant customer (the “Agreement”).
AutoKYC may operate as a SaaS provider, reseller, implementation partner, managed service provider, sub-processor, processor, or independent controller depending on the final commercial model. The signed Agreement, not this public page alone, determines the applicable roles, responsibilities, service scope, subprocessors, retention periods, transfer mechanisms, and security commitments.
1. Definitions and precedence
Capitalised terms have the meanings set out in the Agreement. Data protection terms such as “controller,” “processor,” “personal data,” and “data subject” have the meanings given by applicable data protection law. If this DPA conflicts with the Agreement or a negotiated DPA, the signed document controls.
2. Subject matter and nature of processing
Processing may relate to onboarding, KYC, KYB, AML screening, sanctions and PEP workflows, ongoing due diligence, enhanced due diligence, case management, audit logs, SDK/API activity, and managed operations. The actual processing scope depends on the Services selected, the customer configuration, and the final signed Agreement.
AutoKYC processes customer-service data only for documented business purposes connected with the Agreement, applicable law, service security, or customer instructions. AutoKYC does not assume responsibility for the customer’s regulatory programme, lawful basis, risk appetite, or final onboarding decisions unless the signed Agreement expressly says so.
3. Roles of the parties
The customer normally determines the purposes and means of processing for its applicants, customers, beneficial owners, and case records. AutoKYC’s role is determined by the signed Agreement. Where AutoKYC acts as a processor or sub-processor, it will process personal data according to documented instructions and applicable law. Where AutoKYC acts as a controller for website, sales, security, or business records, its Privacy Policy applies.
4. Customer responsibilities
- Determine and document lawful bases, notices, consents, and regulatory obligations for the customer use case.
- Provide accurate instructions, configuration choices, retention settings, and escalation rules.
- Review any provider, subprocessor, residency, or transfer terms included in the final contract package.
- Maintain internal compliance, legal, information security, and business continuity controls.
5. Personnel and confidentiality
AutoKYC limits access to customer-service data to personnel and authorised support resources with a business need to know, subject to confidentiality obligations and access controls appropriate to the service model. Specific staffing, analyst qualification, or managed-operation requirements apply only if included in the signed Agreement.
6. Security measures
AutoKYC uses technical and organisational measures intended to reduce risk to personal data. Depending on the service model, these measures may include encryption, access controls, logging, vulnerability management, environment separation, secure development practices, and incident response procedures.
Public security descriptions are summaries only. Binding control obligations, evidence access, audit rights, certification requirements, and service-specific exclusions must be stated in the signed Agreement.
7. Subprocessors and providers
AutoKYC may use affiliates, infrastructure services, software vendors, data sources, verification services, communications tools, managed operations resources, and professional advisers to support the Services. Specific subprocessor lists, notice periods, objection rights, pass-through terms, and remedies are provided only where required by law or agreed in the signed Agreement.
Provider names, coverage, availability, datasets, and performance characteristics are not guaranteed by this public DPA and may vary by region, contract, configuration, licensing, or customer eligibility.
8. Retention, return, and deletion
Customer-service data is retained, returned, anonymised, or deleted according to the Agreement, customer instructions, configuration, and applicable law. Any example retention period shown in public materials is illustrative unless included in the final signed Agreement.
9. Data subject requests
Where AutoKYC acts as a processor or sub-processor, it will provide reasonable assistance for data subject requests as required by applicable law and the signed Agreement. The customer remains responsible for verifying the requester, determining whether a right applies, and responding to the data subject unless the signed Agreement allocates that responsibility differently.
10. Personal data incidents
AutoKYC maintains incident response processes intended to identify, assess, contain, and communicate relevant personal data incidents. Notification timing, contents, cooperation duties, and escalation contacts are governed by applicable law and the signed Agreement.
11. International transfers
Data hosting, access locations, transfer mechanisms, regional restrictions, and residency options depend on the selected service model and final contract. Where transfer safeguards are required, they must be documented in the signed Agreement or related data transfer schedule.
12. Information and audit
Any audit, questionnaire, evidence, certification, penetration-test summary, or onsite review right is subject to the signed Agreement, confidentiality, security limitations, availability, and reasonable cost controls. Public website content is not a complete audit report or assurance statement.
13. Liability
Liability for data processing is governed by the signed Agreement. If no Agreement incorporates this DPA, this page does not create independent liability, remedies, warranties, service commitments, or third-party rights.
Annex – Illustrative processing details
- Data subjects
- Applicants, beneficial owners, directors, authorised signatories, customer personnel, support contacts, and managed-service users, as configured by the customer.
- Personal data
- Contact details, identification data, business records, document images, device metadata, consent records, workflow data, audit logs, and case notes, depending on the selected service.
- Sensitive data
- Biometric, identity, criminal-risk, sanctions, or similar high-sensitivity data may be processed only where enabled by customer configuration, applicable law, and the signed Agreement.
- Operations
- Collection, routing, review, storage, matching, case management, reporting, deletion, and export as needed for the contracted workflow.
Contact
Data protection questions can be sent to privacy@autokyc.com. Customer-specific notices must follow the notice clause and contacts stated in the signed Agreement.