Privacy by design. Checkify is built for age, identity, human, and eligibility verification with data minimisation at the core.
Proofs, not unnecessary copies. Businesses typically receive limited results—such as pass/fail, age threshold met, or verification level—rather than full identity documents.
On-device where possible. Sensitive checks are designed to happen on your device or through privacy-minimising processing, depending on the service used.
We do not sell personal data. We do not use verification, identity, device, or diagnostic data for third-party advertising or data-broker sales.
You stay in control. When you approve a verification request, you see what is being shared before it is sent to the requesting business.
Rights vary by country. Your privacy rights depend on where you live—the country addenda below explain local rules and complaint routes.
This summary is not a legal substitute for the full policy below.
1. Introduction
Checkify Technologies Ltd (“Checkify”, “we”, “us”, or “our”) provides a privacy-first verification platform used for age, identity, human verification, and eligibility checks. Our services help people prove what is true about them while reducing unnecessary sharing of sensitive personal information.
This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use Checkify websites, mobile apps, APIs, plugins, business dashboards, SDK integrations, and verification services (together, the “Services”).
This policy applies globally. Additional rights and obligations that apply in specific countries are set out in the Country-Specific Addenda below. If an addendum conflicts with this global policy for users in that country, the addendum applies to the extent required by applicable law.
By using the Services, you acknowledge that you have read this Privacy Policy. Where required by law, we will ask for your consent for specific processing activities.
Checkify is designed to be understandable without technical knowledge. In most cases, the flow works like this:
A business creates a verification request. A website, app, or in-person operator asks Checkify to verify something—such as whether a person is human, meets an age threshold, holds a certain identity assurance level, or satisfies an eligibility rule.
The user verifies through Checkify. The person completes the requested checks in the Checkify app or an embedded Checkify flow. Depending on the verification type, this may involve device checks, camera-based steps, document scanning, or other proofs configured for that request.
Checkify returns a limited result. Checkify typically returns a limited outcome to the requesting business—such as pass/fail, age threshold met, human verified, verification level achieved, or another configured proof result—rather than a full copy of the user’s identity vault.
The user approves what is shared. Where personal data or specific proofs are sent to a business, the user is shown what will be shared and must approve the request before disclosure, unless a different lawful basis and flow applies for that service.
Checkify is designed to avoid sharing full identity documents with businesses unless explicitly required for a specific service, legal obligation, security need, or configuration chosen by the business and permitted by the product.
Wherever possible, sensitive checks happen on the user’s device or through privacy-minimising processing so that businesses receive proofs or metadata rather than unnecessary raw identity artefacts.
3. Information We Collect
The exact information we collect depends on the product, country, verification type, and how a business configures its Checkify integration. We aim to collect only what is reasonably necessary for the Services. Categories may include:
Account details for business customers, such as business name, administrator name, email address, account identifiers, authentication records, team membership, and account status.
Contact details, such as email addresses, support messages, and communication preferences for users and business contacts.
Verification request metadata, such as request IDs, proof types requested, timestamps, outcomes, reference IDs, site or integration identifiers, and audit events linked to a verification flow.
Device and security information, such as device type, operating system version, app version, locale, IP address at the time of request, trusted-device identifiers, fraud-prevention signals, crash logs, and security logs.
Payment and billing information, such as billing contact details and Stripe customer records for business subscriptions. Payment card details are entered on Stripe’s hosted checkout pages and processed by Stripe—not stored in the Checkify app.
Limited verification evidence and results, such as verification status, confidence scores, proof outcomes, algorithm or method identifiers, and—where required for a specific service—document-derived fields or images that the user chooses to submit or that the configured flow requires.
Support messages and communications, including information you choose to send when contacting us for help, security reports, or account issues.
Because Checkify supports many verification types, not every category applies to every user or every transaction. Some sensitive information may remain on your device unless you approve sharing or a specific feature requires otherwise.
How we use information
We use personal information to:
Provide, operate, and improve the Services, including verification flows, proof requests, QR flows, dashboards, and integrations;
Authenticate users, protect accounts and devices, and prevent fraud or abuse;
Deliver notifications, support, troubleshooting, and service reliability;
Process business billing and manage subscriptions;
Comply with law, respond to lawful requests, and enforce our terms;
Maintain audit, security, and incident records where appropriate.
Sharing and service providers
We do not sell personal information. We may share limited information with service providers that help us operate the Services, such as cloud hosting, payment processing, push notification delivery, email, monitoring, and support tools, under appropriate confidentiality and security obligations.
Key providers we use include:
Render — Render — API and website hosting
Stripe — Stripe — payment processing for business billing
Google Firebase Cloud Messaging — Google Firebase Cloud Messaging — push notification delivery
Apple Push Notification service — Apple Push Notification service — push notification delivery on iOS
We can provide additional subprocessor details on request by contacting privacy@checkify.me.
Data retention
We retain information only for as long as reasonably necessary to provide the Services, maintain security and reliability, investigate abuse or incidents, resolve disputes, support users, and meet legal obligations.
Standard operational logs are typically retained for up to 90 days. We may retain security, fraud-prevention, audit, legal, or incident-related records for longer where justified. Information stored only on your device may remain there until you delete it, clear app data, or uninstall the app.
4. Information We Do Not Collect
Checkify is built around data minimisation and privacy by design. Depending on the service used, this means:
We do not aim to collect more personal information than is reasonably necessary for the verification or account function being performed.
We do not sell personal data.
We do not give businesses unnecessary copies of identity documents when a limited proof or result is sufficient for the configured verification.
We do not store identity documents, biometric templates, or raw biometric images on our servers unless required for a specific feature, legal compliance, security, fraud prevention, support, or an explicit user or business configuration permitted by the product.
Where possible, verification is based on limited proofs, metadata, or on-device processing rather than full document disclosure.
We also do not use personal data, identity data, photos, videos, selfie data, liveness data, device identifiers, usage data, or diagnostic data for third-party advertising tracking or data-broker sales.
Individual features, integrations, or regulated use cases may require additional data collection. When that happens, we aim to make the requirement clear in the product flow or business configuration.
5. International Transfers
Checkify may operate through Checkify Technologies Ltd in the United Kingdom and, where applicable, through local country entities, affiliates, or contracted service providers.
Personal information may be processed in countries where Checkify, its service providers, or infrastructure providers operate. Those countries may have different data protection laws from the country where you live.
Where personal information is transferred internationally, we use appropriate safeguards such as contractual protections, recognised transfer mechanisms, or other measures required by applicable law.
Country-specific rights, regulators, and complaint routes are described in the addenda below.
6. Security Measures
We use technical and organisational measures designed to protect personal information, including:
Encryption in transit for app, API, dashboard, and website traffic using TLS.
Access controls and least privilege so staff and systems can access only what they need to operate the Services.
Audit logging and monitoring for security events, verification activity, and operational troubleshooting, designed to minimise unnecessary personal data in logs.
Secure development practices, dependency review, and security-focused review of critical flows.
Incident response procedures to investigate, contain, and remediate suspected security incidents.
Supplier review for key infrastructure and service providers that process data on our behalf.
Our security programme is aligned with ISO 27001 information security management practices, and we are working towards ISO 27001 certification where appropriate for our operating model.
No method of transmission or storage is completely secure. We work to protect information and reduce unnecessary exposure, but we cannot guarantee absolute security.
7. User Rights
Depending on your location and the applicable addendum below, you may have some or all of the following rights:
Access the personal information we hold about you;
Correct inaccurate personal information;
Delete personal information, subject to legal exceptions;
Object to certain processing;
Restrict certain processing;
Request portability of information you provided to us in a structured, commonly used format, where applicable;
Withdraw consent where processing is based on consent;
Lodge a complaint with a privacy regulator.
Your rights vary by country and are explained further in the addenda below. Because Checkify is designed to minimise direct identity storage, some records may be linked to UUIDs, device identifiers, sessions, proof requests, or operational logs rather than obvious personal details. We may need additional information to locate relevant records and verify your request.
You may request deletion of your account and associated personal data by contacting privacy@checkify.me.
Where information is stored only on your device, deleting the app or clearing app data may remove that local information. We may retain limited records where required or justified for security, fraud prevention, legal compliance, dispute handling, support, or audit purposes.
Children
Checkify is not intended for children under the age where parental consent is required in their jurisdiction.
If you believe a child has used the Services without appropriate consent, contact us at privacy@checkify.me.
Country-Specific Addenda
The following addenda supplement the global policy for users and businesses in the listed regions. They do not replace the global policy unless applicable law requires otherwise.
8. United Kingdom
For users in the United Kingdom, Checkify Technologies Ltd is the data controller for personal information processed through the Services, unless we tell you otherwise for a specific product or contract.
UK processing is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Lawful bases may include performance of a contract, legitimate interests (such as security and fraud prevention), consent where required, and legal obligation.
UK data subject rights include access, rectification, erasure, restriction, objection, and data portability, subject to applicable exceptions.
Complaints may be made to the Information Commissioner’s Office (ICO) at ico.org.uk if you are unhappy with how we handle your information.
9. European Union
For users in the European Economic Area, Checkify processes personal information in accordance with the EU General Data Protection Regulation (EU GDPR).
Depending on the activity, we rely on lawful bases such as performance of a contract, legitimate interests, consent, and legal obligation.
EU data subjects may have rights of access, rectification, erasure, restriction, objection, and portability, subject to applicable exceptions.
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
You may lodge a complaint with your local supervisory authority in the EU member state where you live or work, or where the alleged infringement occurred.
10. Australia
For users in Australia, Checkify handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), where they apply to our activities.
You may request access to the personal information we hold about you and request correction of inaccurate information, subject to applicable exceptions.
If you have a complaint about how we handle personal information, contact us first so we can try to resolve it.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
11. Thailand
For users in Thailand, Checkify processes personal data in accordance with the Personal Data Protection Act B.E. 2562 (PDPA), where it applies to our activities.
We may rely on lawful bases such as consent, contract, legal obligation, legitimate interests, or other bases recognised under the PDPA, depending on the processing activity.
Subject to applicable exceptions, you may have rights to access, rectify, erase, restrict, object to, or withdraw consent for certain processing, and to request data portability where applicable.
If you believe your rights under the PDPA have been infringed, you may contact us first and, where applicable, lodge a complaint with the Personal Data Protection Committee or other competent Thai authority.
12. Canada
For users in Canada, Checkify handles personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), where it applies, and with applicable provincial privacy laws where relevant to our activities.
You may request access to personal information we hold about you and request correction of inaccurate information, subject to applicable exceptions.
If you have a privacy complaint, contact us first so we can review and respond.
You may also complain to the Office of the Privacy Commissioner of Canada at priv.gc.ca, or to a relevant provincial privacy commissioner where applicable.
13. United States
For users in the United States, privacy rights depend on federal law and the state where you live. Checkify does not represent that every GDPR-style right applies nationwide unless we specifically support that right for your request and location.
Where applicable state privacy laws apply—such as the California Consumer Privacy Act as amended by the CPRA—residents may have rights to know, access, delete, correct, or opt out of certain processing, subject to legal exceptions and the scope of the law.
We do not sell personal information as defined by applicable US state privacy laws, and we do not use personal information for cross-context behavioural advertising.
California residents may have additional rights regarding sensitive personal information and authorised agent requests, where applicable.
If you wish to exercise US privacy rights, contact us with enough information for us to verify your request and determine which state rules apply.
Changes to this policy
We may update this Privacy Policy from time to time. We will update the “Last updated” date above when changes are made.
If changes are material, we will provide additional notice where appropriate.
Contact us
Questions about this Privacy Policy or our privacy practices can be sent to: