Privacy Policy

Account Information: When you create an account, we collect your name, email address, company name, phone number, and billing information.

Client Data: To provide our AML verification services, we process client data you submit, including names, addresses, identification documents, and verification results.

Usage Data: We automatically collect information about how you interact with our platform, including IP addresses, browser type, pages visited, and feature usage.

Integration Data: If you connect third-party services (e.g., Xero), we collect data necessary to provide the integration functionality.

We use your data to:

• Provide and maintain our AML compliance services
• Process identity verifications and screening checks
• Generate compliance reports and audit trails
• Communicate with you about your account and our services
• Improve our platform and develop new features
• Comply with legal and regulatory obligations
• Detect and prevent fraud or abuse

We may share your data with:

• Identity Verification Providers: To perform ID checks and biometric verification
• PEP/Sanctions Screening Services: To check against global watchlists
• Cloud Infrastructure Providers: To host and process data securely
• Payment Processors: To handle billing (Stripe)
• Integration Partners: Such as Xero, when you enable integrations
• Legal/Regulatory Bodies: When required by law or to protect our rights

We never sell your personal data to third parties.

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making: Request human review of automated decisions

To exercise any of these rights, contact us at privacy@certivus.com.

We retain your data for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active, plus 7 years after closure for regulatory compliance
• Verification Records: Retained for 5 years from the date of verification, as required by AML regulations
• Audit Logs: Retained for 7 years
• Marketing Data: Retained until you unsubscribe or request deletion

We implement robust security measures to protect your data:

• Encryption at rest (AES-256) and in transit (TLS 1.3)
• UK-based data centers with SOC 2 Type II certification
• ISO 27001 certified information security management
• Role-based access controls and audit logging
• Regular penetration testing by independent security firms
• Employee security training and background checks

We use cookies and similar technologies to:

• Essential Cookies: Required for the platform to function (authentication, security)
• Analytics Cookies: Help us understand how you use our platform
• Marketing Cookies: Used to deliver relevant content (with your consent)

You can manage cookie preferences through your browser settings. For more details, see our Cookie Policy.

If you have questions about this Privacy Policy or how we handle your data, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.