Security & Compliance

Trust Center

At Verify Now, we are committed to protecting your data with enterprise-grade security, transparent practices, and full compliance with South African data protection laws.

Last updated: February 2026
48 Hours
Breach Notification
TLS 1.3
Encryption
South Africa
Data Residency
POPIA
Compliance

Our Security Approach

We employ a defence-in-depth security strategy, combining multiple layers of protection to safeguard your data at every stage of processing. Our security practices are designed to meet and exceed South African regulatory requirements.

Data Encryption

  • TLS 1.3 encryption for all data in transit (with TLS 1.2+ supported where required)
  • AES-256 equivalent managed encryption at rest
  • Automatic managed TLS certificates

Infrastructure Security

  • Global edge network with DDoS protection
  • Web Application Firewall (WAF)
  • Bot protection and rate limiting
  • Serverless architecture (reduced attack surface)

Verification Sources

To provide accurate identity verification services, we access authoritative data sources in accordance with South African law. These sources enable us to verify identity documents and personal information securely and reliably.

Our Verification Sources Include:

  • Department of Home Affairs (DHA) – For South African ID verification
  • Other lawful and authorised sources – As permitted under applicable legislation

Important: Verification sources are accessed under lawful authority and are not sub-processors. They provide authoritative data for verification purposes only.

Incident Notification

In the unlikely event of a security incident affecting your data, we are committed to transparent and timely communication.

Our 48-Hour Breach Notification SLA

  • Customers notified within 48 hours of confirmed breach discovery
  • Detailed incident report including scope, affected data, and remediation steps
  • Assistance with regulatory notification requirements (Information Regulator)
  • Post-incident review and preventive measures implementation

Data Retention

We retain personal information only for as long as necessary to provide our services and meet legal requirements. Our default retention schedule is designed to balance operational needs with privacy principles.

Data TypeRetention PeriodBasis
Verification results5 yearsFICA compliance
Consent records7 yearsPOPIA requirement
Account dataDuration of account + 2 yearsService provision
Biometric dataDeleted after verificationData minimisation
Audit logs7 yearsCompliance & security

For detailed retention information, see our Privacy Policy.

Regulatory Compliance

Our services are designed to support your compliance obligations under South African law.

POPIA Compliance

  • Lawful basis for all processing
  • Data minimisation principles
  • Data subject rights support
  • Cross-border transfer safeguards

FICA Compliance

  • KYC/CDD verification support
  • PEP and sanctions screening
  • Audit trail maintenance
  • Record retention compliance

International Customers

For customers in the EU, UK, or other jurisdictions with data protection requirements, our practices align with international standards including:

  • • Lawful basis for processing • Data minimisation • Purpose limitation
  • • Data subject rights (access, correction, deletion, portability)
  • • 48-hour breach notification • Enterprise-grade security

Contact privacy@verifynow.co.za for specific compliance requirements.

Legal & Policy Documents

Review our complete legal documentation for detailed information about how we handle your data.

Privacy Policy

How we collect, use, and protect your data

Terms of Service

Terms and conditions of service use

Data Processing Agreement

DPA for business customers

Usage Policy

Guidelines for responsible use

Sub-processors

Our infrastructure partners

Information Security

Security practices and measures

Cookie Policy

How we use cookies

PAIA Manual

Access to information requests

Security & Privacy Contacts

Have questions about our security practices or need to report a concern?

General Privacy Inquiries

Email: privacy@verifynow.co.za

Security Concerns

Email: security@verifynow.co.za

Privacy PolicyTerms of ServiceDPAContact Us