VerifyNowTrust Center
At VerifyNow, we are committed to protecting your data with enterprise-grade security, transparent practices, and POPIA-aligned controls for South African data protection.
Regulatory Alignment
Our services are designed to support your compliance obligations under South African law. Review our POPIA Manual / Privacy Policy and PAIA Manual for the underlying policy documents.
POPIA Compliance
- Lawful basis for all processing
- Data minimisation principles
- Data subject rights support
- Cross-border transfer safeguards
FICA Compliance
- KYC/CDD verification support
- PEP and sanctions screening
- Audit trail maintenance
- Record retention compliance
Information Officer Registration
- Registered with the Information Regulator
- Regulator registration number 2026-002705
- Information Officer: Ruwaida Foster
B-BBEE Status
- B-BBEE Level 1 contributor
- 135% procurement recognition
- Certificate number 9449863304
International Customers
For customers in the EU, UK, or other jurisdictions with data protection requirements, our practices align with international standards including:
- • Lawful basis for processing • Data minimisation • Purpose limitation
- • Data subject rights (access, correction, deletion, portability)
- • 48-hour breach notification • Enterprise-grade security
Contact privacy@verifynow.co.za for specific compliance requirements.
Our Security Approach
We employ a defence-in-depth security strategy, combining multiple layers of protection to safeguard your data at every stage of processing. Our security practices are designed to meet and exceed South African regulatory requirements.
Data Encryption
- TLS 1.3 encryption for all data in transit (with TLS 1.2+ supported where required)
- AES-256 equivalent managed encryption at rest
- Automatic managed TLS certificates
Infrastructure Security
- Global edge network with DDoS protection
- Web Application Firewall (WAF)
- Bot protection and rate limiting
- Serverless architecture (reduced attack surface)
Verification Sources
To provide accurate identity verification services, we access authoritative data sources in accordance with South African law. These sources enable us to verify identity documents and personal information securely and reliably.
Our Verification Sources Include:
- Department of Home Affairs (DHA) – For South African ID verification
- Other lawful and authorised sources – As permitted under applicable legislation
Important: Verification sources are accessed under lawful authority and are not sub-processors. They provide authoritative data for verification purposes only. Some services are fulfilled using authorised third-party verification and data suppliers under their own permitted-use frameworks. VerifyNow is not a credit bureau and does not provide credit information.
Incident Notification
In the unlikely event of a security incident affecting your data, we are committed to transparent and timely communication.
Our 48-Hour Breach Notification SLA
- Customers notified within 48 hours of confirmed breach discovery
- Detailed incident report including scope, affected data, and remediation steps
- Assistance with regulatory notification requirements (Information Regulator)
- Post-incident review and preventive measures implementation
Data Retention
We retain personal information only for as long as necessary to provide our services and meet legal requirements. VerifyNow does not store full verification reports by default after delivery; we retain audit metadata needed for auditability, billing, security, dispute handling, and compliance.
What we do store — per check
Every check run through VerifyNow creates an immutable audit trail entry. This is stored for 7 years to support your FICA record-keeping obligations, billing disputes, and security investigations.
- Timestamp of the check (date and time)
- Check type (e.g. Home Affairs ID, AML/PEP, bank)
- Reference ID for the check run
- Account / user that ran the check
- Credit deducted and billing reference
- Pass / fail / error outcome code
- Consent attestation and lawful-basis record
- IP address of the request (for security)
Full report payloads (e.g. the raw ID photo result) are not stored beyond delivery unless you have a storage-enabled plan.
| Data Type | Retention Period | Basis |
|---|---|---|
| Full verification reports/results | Not stored by default after delivery | Data minimisation |
| Audit metadata and lawful-basis attestations | 7 years | Auditability and compliance |
| Account data | Duration of account + 2 years | Service provision |
| Biometric data | Deleted after verification | Data minimisation |
| Payment card or bank details | Not stored by VerifyNow | Handled by payment processors |
| Billing and payment metadata | 7 years | Accounting and service provision |
For detailed retention information, see our Privacy Policy.
Legal & Policy Documents
Review our complete legal documentation for detailed information about how we handle your data.
Privacy Policy
How we collect, use, and protect your data
Terms of Service
Terms and conditions of service use
Data Processing Agreement
Written operator agreement for business/API use
Usage Policy
Guidelines for responsible use
Information Officer Registration Certificate
Proof of Information Officer registration with the Information Regulator
B-BBEE Level 1 Certificate
Urban Luxury Brands (Pty) Ltd B-BBEE Level 1 certificate
Sub-processors
Our infrastructure partners
Information Security
Security practices and measures
Cookie Policy
How we use cookies
PAIA Manual
Access to information requests
Security & Privacy Contacts
Have questions about our security practices or need to report a concern?
Legal Entity
Company: Urban Luxury Brands (Pty) Ltd trading as VerifyNow
Registration number: 2007/013732/07
Website: www.verifynow.co.za
Contact
Privacy: privacy@verifynow.co.za / hello@verifynow.co.za
Security: security@verifynow.co.za