Privacy Policy

Last updated: 15 June 2026

This Privacy Policy explains how IDEEVY processes personal data in connection with its website, business customer accounts, and identity document verification services.

“IDEEVY”, “we”, “us” and “our” refer to INTEGRITYTECH HK LIMITED, a company registered in Hong Kong. IDEEVY provides identity document verification services through its website at ideevy.com and related APIs, dashboards, tools, and support channels.

1. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed by IDEEVY in connection with:

• the public website located at ideevy.com;
• communications with IDEEVY, including demo requests, support requests, sales inquiries, and administrative correspondence;
• business customer accounts, dashboards, API access, billing administration, and service management;
• identity document verification sessions carried out by IDEEVY on behalf of its Business Customers; and
• security, logging, abuse prevention, service operation, and related technical activities required to provide and protect the service.

This Privacy Policy does not describe the privacy practices of Business Customers that use IDEEVY. A Business Customer may have its own privacy notice, user terms, retention rules, legal basis, onboarding flow, and internal decision-making logic. End Users should review the privacy information provided by the Business Customer that requested the verification.

2. Definitions

For the purposes of this Privacy Policy:

• “Business Customer” means a company, platform, organization, or other business entity that uses IDEEVY to verify identity documents submitted by its users, customers, applicants, merchants, account holders, or other individuals.
• “End User” means an individual whose identity document is submitted for verification through IDEEVY in connection with a Business Customer service.
• “Service” means the IDEEVY identity document verification service, including related APIs, dashboards, verification sessions, status responses, support tools, and technical infrastructure.
• “Verification Record” means the document image and related verification data generated or processed in connection with a verification session, including extracted document fields where enabled, verification status, reason codes, timestamps, session identifiers, and technical metadata needed to operate and evidence the verification.
• “Identity Document” means a passport, national identity card, residence permit, driver license, or other identity document supported by the Service.

3. Our role in processing personal data

IDEEVY is a business-to-business identity document verification provider. In the standard verification flow, a Business Customer determines why an End User is asked to submit an Identity Document, what legal basis applies, how the verification result is used, and whether the End User may access the Business Customer service.

In that standard flow, IDEEVY generally acts as a processor, service provider, or similar role on behalf of the Business Customer. IDEEVY processes Verification Records in accordance with the Business Customer instructions, the applicable agreement, and this Privacy Policy.

IDEEVY may act as an independent controller for limited categories of personal data where IDEEVY determines the purposes and means of processing, including website analytics, business contact data, customer account administration, billing administration, security monitoring, abuse prevention, legal compliance, protection of the Service, and handling of direct requests addressed to IDEEVY.

4. What IDEEVY does

IDEEVY provides identity document verification services. The standard Service is focused on IDV — identity document verification. It is not a full KYC, AML, sanctions, PEP, adverse media, biometric identification, or facial recognition platform.

Depending on the Business Customer configuration and the document submitted, the standard Service may perform activities such as:

• receiving and securely storing an image of an Identity Document;
• checking whether the image is suitable for verification, for example whether it is readable, complete, and of sufficient quality;
• detecting document type, issuing country, document side, and supported layout features;
• extracting document fields through OCR, MRZ, barcode, or other document parsing methods where enabled and required for IDV;
• checking document structure, expiry date, readable fields, MRZ or barcode consistency, and other document-related signals relevant to IDV;
• returning a verification status, reason code, or resubmission requirement to the Business Customer; and
• maintaining a Verification Record for service operation, auditability, dispute handling, abuse prevention, and security.

The Business Customer remains responsible for the final business decision regarding an End User. IDEEVY provides document verification results and related signals; IDEEVY does not decide whether an End User is allowed to open an account, receive a product, access a platform, complete a transaction, or use a Business Customer service.

5. Personal data we process

The personal data processed by IDEEVY depends on the Service configuration selected by the Business Customer and the document submitted by the End User. In the standard Service, IDEEVY may process the following categories of data.

5.1 Identity document images

IDEEVY stores images of Identity Documents submitted for verification. This may include the front and back of a document, document pages, or other document images required by the Business Customer verification flow.

5.2 Document data

Where enabled or required for IDV, IDEEVY may extract or process document data such as name, date of birth, document number, expiry date, issue date, issuing country, nationality, document type, MRZ fields, barcode fields, OCR fields, and other data visible on or derived from the Identity Document.

5.3 Verification data

IDEEVY may process verification status, outcome, reason codes, resubmission reasons, document quality results, document type detection results, timestamps, workflow status, and other data necessary to return and evidence the verification result.

5.4 Technical and session metadata

IDEEVY may process technical metadata required to operate, secure, debug, and evidence the Service, including IP address, browser information, device information, session identifiers, API request identifiers, project identifiers, customer identifiers, timestamps, logs, and webhook delivery records.

5.5 Business customer and website data

For Business Customers and website visitors, IDEEVY may process business contact details, account information, company information, email address, phone number, billing or administrative information, support messages, demo requests, website usage data, and related communications.

6. Data IDEEVY does not process as part of the standard service

The standard IDEEVY Service is limited to identity document verification. Unless expressly agreed in a separate written agreement or made subject to separate terms or notices, IDEEVY does not provide or perform the following as part of the standard Service:

• selfie collection;
• liveness checks;
• face matching;
• facial recognition;
• creation, storage, or processing of biometric templates;
• AML screening;
• PEP screening;
• sanctions screening;
• adverse media screening;
• source of funds checks;
• final KYC approval or rejection on behalf of the Business Customer.

Additional or tailor-made services may be provided only under a separate agreement. Such services are not part of the standard public description of the Service unless expressly stated in the applicable customer agreement, order form, or separate notice.

7. How we use personal data

IDEEVY uses personal data only for purposes connected with providing, securing, maintaining, and improving the Service, and where applicable for website and business administration purposes. These purposes may include:

• creating and operating verification sessions;
• receiving, storing, and processing Identity Document images;
• performing identity document verification and returning results to the Business Customer;
• checking document image quality, readability, completeness, document type, and supported document features;
• extracting and validating document data where enabled and required for IDV;
• maintaining Verification Records for auditability, dispute handling, resubmission handling, service integrity, and abuse prevention;
• operating APIs, dashboards, webhooks, logs, customer support, and technical monitoring;
• detecting, investigating, and preventing abuse, fraud attempts against the Service, unauthorized access, security incidents, and technical misuse;
• administering Business Customer accounts, contracts, billing, support, and service communications;
• analyzing website traffic and usage through Google Analytics; and
• complying with applicable legal obligations and protecting the rights, property, and security of IDEEVY, Business Customers, End Users, and the Service.

8. Legal basis and customer responsibility

Where IDEEVY processes Verification Records on behalf of a Business Customer, the Business Customer is responsible for determining the legal basis for collecting and submitting an End User Identity Document to IDEEVY. The Business Customer is also responsible for providing all notices, disclosures, consents, authorizations, and user-facing information required under applicable law.

Where IDEEVY acts as a processor or service provider, IDEEVY processes personal data on the Business Customer instructions and in accordance with the applicable agreement.

Where IDEEVY acts as an independent controller for limited purposes, IDEEVY may rely on legal bases such as performance of a contract, legitimate interests, compliance with legal obligations, consent where required, and protection of the Service and its users. Examples include customer account administration, website analytics, security monitoring, fraud and abuse prevention against the Service, billing administration, legal compliance, and responding to direct requests.

9. Retention

IDEEVY retains Verification Records, including Identity Document images and related verification data, for up to one year from the date of verification, unless a shorter period is configured or agreed with the Business Customer, or a longer period is required for legal, dispute, fraud prevention, security, or service protection reasons.

A Business Customer may configure or request shorter retention where supported by the Service or agreed in the applicable customer agreement. After the applicable retention period expires, IDEEVY deletes or de-identifies the relevant Verification Records in accordance with its operational deletion processes, unless continued retention is required or permitted under applicable law or necessary for security, dispute handling, abuse prevention, or protection of the Service.

Website analytics, business contact data, customer account data, billing information, support records, logs, and administrative records may be retained for different periods depending on their purpose, contractual requirements, legal obligations, security needs, and operational requirements.

10. Storage locations and international processing

Where reasonably possible, IDEEVY aims to store and process verification data in the End User country or region, or in another location consistent with the Business Customer configuration and applicable data protection requirements.

However, data may be processed or stored in other jurisdictions where IDEEVY, its infrastructure providers, service providers, or subprocessors operate. Cross-border storage or processing may depend on infrastructure availability, Business Customer configuration, service provider locations, security requirements, support needs, legal requirements, and operational requirements.

Where required, IDEEVY uses contractual, technical, and organizational safeguards designed to protect personal data in connection with such processing.

11. Security

IDEEVY applies commercially reasonable technical and organizational measures designed to protect personal data processed through the Service. These measures are based on industry practices and may include encrypted storage, secure transmission, access controls, restricted access based on operational need, audit logging, monitoring, backup and recovery procedures, and internal security practices.

Access to Verification Records is limited to authorized personnel, systems, and service providers where access is necessary to operate, support, secure, maintain, or improve the Service, or to comply with applicable legal or contractual obligations.

No method of transmission, storage, or processing can be guaranteed to be completely secure. IDEEVY does not claim that the Service is immune from all security risks. Business Customers are responsible for securing their own systems, API credentials, user interfaces, and integration flows.

12. Service providers and subprocessors

IDEEVY may use trusted third-party service providers and subprocessors to provide, secure, maintain, and support the Service. These may include providers of hosting, infrastructure, secure storage, monitoring, logging, communications, customer support, analytics, and document-processing technology.

Such providers may process personal data only as necessary to perform services for IDEEVY and are subject to contractual, technical, and organizational safeguards appropriate to their role.

For operational security reasons, IDEEVY does not publish a full public list of infrastructure, security, and service vendors. Business Customers may request relevant subprocessor information as part of vendor review, DPA negotiation, enterprise onboarding, or other appropriate confidentiality and security review processes. See also Subprocessors & Infrastructure.

13. Google Analytics and website data

IDEEVY may use Google Analytics on ideevy.com to understand website traffic, page usage, referral sources, device and browser information, and general visitor behavior. Google Analytics helps IDEEVY improve the website and measure the effectiveness of communications and content.

Google Analytics may use cookies or similar technologies. Website visitors can manage cookies through browser settings and, where available, through cookie consent tools displayed on the website. Additional details may be provided in IDEEVY Cookie Policy.

Google Analytics data is not used as part of identity document verification decisions.

14. End User privacy requests

If you are an End User whose Identity Document was processed through IDEEVY on behalf of a Business Customer, you should first contact that Business Customer regarding access, deletion, correction, objection, restriction, portability, or other privacy rights. The Business Customer determines why your document was submitted, what legal basis applies, how the verification result is used, and whether the verification is required for its service.

IDEEVY will generally handle End User privacy requests through the relevant Business Customer, because IDEEVY usually acts as a processor or service provider for the Business Customer in connection with Verification Records.

You may contact IDEEVY directly if you cannot identify the relevant Business Customer, if the Business Customer is unavailable, or if your request relates specifically to IDEEVY own processing. IDEEVY may need to verify the request, identify the relevant Business Customer, and coordinate with that Business Customer before taking action.

Requests can be sent to privacy@ideevy.com. IDEEVY may refuse or limit a request where permitted by law, where the request cannot be verified, where the data is controlled by a Business Customer, or where retention is required for legal, security, dispute, fraud prevention, or service protection reasons.

15. Business Customer responsibilities

Business Customers are responsible for their own use of the Service. This includes responsibility for:

• having a valid legal basis to request, collect, submit, and use End User Identity Documents and verification results;
• providing all required privacy notices, disclosures, consents, authorizations, and user-facing explanations;
• ensuring that End Users understand that their Identity Document may be processed by IDEEVY for identity document verification;
• using verification results lawfully and fairly;
• configuring the Service in a way that matches their legal, operational, and retention requirements;
• securing their own accounts, dashboards, API credentials, systems, applications, and integrations;
• responding to End User requests where the Business Customer controls the relevant data or decision;
• not submitting data that the Business Customer has no right to submit; and
• not using IDEEVY for prohibited, unlawful, abusive, discriminatory, or unauthorized purposes.

IDEEVY is not responsible for the privacy practices, notices, user interfaces, business decisions, or legal obligations of Business Customers except to the extent expressly stated in the applicable agreement with IDEEVY.

16. Children and minors

The Service is not intended for the direct use of children. IDEEVY provides the Service to Business Customers and does not knowingly offer the Service directly to children.

Business Customers must not submit Identity Documents of minors unless they have a valid legal basis and all required consents, permissions, or authorizations under applicable law. The Business Customer is responsible for determining whether a verification involving a minor is lawful and appropriate for its service.

17. Changes to this Privacy Policy

IDEEVY may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, operational practices, security measures, or business needs. The updated version will be posted on ideevy.com with a revised “Last updated” date.

Where required by law or applicable agreement, IDEEVY may provide additional notice of material changes to Business Customers. Continued use of the Service after an updated Privacy Policy becomes effective means that the updated Privacy Policy applies to personal data processed after that date, subject to applicable law and contractual terms.

18. Contact and company details

For privacy questions related to IDEEVY own processing, you may contact IDEEVY at:

Email: privacy@ideevy.com
Company: INTEGRITYTECH HK LIMITED
Company Registration Number: 3339122
Business Registration Number: 75921776
Registered address: Room 905, Block 2, Cyberport, 100 Cyberport Road, Hong Kong
Website: ideevy.com

If you are an End User whose Identity Document was submitted through a Business Customer service, please contact that Business Customer first regarding your rights and the use of the verification result.

← Back to home