'%3e%3cg%20id='Group_2'%20data-name='Group%202'%20transform='translate(0%200.086)'%3e%3cpath%20id='Path_2'%20data-name='Path%202'%20d='M1267.452,502.958c0-7.661,4.346-12.351,12.351-12.351,8.047,0,12.437,4.69,12.437,12.351V519.31h-6.972v-8h-11.017v8h-6.8Zm17.816,2.324v-2.324c0-3.873-1.679-5.9-5.508-5.9-3.787,0-5.508,2.023-5.508,5.9v2.324Z'%20transform='translate(-1267.452%20-490.607)'/%3e%3c/g%3e%3cg%20id='Group_3'%20data-name='Group%203'%20transform='translate(26.978%207.531)'%3e%3cpath%20id='Path_3'%20data-name='Path%203'%20d='M1341.062,521.937V510.92h6.455v11.017c0,3.357,1.635,4.777,4.045,4.777s4.045-1.42,4.045-4.777V510.92h6.455v11.017c0,7.144-4.218,10.8-10.5,10.8S1341.062,529.123,1341.062,521.937Z'%20transform='translate(-1341.062%20-510.92)'/%3e%3c/g%3e%3cg%20id='Group_4'%20data-name='Group%204'%20transform='translate(50.04)'%3e%3cpath%20id='Path_4'%20data-name='Path%204'%20d='M1403.99,510.77v-20.4h6.456V497.9h10.07v5.81h-10.07v7.058c0,2.238,1.033,2.926,2.452,2.926s2.453-.688,2.453-2.926v-.645h6.455v.645c0,6.068-3.615,8.951-8.908,8.951S1403.99,516.838,1403.99,510.77Z'%20transform='translate(-1403.99%20-490.372)'/%3e%3c/g%3e%3cg%20id='Group_5'%20data-name='Group%205'%20transform='translate(68.776%206.971)'%3e%3cpath%20id='Path_5'%20data-name='Path%205'%20d='M1455.11,520.583c0-6.455,4.733-11.189,11.447-11.189S1478,514.128,1478,520.583s-4.734,11.188-11.447,11.188S1455.11,527.038,1455.11,520.583Zm16.353,0c0-3.055-1.979-5.164-4.905-5.164s-4.906,2.109-4.906,5.164,1.98,5.164,4.906,5.164S1471.462,523.638,1471.462,520.583Z'%20transform='translate(-1455.11%20-509.394)'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_7'%20data-name='Group%207'%20transform='translate(94.042)'%3e%3crect%20id='Rectangle_1'%20data-name='Rectangle%201'%20width='42.838'%20height='42.838'%20rx='21.419'%20fill='%230a48ff'/%3e%3c/g%3e%3cg%20id='Group_13'%20data-name='Group%2013'%20transform='translate(100.19%2016.058)'%3e%3cg%20id='Group_9'%20data-name='Group%209'%20transform='translate(21.137)'%3e%3cg%20id='Group_8'%20data-name='Group%208'%3e%3cpath%20id='Path_6'%20data-name='Path%206'%20d='M1598.5,530a5.247,5.247,0,0,1,5.5-5.376,5.143,5.143,0,0,1,5.335,4.28h-3.143a2.273,2.273,0,0,0-2.192-1.385,2.485,2.485,0,0,0,0,4.963,2.274,2.274,0,0,0,2.192-1.385h3.143a5.142,5.142,0,0,1-5.335,4.28A5.247,5.247,0,0,1,1598.5,530Z'%20transform='translate(-1598.499%20-524.619)'%20fill='%23fff'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_10'%20data-name='Group%2010'%20transform='translate(10.504%200.328)'%3e%3cpath%20id='Path_7'%20data-name='Path%207'%20d='M1569.568,536.658h3.084c.309.678.843.946,1.83.946,1.357,0,1.953-.637,1.953-2.179v-1.007a2.9,2.9,0,0,1-2.529,1.357c-2.138,0-4.42-1.439-4.42-5.16v-5.1h3.084v5.1c0,1.6.782,2.282,1.933,2.282,1.11,0,1.932-.719,1.932-2.282v-5.1h3.084v9.807c0,3.536-2.262,4.955-5.037,4.955C1572.076,540.276,1570.082,539.166,1569.568,536.658Z'%20transform='translate(-1569.486%20-525.515)'%20fill='%23fff'/%3e%3c/g%3e%3cg%20id='Group_11'%20data-name='Group%2011'%20transform='translate(0%200.328)'%3e%3cpath%20id='Path_8'%20data-name='Path%208'%20d='M1540.825,525.515h3.084v4.276l3.228-4.276h3.824l-4.132,4.975,4.3,5.181h-3.906l-3.31-4.379v4.379h-3.084Z'%20transform='translate(-1540.825%20-525.515)'%20fill='%23fff'/%3e%3c/g%3e%3cg%20id='Group_12'%20data-name='Group%2012'%20transform='translate(17.453%209.231)'%3e%3cpath%20id='Path_9'%20data-name='Path%209'%20d='M1588.446,549.8'%20transform='translate(-1588.446%20-549.805)'%20fill='%23fff'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
'%3e%3cg%20id='Group_2'%20data-name='Group%202'%20transform='translate(0%200.086)'%3e%3cpath%20id='Path_2'%20data-name='Path%202'%20d='M1267.452,502.958c0-7.661,4.346-12.351,12.351-12.351,8.047,0,12.437,4.69,12.437,12.351V519.31h-6.972v-8h-11.017v8h-6.8Zm17.816,2.324v-2.324c0-3.873-1.679-5.9-5.508-5.9-3.787,0-5.508,2.023-5.508,5.9v2.324Z'%20transform='translate(-1267.452%20-490.607)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_3'%20data-name='Group%203'%20transform='translate(26.978%207.531)'%3e%3cpath%20id='Path_3'%20data-name='Path%203'%20d='M1341.062,521.937V510.92h6.455v11.017c0,3.357,1.635,4.777,4.045,4.777s4.045-1.42,4.045-4.777V510.92h6.455v11.017c0,7.144-4.218,10.8-10.5,10.8S1341.062,529.123,1341.062,521.937Z'%20transform='translate(-1341.062%20-510.92)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_4'%20data-name='Group%204'%20transform='translate(50.04)'%3e%3cpath%20id='Path_4'%20data-name='Path%204'%20d='M1403.99,510.77v-20.4h6.456V497.9h10.07v5.81h-10.07v7.058c0,2.238,1.033,2.926,2.452,2.926s2.453-.688,2.453-2.926v-.645h6.455v.645c0,6.068-3.615,8.951-8.908,8.951S1403.99,516.838,1403.99,510.77Z'%20transform='translate(-1403.99%20-490.372)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_5'%20data-name='Group%205'%20transform='translate(68.776%206.971)'%3e%3cpath%20id='Path_5'%20data-name='Path%205'%20d='M1455.11,520.583c0-6.455,4.733-11.189,11.447-11.189S1478,514.128,1478,520.583s-4.734,11.188-11.447,11.188S1455.11,527.038,1455.11,520.583Zm16.353,0c0-3.055-1.979-5.164-4.905-5.164s-4.906,2.109-4.906,5.164,1.98,5.164,4.906,5.164S1471.462,523.638,1471.462,520.583Z'%20transform='translate(-1455.11%20-509.394)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_7'%20data-name='Group%207'%20transform='translate(94.042)'%3e%3crect%20id='Rectangle_1'%20data-name='Rectangle%201'%20width='42.838'%20height='42.838'%20rx='21.419'%20fill='%234A73FF'/%3e%3c/g%3e%3cg%20id='Group_13'%20data-name='Group%2013'%20transform='translate(100.19%2016.058)'%3e%3cg%20id='Group_9'%20data-name='Group%209'%20transform='translate(21.137)'%3e%3cg%20id='Group_8'%20data-name='Group%208'%3e%3cpath%20id='Path_6'%20data-name='Path%206'%20d='M1598.5,530a5.247,5.247,0,0,1,5.5-5.376,5.143,5.143,0,0,1,5.335,4.28h-3.143a2.273,2.273,0,0,0-2.192-1.385,2.485,2.485,0,0,0,0,4.963,2.274,2.274,0,0,0,2.192-1.385h3.143a5.142,5.142,0,0,1-5.335,4.28A5.247,5.247,0,0,1,1598.5,530Z'%20transform='translate(-1598.499%20-524.619)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_10'%20data-name='Group%2010'%20transform='translate(10.504%200.328)'%3e%3cpath%20id='Path_7'%20data-name='Path%207'%20d='M1569.568,536.658h3.084c.309.678.843.946,1.83.946,1.357,0,1.953-.637,1.953-2.179v-1.007a2.9,2.9,0,0,1-2.529,1.357c-2.138,0-4.42-1.439-4.42-5.16v-5.1h3.084v5.1c0,1.6.782,2.282,1.933,2.282,1.11,0,1.932-.719,1.932-2.282v-5.1h3.084v9.807c0,3.536-2.262,4.955-5.037,4.955C1572.076,540.276,1570.082,539.166,1569.568,536.658Z'%20transform='translate(-1569.486%20-525.515)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_11'%20data-name='Group%2011'%20transform='translate(0%200.328)'%3e%3cpath%20id='Path_8'%20data-name='Path%208'%20d='M1540.825,525.515h3.084v4.276l3.228-4.276h3.824l-4.132,4.975,4.3,5.181h-3.906l-3.31-4.379v4.379h-3.084Z'%20transform='translate(-1540.825%20-525.515)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3cg%20id='Group_12'%20data-name='Group%2012'%20transform='translate(17.453%209.231)'%3e%3cpath%20id='Path_9'%20data-name='Path%209'%20d='M1588.446,549.8'%20transform='translate(-1588.446%20-549.805)'%20fill='%23E6E8EE'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Trust Center
Security
Security and privacy-by-design underpin every AutoKYC workflow. From zero-retention SDK defaults to immutable audit logs, we bake controls into the platform so your teams can evidence compliance quickly.
Latest penetration test
Completed 11 March 2024 by Cobalt.io
No critical findings; all medium findings remediated by 22 March 2024.
Certifications
ISO/IEC 27001:2022 • SOC 2 Type II (2024)
Reports and bridge letters available under NDA.
Platform architecture
AutoKYC runs as a multi-tenant SaaS platform with logical segregation between customers. Sensitive workloads (document storage, biometric processing, escalation queues) operate inside customer-specific projects with customer-managed encryption keys when required.
- Regional deployments in EU (Frankfurt), UK (London), and US (Iowa) with data residency enforced per tenant.
- Zero-trust network perimeter with service-to-service authentication via mTLS and short-lived SPIFFE identities.
- Immutable audit ledgers capturing workflow changes, analyst votes, and escalation decisions for seven years.
Application security
Our secure development lifecycle includes mandatory code review, dependency scanning, and continuous fuzz testing for high-sensitivity APIs.
- Static & dynamic analysis
- Git-based SAST and container scanning on every PR, plus nightly DAST scans of authenticated console flows.
- Secure SDLC
- Threat modeling workshops, pair programming on critical paths, and mandatory security sign-off before release.
Data protection & privacy
We design for principle of least privilege and minimisation across all datasets, including applicant PII, beneficial ownership structures, and biometrics.
- Encryption in transit (TLS 1.2 or higher) and at rest (AES-256) backed by hardware security modules.
- Customer-defined retention policies with automated purge jobs and evidentiary holds for regulator requests.
- Consent-aware SDKs that gate analytics and third-party scripts until end-users opt in.
For contractual commitments, see the Data Processing Addendum.
Access management
Internal access follows a strict separation-of-duties model with quarterly certification and real-time alerts on privilege escalations.
- Okta with hardware-backed MFA for all staff, enforced device compliance, and phishing-resistant WebAuthn.
- Break-glass procedures for incident response with dual approval and automated expiry after 12 hours.
- Case data access logged per analyst, including reason codes and supervisor approvals for escalations.
Business continuity & resilience
AutoKYC performs quarterly disaster recovery exercises and tabletop simulations for regulator audits.
- Point-in-time recovery for core data stores with 5-minute RPO and 30-minute RTO.
- Webhook delivery queues replicated across regions with graceful failover and replay controls.
- Managed services operate follow-the-sun coverage to preserve SLA commitments during localized disruptions.
Responsible disclosure
We welcome contributions from the security research community and commit to safe harbor for good-faith reports. Submit vulnerabilities to security@autokyc.com with details and reproduction steps.
- We acknowledge receipt within one business day and provide status updates every five business days.
- Rewards follow CVSS scoring and may include cash bounties or swag for high-impact submissions.
- Out-of-scope: social engineering, denial-of-service, or attacks on third-party services.
Request security artifacts
Need penetration test summaries, SOC 2 reports, or our supplier register? Reach out to trust@autokyc.com from your company domain and include your mutual NDA if available.