Data Processing Addendum
Last updated: June 9, 2026
This Addendum forms part of the Terms of Service and applies whenever we process personal data on behalf of a customer ("Controller").
Roles
The customer is the Controller; KYC Verification is the Processor. We will only process personal data on documented instructions.
Sub-processors
We maintain a list of approved sub-processors and provide 30 days notice of any changes.
International transfers
Where data is transferred outside the EEA, we rely on Standard Contractual Clauses and supplementary measures.
Security measures
Encryption, access controls, network segregation, audit logging, and incident response, aligned to ISO 27001.
Audit rights
Controllers may request annual audit reports and SOC summaries under NDA.