'%3e%3cg%20id='Group_2'%20data-name='Group%202'%20transform='translate(0%200.086)'%3e%3cpath%20id='Path_2'%20data-name='Path%202'%20d='M1267.452,502.958c0-7.661,4.346-12.351,12.351-12.351,8.047,0,12.437,4.69,12.437,12.351V519.31h-6.972v-8h-11.017v8h-6.8Zm17.816,2.324v-2.324c0-3.873-1.679-5.9-5.508-5.9-3.787,0-5.508,2.023-5.508,5.9v2.324Z'%20transform='translate(-1267.452%20-490.607)'/%3e%3c/g%3e%3cg%20id='Group_3'%20data-name='Group%203'%20transform='translate(26.978%207.531)'%3e%3cpath%20id='Path_3'%20data-name='Path%203'%20d='M1341.062,521.937V510.92h6.455v11.017c0,3.357,1.635,4.777,4.045,4.777s4.045-1.42,4.045-4.777V510.92h6.455v11.017c0,7.144-4.218,10.8-10.5,10.8S1341.062,529.123,1341.062,521.937Z'%20transform='translate(-1341.062%20-510.92)'/%3e%3c/g%3e%3cg%20id='Group_4'%20data-name='Group%204'%20transform='translate(50.04)'%3e%3cpath%20id='Path_4'%20data-name='Path%204'%20d='M1403.99,510.77v-20.4h6.456V497.9h10.07v5.81h-10.07v7.058c0,2.238,1.033,2.926,2.452,2.926s2.453-.688,2.453-2.926v-.645h6.455v.645c0,6.068-3.615,8.951-8.908,8.951S1403.99,516.838,1403.99,510.77Z'%20transform='translate(-1403.99%20-490.372)'/%3e%3c/g%3e%3cg%20id='Group_5'%20data-name='Group%205'%20transform='translate(68.776%206.971)'%3e%3cpath%20id='Path_5'%20data-name='Path%205'%20d='M1455.11,520.583c0-6.455,4.733-11.189,11.447-11.189S1478,514.128,1478,520.583s-4.734,11.188-11.447,11.188S1455.11,527.038,1455.11,520.583Zm16.353,0c0-3.055-1.979-5.164-4.905-5.164s-4.906,2.109-4.906,5.164,1.98,5.164,4.906,5.164S1471.462,523.638,1471.462,520.583Z'%20transform='translate(-1455.11%20-509.394)'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_7'%20data-name='Group%207'%20transform='translate(94.042)'%3e%3crect%20id='Rectangle_1'%20data-name='Rectangle%201'%20width='42.838'%20height='42.838'%20rx='21.419'%20fill='%230a48ff'/%3e%3c/g%3e%3cg%20id='Group_13'%20data-name='Group%2013'%20transform='translate(100.19%2016.058)'%3e%3cg%20id='Group_9'%20data-name='Group%209'%20transform='translate(21.137)'%3e%3cg%20id='Group_8'%20data-name='Group%208'%3e%3cpath%20id='Path_6'%20data-name='Path%206'%20d='M1598.5,530a5.247,5.247,0,0,1,5.5-5.376,5.143,5.143,0,0,1,5.335,4.28h-3.143a2.273,2.273,0,0,0-2.192-1.385,2.485,2.485,0,0,0,0,4.963,2.274,2.274,0,0,0,2.192-1.385h3.143a5.142,5.142,0,0,1-5.335,4.28A5.247,5.247,0,0,1,1598.5,530Z'%20transform='translate(-1598.499%20-524.619)'%20fill='%23fff'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_10'%20data-name='Group%2010'%20transform='translate(10.504%200.328)'%3e%3cpath%20id='Path_7'%20data-name='Path%207'%20d='M1569.568,536.658h3.084c.309.678.843.946,1.83.946,1.357,0,1.953-.637,1.953-2.179v-1.007a2.9,2.9,0,0,1-2.529,1.357c-2.138,0-4.42-1.439-4.42-5.16v-5.1h3.084v5.1c0,1.6.782,2.282,1.933,2.282,1.11,0,1.932-.719,1.932-2.282v-5.1h3.084v9.807c0,3.536-2.262,4.955-5.037,4.955C1572.076,540.276,1570.082,539.166,1569.568,536.658Z'%20transform='translate(-1569.486%20-525.515)'%20fill='%23fff'/%3e%3c/g%3e%3cg%20id='Group_11'%20data-name='Group%2011'%20transform='translate(0%200.328)'%3e%3cpath%20id='Path_8'%20data-name='Path%208'%20d='M1540.825,525.515h3.084v4.276l3.228-4.276h3.824l-4.132,4.975,4.3,5.181h-3.906l-3.31-4.379v4.379h-3.084Z'%20transform='translate(-1540.825%20-525.515)'%20fill='%23fff'/%3e%3c/g%3e%3cg%20id='Group_12'%20data-name='Group%2012'%20transform='translate(17.453%209.231)'%3e%3cpath%20id='Path_9'%20data-name='Path%209'%20d='M1588.446,549.8'%20transform='translate(-1588.446%20-549.805)'%20fill='%23fff'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
'%3e%3cg%20id='Group_2'%20data-name='Group%202'%20transform='translate(0%200.086)'%3e%3cpath%20id='Path_2'%20data-name='Path%202'%20d='M1267.452,502.958c0-7.661,4.346-12.351,12.351-12.351,8.047,0,12.437,4.69,12.437,12.351V519.31h-6.972v-8h-11.017v8h-6.8Zm17.816,2.324v-2.324c0-3.873-1.679-5.9-5.508-5.9-3.787,0-5.508,2.023-5.508,5.9v2.324Z'%20transform='translate(-1267.452%20-490.607)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_3'%20data-name='Group%203'%20transform='translate(26.978%207.531)'%3e%3cpath%20id='Path_3'%20data-name='Path%203'%20d='M1341.062,521.937V510.92h6.455v11.017c0,3.357,1.635,4.777,4.045,4.777s4.045-1.42,4.045-4.777V510.92h6.455v11.017c0,7.144-4.218,10.8-10.5,10.8S1341.062,529.123,1341.062,521.937Z'%20transform='translate(-1341.062%20-510.92)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_4'%20data-name='Group%204'%20transform='translate(50.04)'%3e%3cpath%20id='Path_4'%20data-name='Path%204'%20d='M1403.99,510.77v-20.4h6.456V497.9h10.07v5.81h-10.07v7.058c0,2.238,1.033,2.926,2.452,2.926s2.453-.688,2.453-2.926v-.645h6.455v.645c0,6.068-3.615,8.951-8.908,8.951S1403.99,516.838,1403.99,510.77Z'%20transform='translate(-1403.99%20-490.372)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_5'%20data-name='Group%205'%20transform='translate(68.776%206.971)'%3e%3cpath%20id='Path_5'%20data-name='Path%205'%20d='M1455.11,520.583c0-6.455,4.733-11.189,11.447-11.189S1478,514.128,1478,520.583s-4.734,11.188-11.447,11.188S1455.11,527.038,1455.11,520.583Zm16.353,0c0-3.055-1.979-5.164-4.905-5.164s-4.906,2.109-4.906,5.164,1.98,5.164,4.906,5.164S1471.462,523.638,1471.462,520.583Z'%20transform='translate(-1455.11%20-509.394)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_7'%20data-name='Group%207'%20transform='translate(94.042)'%3e%3crect%20id='Rectangle_1'%20data-name='Rectangle%201'%20width='42.838'%20height='42.838'%20rx='21.419'%20fill='%234A73FF'/%3e%3c/g%3e%3cg%20id='Group_13'%20data-name='Group%2013'%20transform='translate(100.19%2016.058)'%3e%3cg%20id='Group_9'%20data-name='Group%209'%20transform='translate(21.137)'%3e%3cg%20id='Group_8'%20data-name='Group%208'%3e%3cpath%20id='Path_6'%20data-name='Path%206'%20d='M1598.5,530a5.247,5.247,0,0,1,5.5-5.376,5.143,5.143,0,0,1,5.335,4.28h-3.143a2.273,2.273,0,0,0-2.192-1.385,2.485,2.485,0,0,0,0,4.963,2.274,2.274,0,0,0,2.192-1.385h3.143a5.142,5.142,0,0,1-5.335,4.28A5.247,5.247,0,0,1,1598.5,530Z'%20transform='translate(-1598.499%20-524.619)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_10'%20data-name='Group%2010'%20transform='translate(10.504%200.328)'%3e%3cpath%20id='Path_7'%20data-name='Path%207'%20d='M1569.568,536.658h3.084c.309.678.843.946,1.83.946,1.357,0,1.953-.637,1.953-2.179v-1.007a2.9,2.9,0,0,1-2.529,1.357c-2.138,0-4.42-1.439-4.42-5.16v-5.1h3.084v5.1c0,1.6.782,2.282,1.933,2.282,1.11,0,1.932-.719,1.932-2.282v-5.1h3.084v9.807c0,3.536-2.262,4.955-5.037,4.955C1572.076,540.276,1570.082,539.166,1569.568,536.658Z'%20transform='translate(-1569.486%20-525.515)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_11'%20data-name='Group%2011'%20transform='translate(0%200.328)'%3e%3cpath%20id='Path_8'%20data-name='Path%208'%20d='M1540.825,525.515h3.084v4.276l3.228-4.276h3.824l-4.132,4.975,4.3,5.181h-3.906l-3.31-4.379v4.379h-3.084Z'%20transform='translate(-1540.825%20-525.515)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_12'%20data-name='Group%2012'%20transform='translate(17.453%209.231)'%3e%3cpath%20id='Path_9'%20data-name='Path%209'%20d='M1588.446,549.8'%20transform='translate(-1588.446%20-549.805)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Privacy Policy
Understand how AutoKYC collects, uses, and protects personal data across our SaaS platform and managed KYC/KYB services.
Last updated: 24 May 2024
AutoKYC provides a SaaS orchestration platform and managed onboarding operations to regulated institutions. We designed the platform to minimise personal data, maintain explicit audit trails, and respect the rights of individuals subject to onboarding, ongoing due diligence (ODD), and enhanced due diligence (EDD) workflows.
1. Data controller and contact
AutoKYC Technologies Ltd. (AutoKYC, we, us) acts as:
- Processor when delivering SaaS capabilities on behalf of customers;
- Sub-processor for managed operations partners that contract directly with the customer; and
- Controller for our marketing website and product analytics once consent is granted.
Questions, privacy requests, or security disclosures can be sent to privacy@autokyc.com or by post to our registered office at 5 New Street Square, London EC4A 3TW, United Kingdom.
2. Personal data we process
| Scenario | Categories processed | Retention |
|---|---|---|
| SaaS onboarding flows | Identification details, device metadata, consent states, document images (when configured) | Five years or shorter in line with customer policy |
| Managed operations | Case artefacts, analyst annotations, escalations, audit notes | As instructed by the customer; default 7 years |
| Platform telemetry | Pseudonymised usage data, API metrics, performance events | 18 months |
| Marketing website | Cookie identifiers (after consent), form submissions, newsletter preferences | Until consent is withdrawn or 24 months of inactivity |
We avoid storing biometric templates. When required for jurisdictional compliance, templates are encrypted client-side and retained only for the minimal legal term.
3. Purposes and lawful bases
- Contract performance – Provision of SaaS features, SDKs, and managed operations activity.
- Legal obligation – Record retention for AML regulations, cooperative engagement with competent authorities.
- Legitimate interest – Service hardening, threat detection, product telemetry in a pseudonymised state.
- Consent – Marketing communications, optional analytics, recruitment pipelines.
We document lawful bases in the customer-specific Data Processing Addendum (DPA), and configurability inside the platform ensures the customer can align with local regulators.
4. Sharing and international transfers
AutoKYC only shares data with:
- Customer-selected data providers (identity, AML, sanctions, business registries);
- Infrastructure partners (Cloudflare, AWS, Snowflake) under data processing agreements;
- Managed operations facilities that adhere to ISO 27001, SOC 2 Type II, and regional labour requirements.
Cross-border transfers rely on Standard Contractual Clauses (2021/914/EU), UK IDTA addendums, and Transfer Impact Assessments. Customers can request region locking for data storage and case handling.
5. Security and privacy by design
- Transport encryption via TLS 1.2+ and HTTPS Strict Transport Security (HSTS).
- Encryption at rest (AES-256) with envelope key management and quarterly rotation.
- Fine-grained roles with least privilege, enforced MFA, and time-bound access for support staff.
- Immutable audit logs covering API calls, rule changes, analyst actions, and exports.
- Data minimisation tooling such as selective redaction, timed retention, and access attestations.
AutoKYC maintains ISO 27001 certification and completes annual SOC 2 Type II audits covering both SaaS and managed services.
6. Data subject rights
Individuals can:
- Access the personal data processed about them;
- Correct inaccuracies;
- Delete data when legal grounds allow;
- Restrict processing under certain conditions;
- Object to processing carried out on legitimate interest grounds; and
- Port data provided to us in a structured format.
Requests are logged in our privacy portal and forwarded to the relevant customer when AutoKYC acts as a processor. We respond within one calendar month, or faster when local regulations require.
7. Children’s data
AutoKYC is not designed for individuals under 16. Where customers onboard youth products, they must confirm lawful bases and parental consent. AutoKYC enforces consent checkpoints and age-specific workflows.
8. Changes to this policy
We review the policy at least once per year. Material updates trigger a changelog entry, email notifications to administrators, and updated DPAs. Continued use of the services constitutes acceptance of the revised policy.
If you have questions about this policy or need to exercise your rights, email privacy@autokyc.com or open a request in the Legal Center. Our team acknowledges every request within two business days.