Global Privacy Policy
Effective date: April 30, 2026
Versions: Spanish (Mexico) | French (Canada) | Portuguese (Brazil) | German | Italian
Welcome. This Global Privacy Policy relates to Socure Inc. (collectively, “Socure,” “we,” “us,” or “our”), a platform providing digital identity verification and fraud prevention products and services (the “Services”), and describes How Socure Works, the Personal Information We Collect (and the Sources), our Cookie Policy, Where We Store And Transfer Your Personal Information, How We Use Your Personal Information, How We Disclose Your Personal Information, How Long We Retain Your Personal Information, How We Protect Your Personal Information, our Lawful Bases for Processing, Your Data Rights, How to Exercise Your Data Rights, and How to Contact Us. This Global Privacy Policy applies when we verify your identity on behalf of our Customers and prospects (collectively “Customers”) or on our own behalf, such as when deriving insights and network/graph-based risk intelligence, when verifying a Data Rights Request, when we market and sell our Services to you, and when you visit and engage with us in person or online, across our websites and digital content (the “Sites”).
Subject to applicable law, we may update this Global Privacy Policy from time to time by publishing a new version on this website. Socure also maintains a DocV Privacy Notice that applies specifically to Socure’s predictive document verification product (“DocV”). If our Customers use DocV and our other services, both policies apply. (If you’re not sure which services our Customers use, ask them!)
How Socure Works
Socure is a platform that provides digital identity verification and fraud prevention, including compliance and sanctions screening, services to Customers, who provide us with your personal information so we can verify your identity and prevent fraud. Socure uses profiling of your behavioral data, predictive analytics, artificial intelligence, and machine learning to assess the information we receive from you, our Customers, and our data sources to answer a number of questions relating to identity verification and fraud prevention, such as:
- Does this identity actually exist?
- Have we seen this identity before?
- Does the identity belong to the person who provided it?
- What fraud risks are associated with the identity?
Socure generally provides verification results, scores, signals, and recommendations to Customers, and our Customers decide whether and how to use those outputs in connection with a transaction. Socure does not by itself approve or deny the underlying consumer transaction on the Customer’s behalf unless expressly stated for a specific product or service.
While Socure generally provides Services to Customers rather than directly to consumers, you may interact directly with Socure in connection with DocV, described above, Digital Intelligence, a service using device, browser, and network information to assess risk, or Socure Passport, which is a business-to-business-to-consumer reusable identity wallet service where you hold an account but the Services are paid for by our Customers. This means that Socure often processes your personal information based on the request of our Customers, who may need to assess risks associated with an online transaction, like opening a bank account, wiring money, placing a bet on a sporting event, or updating the contact information in your account.
Some Customers use our Socure RiskOS® decision engine and orchestration platform to configure workflows that call Services and/or third‑party services. Where a Customer enables a third‑party service in a workflow, Socure may transmit personal information to and/or receive personal information from that third party at the Customer’s direction to execute the workflow and return results to the Customer. Those third parties (“Customer-Enabled Integration Partners”) process personal information under their own privacy practices and agreements with our Customer.
Our Customers decide: (a) whether and for what reason(s) your information is provided to Socure, (b) which elements of personal information we collect and analyze on their behalf, (c) which alternative verification methods are available, and (d) whether and under what circumstances to accept, review, or reject a particular transaction. However, Socure may also create and use Socure Passport features, derived insights (including insights across our consortium of customers) and maintain network/graph-based risk intelligence for fraud prevention, security/integrity, and improvement purposes as described in this Policy, which Socure determines and operates independently of Customer instructions.
Socure’s role depends on the processing activity; the table below summarizes when Socure acts as a processor versus an independent controller.
Processing activity |
Examples |
Socure’s role |
Customer’s role |
| Processing on behalf of our Customers to provide the Services | Receiving personal information for a transaction; generating verification results, risk scores, and reason codes | Processor | Controller |
| Processing to create & maintain your Socure Passport account | Controller | Controller for their own activities & decisions | |
| Socure’s derived insights and network/graph-based risk intelligence | Creating and using derived insights (including across our consortium of customers) and network/graph-based risk intelligence for fraud prevention, security/integrity, and improvement purposes | Controller | Controller for their own activities and decisions (including what personal information is provided to Socure) |
| Data rights request verification & response | Authenticating requesters; responding to privacy rights requests submitted to Socure | Controller | Controller for requests submitted to the Customer |
Derived insights and network/graph-based risk intelligence may be created by incorporating personal information provided for transaction processing, but are processed by Socure for the independent purposes described in this Policy.
Personal Information We Collect (and the Sources)
Socure may collect personal information about you from our Customers or prospects, from your device, from you, from data vendors, and/or from our Third-Party Service Providers. The categories of personal information we collect in connection with the Services we provide our Customers are outlined below, together with information about the sources.
Chart A summarizes the categories of personal information Socure collects about individuals whose identities we verify on behalf of our Customers where we act as a Processor. Separately, Socure may process derived insights and network/graph-based risk intelligence as a Controller as described in this Global Privacy Policy. Socure also acts as a Controller when verifying a Data Rights Request. Chart B summarizes the personal information Socure collects about individuals who work for our Customers and prospects where we act as a Controller.
CHART A – PERSONAL INFORMATION SOCURE USES FOR IDENTITY VERIFICATION AND FRAUD PREVENTION
Categories of Personal Information Collected |
Sources of Information Collected |
| Identifiers, such as legal name, alias or nickname, mailing or physical address, email address, telephone number, social security number, driver’s license or state identification card number, national identification number, credit file number (Canada), social insurance number (SIN-Canada), passport or other government-issued identity document number, death records, wallet addresses, or other similar identifiers. | Customers may provide this information to Socure in connection with a specific transaction.
You may provide this information to Socure in connection with a specific DocV or Socure Passport transaction. Data Vendors may provide this information to Socure. |
| Financial Account and Transaction Information, including routing, account and credit card information, transaction history, details relating to your transactions with our Customers, including case management records, dispute and account histories, closure status, and data breach-related information. | Customers may provide this information to Socure in connection with a specific transaction.
You may provide this information to Socure in connection with a specific DocV transaction. Data Vendors may provide this information to Socure. |
| Identity Documents and Images, including selfies and government-issued or other identity documents, the information contained within those documents (e.g., date of birth), and metadata about the images such as the image EXIF, and time of image capture and/or upload. | Customers may provide this information to Socure in connection with a specific DocV transaction.
You provide this information to Socure in connection with a specific DocV or Socure Passport transaction. |
| Additional Documents requested of you by Socure’s Customer for identity verification purposes, such as bank or utility statements. | You provide this information to Socure in connection with a specific transaction with our Customer. |
| Biometric information, such as facial landmarks (coordinates of corners of eyes and mouth, tip of nose or chin) and facial embeddings (vector representation of facial features) derived from the facial photographs on your government-issued identity document and/or selfie. | You provide this information to Socure in connection with a specific DocV transaction, including when it is part of the Socure Passport experience.
Third-Party Service Providers used to extract biometric information from your photographs may provide this information to Socure. |
| Device, Browser, and Network Information, including Geolocation Data, such as Global Positioning System (GPS) coordinates, Internet Protocol (IP) address, unique device identifier, device serial number, device type, device make and model, device operating system, mobile carrier, online identifier, SIM swap activity, language and time zone settings, referrer URL, and other information about the browsers, network, and devices you use when interacting with Socure. | You and Your Device may automatically provide this information to Socure, if you have enabled such collection in your device settings, in connection with a specific transaction or when you interact with our Customers’ apps or websites.
Data Vendors may provide this information to Socure. |
| Behavioral data and inferences about how you typically interact with your device during a session, including session timing, which components of our and our Customers’ app or website you interact with, and how quickly you capture your photos or click submit. | You and Your Device may automatically provide this information to Socure, if you have enabled such collection in your device settings, in connection with a specific DocV or Socure Passport transaction, or when you interact with our Customers’ apps or websites. |
| Characteristics of protected classifications, such as age, sex, apparent gender, immigration status, race, apparent skin color, and national origin. | Customers may provide this information to Socure in connection with a specific transaction or to support fairness in outcomes and bias testing.
You provide this information to Socure in connection with a specific DocV transaction, including when it is part of the Socure Passport experience. Socure may infer this information about you. |
| Verification Results and Risk Insights, such as derived insights (including insights across our consortium of customers), verification results, risk scores, reason codes, and recommendations. Socure may process certain risk insights and derived signals as an independent controller where permitted by law and as described below. | Socure may generate this information based on processing the personal information described in this chart.
When our Customers use Customer-Enabled Integration Partners within a workflow, these partners may return information to Socure for a specific transaction after processing the personal information detailed in this chart. |
CHART B – PERSONAL INFORMATION SOCURE USES FOR SALES AND MARKETING TO CUSTOMERS
Categories of Personal Information Collected |
Sources of Information Collected |
| Identifiers, such as legal name, alias or nickname, mailing or residence address, email address, or other similar identifiers. | You, the Customers may provide this information to Socure when you engage with Socure via the Sites.
Data vendors and Third-Party Service Providers may provide this information to Socure. |
| Commercial Information, such as information about your company, including IP address, information about which Socure Services you purchase or inquire about, chatbot transcripts, your engagement history with Socure’s website and with our general marketing efforts, such as webinars you attend, and which Socure content you download. | You provide this information to Socure when you engage with Socure via the Sites or via in-person or virtual events.
Data Vendors and Third-Party Service Providers may provide this information to Socure. |
| Browser and Network Information, including Geolocation Data, such as Internet Protocol (IP) address, language and time zone settings, referrer URL, and other information about the browsers and network you use when interacting with the Sites. | You provide this information to Socure when you engage with Socure via the Sites or via in-person or virtual events.
Data Vendors and Third-Party Service Providers may provide this information to Socure. |
| Behavioral data and inferences about how you typically interact with the Sites and marketing content during a session, including session timing, pages viewed, links clicked, content downloads, webinar attendance, and similar engagement information. | You provide this information to Socure when you engage with Socure via the Sites or via in-person or virtual events.
Data Vendors and Third-Party Service Providers may provide this information to Socure. |
| Communication Content, such as the communications you have with Socure and our Services, including interaction with our chatbots. | You provide this information to Socure when you engage with Socure via the Sites or via in-person or virtual events. |
California Residents: Under the California Consumer Privacy Act (CCPA), we’re required to let you know that information described above may also fall under these categories: Personal Information Categories Listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)); Internet or Other Electronic Network Activity Information; Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information; Inferences; and Sensitive Personal Information. In addition, California uses different terms to describe equivalent concepts in other laws. Please reference the chart below to see the equivalent terms used.
California Term |
Term Used |
| Business | Controller |
| Service Provider | Processor |
Cookie Policy
Our Sites use cookies to enhance your browsing experience and provide personalized services. This policy explains what cookies are, how we use them, and your choices regarding their use. We use necessary cookies to operate the Sites. Where required by applicable law, we will ask for your consent before placing non-essential cookies, including analytics and marketing cookies. You can manage your cookie preferences through our cookie settings tool and, where applicable, by using recognized opt-out preference signals.
What are Cookies? Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site.
Types of Cookies We Use – Socure uses four types of cookies when you visit the Sites:
- Necessary Cookies: These cookies are essential for the website to function properly. They enable basic features such as page navigation and access to secure areas of the website.
- Preferences Cookies: Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
- Statistics/Analytics Cookies: These cookies help us understand how visitors interact with the Sites by collecting and reporting information anonymously. They allow us to measure and improve the performance of the Sites. (4) Marketing Cookies: These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
- Third-Party Cookies – The Sites use third-party cookies for marketing and analytics purposes. These third parties may collect information about your online activities over time and across different websites.
Managing Cookies – You can control and/or delete cookies as you wish. For details, please visit http://aboutcookies.org. You can delete all cookies that are already on your computer and set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences every time you visit a site, and some website functionality may not work.
Where We Store and Transfer Your Personal Information
Socure stores your personal information in the United States. If you are not already located in the United States, your personal information may be transferred to and processed in the United States. Where Socure uses Third-Party Service Providers, they may process personal information in the United States and other jurisdictions. Where required by applicable law, Socure implements appropriate safeguards for cross-border transfers, including the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms, together with supplementary measures where appropriate.
How We Use Your Personal Information
We use your personal information in accordance with law and our Customer contracts to:
- perform identity verification and fraud prevention services on behalf of our Customers;
- provide, maintain, and enable sharing of the data in your Socure Passport account;
- help ensure the security and integrity of the Services;
- identify and repair errors that impair existing or intended Services functionality or performance;
- conduct internal research to develop, improve, test, or repair Services or related services or technology; and
- create, maintain, and improve derived insights and network/graph-based risk intelligence (including across our consortium of customers) to support fraud prevention, identity verification, and security/integrity.
Where permitted or required by law, Socure may also use your personal information to:
- comply with federal, state, or local laws, rules, or regulations, such as by verifying and fulfilling data rights requests;
- comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities;
- cooperate with law enforcement agencies concerning conduct or activity that we or our Customers reasonably and in good faith believe may violate federal, state, local, or international laws, rules, or regulations;
- investigate, establish, exercise, prepare for, or defend legal claims; and/or
- perform internal operations aligned with your reasonable expectations or otherwise compatible with processing your personal information in our provision of the Services.
Socure’s use of biometric information does not meet the definition of “consumer health data” for purposes of U.S. state health privacy laws, including because the personal information is used to prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities.
Socure does not market or advertise directly to consumers in connection with our provision of Services to our Customers. However, if you engage with certain content on the Sites, such as demo or trial systems, white papers, webinars, or our chatbot, you may receive marketing or advertising communications from Socure in accordance with this Privacy Policy.
How We Disclose Your Personal Information
The following table describes the recipients to whom Socure may disclose your personal information in connection with the Services, the purposes for the disclosure, and the categories of personal information disclosed.
Chart A summarizes how Socure discloses your personal information for identity verification and fraud prevention where we act as a Processor. Separately, Socure may process personal information as a Controller as described in this Global Privacy Policy. Socure also acts as a Controller when verifying Data Rights Requests. Chart B summarizes how Socure discloses your personal information for sales and marketing to Customers where we act as a Controller.
CHART A – PERSONAL INFORMATION SOCURE DISCLOSES FOR IDENTITY VERIFICATION AND FRAUD PREVENTION
Recipients of Personal Information and Purpose(s) for Disclosure |
Categories of Personal Information Disclosed |
| Customers may receive your personal information for the purpose of verifying your identity and preventing fraud. |
|
| Third-Party Service Providers may receive your personal information for the purpose of: (a) supporting Socure’s provision of the Services; and/or (b) storing information in the cloud. |
|
| Customer‑Enabled Integration Partners may receive your personal information for the purpose of executing Customer-configured workflows (which may include identity verification, fraud prevention, or compliance checks) and returning results to our Customer. |
|
| Corporate Subsidiaries and Affiliates may receive your personal information for the purpose of: (a) supporting Socure’s provision of the Services; (b) internal research, such as studying fraud and identity trends over time; (c) performing bias and fairness testing; and/or (c) training, development, validation, and/or improvement of machine learning models. |
|
CHART B – PERSONAL INFORMATION SOCURE DISCLOSES FOR SALES AND MARKETING TO CUSTOMERS
Recipients of Personal Information and Purpose(s) for Disclosure |
Categories of Personal Information Disclosed |
| Third-Party Service Providers may receive your personal information for the purpose of: (a) supporting Socure’s efforts to market and sell the Services to Customers; (b) storing information in the cloud; and/or (c) training, development, validation, and/or improvement of machine learning models. |
|
| Corporate Subsidiaries and Affiliates may receive your personal information for the purpose of: (a) supporting Socure’s provision of the Services; (b) internal research, such as studying fraud and identity trends over time; (c) performing bias and fairness testing; and/or (c) training, development, validation, and/or improvement of machine learning models. |
|
Targeted Advertising. Socure does not market or advertise directly to consumers in connection with our provision of Services to our Customers. Any targeted advertising described in this Policy relates to visitors to our Sites and business-contact marketing activities, not to personal information processed solely to provide identity verification and fraud prevention services on behalf of our Customers. Please review our Cookie Policy above for information about the cookies we use when you visit the Sites. To the extent we use Third-Party Service Providers to assist us with targeted (i.e. cross-contextual behavioral) advertising, these providers are contractually restricted to process the information solely on our behalf as our service providers, and may not use the data for their own independent purposes. We may disclose to them your identifiers, professional or employment-related information, and/or personal information categories listed in the California Customer Records statute, alone or in combination with information from other sources (like our data vendors and offline customer data), and they may use various tracking technologies.
No Selling or Sharing. Socure does not sell or share, and has not sold or shared in the preceding 12 months, any personal information (including biometric data or other personal information), as those terms are defined by applicable law. Socure also does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age, as defined by applicable law. Socure does not disclose sensitive personal information for purposes other than those specified in section 7027(m) of the California Consumer Privacy Act Regulations.
How Long We Retain Your Information
We have seen some fraudsters create hundreds of fake identity documents and selfies over time. Accordingly, Socure analyzed the predictive value of your personal information in identity verification and ongoing fraud prevention, and Chart A summarizes Socure’s maximum retention periods for personal information collected and used in providing the Services to our Customers where we act as a Processor. Chart B summarizes how long Socure retains your personal information for sales and marketing to Customers where we act as a Controller.
CHART A – MAXIMUM RETENTION PERIOD FOR PERSONAL INFORMATION SOCURE USES FOR IDENTITY VERIFICATION AND FRAUD PREVENTION
Categories of Personal Information |
Retention Period |
| Identifiers | No more than 7 years from collection |
| Financial Account and Transaction Information | No more than 7 years from collection |
| Biometric information | No more than 3 years from your last interaction with Socure |
| Characteristics of protected classifications | No more than 3 years from your last interaction with Socure |
| Device, Browser, and Network Information, including Geolocation Data | No more than 7 years from collection |
| Behavioral data and inferences about how you typically interact with your device during a session | No more than 7 years from collection |
| Identity Documents and Images | No more than 3 years from your last interaction with Socure |
| Additional Documents | No more than 7 years from collection |
| Verification Results and Risk Insights | No more than 7 years from derivation or generation |
CHART B – MAXIMUM RETENTION PERIOD FOR PERSONAL INFORMATION SOCURE USES FOR SALES AND MARKETING TO CUSTOMERS
Identifiers |
As long as you are a customer of Socure, and thereafter for 5 years |
| Commercial Information | As long as you are a customer of Socure, and thereafter for 5 years |
| Browser and Network Information, including Geolocation Data | No longer than 25 months from collection |
| Behavioral data and inferences about how you typically interact with the Sites during a session | No longer than 25 months from collection |
| Communication Content | As long as you are a customer of Socure, and thereafter for 5 years |
Your personal information may be retained for a shorter period of time than outlined above if deletion is required by law or contract, or if the purpose for which that information was collected has expired.
Special Notice re Data Rights Requests: Personal information used to verify your identity in connection with your exercise of a data rights request will be deleted within 7 days of verification. Records of your request to exercise your data rights, and our compliance with our fulfillment obligations, are maintained in accordance with applicable law.
How We Protect Your Information
Socure uses commercially reasonable physical, electronic, and procedural safeguards to protect information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction, in accordance with applicable law, and we require our Customers and Third-Party Service Providers to do the same. Biometric information receives the same rigorous privacy and security protections as other sensitive personal information. This includes encryption in transit and at rest, strict access controls, data minimization, and data governance procedures. Socure’s data protection practices are audited on a recurring basis, and we maintain ISO 27001 and SOC 2 Type 2 certifications. That said, there is simply no way to guarantee that any safeguards or security measures will be sufficient to prevent a security incident.
Your Data Rights
Generally, you have the right to file or lodge a complaint with the relevant supervisory authority and to not be discriminated against for exercising your rights. In addition, based on where you reside, you may be subject to one or more of the following data rights:
- Right to Know / Be Informed as to the personal information or categories of personal information we have about you.
- Right to Access a copy of the personal information we have about you.
- Right to Correction / Rectification inaccurate personal information that we have about you.
- Right to Deletion / Erasure of personal information about you.
- Right to Opt Out of / Object to Certain Processing, such as the sale or sharing of personal information, targeted advertising, or profiling in furtherance of decisions that produce a legal or similarly significant effect on you.
- Right to Restrict Processing, if you meet certain limited applicable circumstances.
- Right to Withdraw Consent at any time, free of charge. Any such withdrawal only applies prospectively and will not impact prior processing conducted in accordance with your prior freely given consent.
- Right to Appeal a refusal to take action on a request within a reasonable period of time after you receive the initial decision.
- Right to Data Portability of your personal information.
Any withdrawal of consent only applies to future processing and does not impact prior processing conducted in accordance with your prior freely given, explicit consent. In the event you exercise your Right to Access, we will provide the personal information in a portable, readily usable format where required by applicable law.
How to Exercise Your Data Rights
To exercise your data rights relating to a specific transaction or to our Customers’ use of the Services for automated decision-making, please submit your request to the Socure Customer who sent you to us. When acting as a service provider to our Customers, we cannot take action on transaction-related personal information processed on their behalf without their written instructions. Where Socure processes personal information on behalf of a Customer, we may direct individuals to that Customer or otherwise act in accordance with the Customer’s instructions, consistent with applicable law and the Data Privacy Framework Principles.
To exercise your rights as they relate to Socure’s data, such as Socure’s independent processing of derived insights and network/graph-based risk intelligence (including consortium-derived insights), including the right to opt-out of profiling for independent decisions that produce a legal or similarly significant effect on you, or Socure Passport, employment, marketing, or third-party vendor data, please complete our Data Rights Form. Because data rights around the world keep changing, the form lists a variety of data rights that may or may not be available to you based on your residence. Keep in mind that we may not be able to fulfill your request if the law does not grant you the right you attempt to exercise.
Opt Out Preference Signals: We recognize and respond to Universal Opt-Out Mechanisms, such as the Global Privacy Control (GPC) signal, as a valid request to opt out of the Sale or Sharing of your personal information (including for Targeted Advertising) where required by applicable state law. You may also opt out via our Data Rights Form.
Verifiable Data Protection Rights Requests: Socure will use commercially reasonable methods to confirm that you submitted a verifiable request, where applicable or required. This means that we may need to ask you for additional information, verify your identity, and retain some personal information to prove that we complied with your request. Verification of your identity may involve document and biometric verification using our own Services, use of which is subject to Data Rights Terms of Use. Data submitted for verification is solely used for processing verification and deleted promptly.
Authorized Agent: Where permitted by law, you may designate an authorized agent to make a data rights request on your behalf using Socure’s data rights form linked above, subject to appropriate verification and other applicable legal requirements. Your authorized agent will need to provide documentation supporting the agent’s authority to make the request on your behalf. We also may require you to verify your identity directly with us and confirm the request.
Lawful Bases for Processing (Non-U.S. Persons)
Residents of Canada: Your personal information is processed with your express consent.
Residents of the United Kingdom or European Economic Area: (a) your biometric information is processed with your explicit consent; (b) your racial or ethnic origin data is processed for reasons of substantial public interest; and (c) your remaining personal information is processed for the purpose of legitimate interests such as fraud prevention. This may include Socure’s independent processing of derived insights and network/graph-based risk intelligence as described above. Personal information processed to evaluate and fulfill data rights requests are processed for compliance with a legal obligation. Where Socure relies on legitimate interests, we take into consideration your reasonable expectations based on your relationship with our Customers and balance them against Socure’s needs to support our Customers’ requests to validate identities, assess risk, and prevent, detect, protect or defend against, or respond to security incidents, identity theft, fraud, harassment, malicious, deceptive, or illegal activities.
Data Privacy Frameworks (UK, EEA, Switzerland only)
Socure complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Socure has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Socure has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. Socure is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should submit their request via this form. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request via this form.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Socure’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Socure remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Socure proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S DPF, the UK Extension to the EU-U.S DPF, and the Swiss-U.S DPF Principles, Socure commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU-U.S DPF, the UK extension to the EU-U.S DPF, and the Swiss-U.S DPF Principles. European Union, United Kingdom, and Swiss individuals with inquiries or complaints should first contact Socure at privacy@socure.com.
Socure has further committed to refer unresolved privacy complaints under the EU-U.S. DPF program to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit this website for more information and/or to file a complaint. This service is provided free of charge to you.
If your EU-US DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. Click here for more information.
If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the relevant Principles shall govern. To learn more about the EU-U.S. DPF program, please visit this website. You can verify Socure’s participation here.
How to Contact Us
Please do not email us your identity documents, selfies, or other personal information.If you are having trouble submitting your documents or need help troubleshooting or understanding the outcome of a specific transaction, please contact the Socure Customer who sent you to us.
To contact the Socure Privacy team, including our Data Protection Officer (DPO), you may email privacy@socure.com or call 1-888-690-3709. Our DPO is Socure’s General Counsel and VP of Legal, Aviad Levin-Gur.
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Socure has appointed the European Data Protection Office (EDPO) as its GDPR Representative in the EU. You may contact EDPO regarding matters pertaining to the GDPR: (1) by using EDPO’s online request form; or (2) by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
Pursuant to Article 27 of the UK GDPR, Socure has appointed the EDPO UK Ltd as its UK GDPR representative in the UK. You may contact EDPO UK regarding matters pertaining to the UK GDPR: (1) by using EDPO’s online request form; or (2) by writing to EDPO UK at Unit 33, Waterside, Schooner Court, 44-48 Wharf Road, London, N1 7UX, United Kingdom