Security lifecycle of a verification request
Every verification moves through six security-controlled stages. Encryption, access controls, and audit logging apply at every step, from the moment you upload data to the moment we delete it.
Secure data capture
Data is uploaded via TLS 1.3-encrypted connections. Files are scanned for malware, validated for format and size, and encrypted with AES-256 immediately upon arrival.
Secure ingestion and pre-processing
OCR and biometric engines process data inside isolated processing lanes. Only authorised services and agents with active MFA sessions can access this stage.
Secure active processing
Agents review cases inside role-based access-controlled dashboards. Session pins lock screens after 5 minutes of inactivity. Every view is logged.
Secure decision-making
Supervisors approve outcomes with least-privilege access. High-risk approvals require two supervisors. Decision context (evidence, reasoning, risk score) is recorded.
Secure storage and retention
Verified results and source documents are stored in encrypted S3 buckets and RDS databases. KMS keys rotate every 90 days. Backups are encrypted and replicated across AWS regions.
Secure deletion
Retention clocks trigger automated deletion jobs. Files are purged from S3, database records are wiped, and KMS keys are scheduled for destruction. Deletion events are logged for compliance audits.
Immutable audit logs
Every action is logged with user ID, timestamp, IP address, device fingerprint, and purpose. Logs are write-once and stored in tamper-evident CloudWatch streams. Regulators, clients, and data subjects can request audit trails for specific verification requests.