New: Hypersign is now eIDAS 2.0 ready verifiable credentials and EUDI Wallet compliance built in. See case studies →
← Legal, Privacy & Security
Privacy

Verification Privacy Notice

Last updated: May 16, 2026

This notice explains how Hypersign processes personal data — including biometric data — when powering identity verification, fraud prevention, authentication, or compliance workflows on behalf of its customers.

This notice supplements Hypersign's Privacy Policy and the End User Terms for Identity Verification. Where those documents overlap with this notice, this notice governs for verification-specific data processing.

1. Scope

This notice applies when you interact with a verification flow powered by Hypersign — including hosted pages, SDKs, API-based journeys, mobile flows, or white-label experiences operated by one of Hypersign's customers (each, a "Customer").

It covers the processing of:

  • Identity and contact data
  • Documents and files you submit
  • Selfies, face images, videos, and liveness captures
  • Biometric data derived from those submissions
  • Device, IP, location, and anti-fraud telemetry
  • Verification results, risk signals, and audit records
  • Related support, compliance, and security records connected to the verification session

2. Who Are the Parties and What Are Their Roles?

PartyTypical RoleWhat That Means
CustomerController / BusinessThe Customer decides why your verification is required, which checks are enabled, and how the result is used.
HypersignProcessor / Service ProviderHypersign provides the verification technology and processes data on the Customer's behalf to perform the configured checks.
HypersignIndependent Controller (limited purposes)Hypersign may process limited data for security, abuse prevention, legal compliance, audit logging, and defence of legal claims.

If the verification journey is white-labeled or uses a custom domain, Hypersign may still be the technology provider processing your data behind the branded interface.

3. Categories of Data Used in Verification

Depending on the configured workflow, Hypersign may process:

Identity Data

Name, date of birth, address, phone number, email, nationality, and other identifying details.

Document Data

Passports, ID cards, residence permits, driver's licences, proof-of-address documents, and data extracted from those materials.

Biometric & Liveness Data

Face images, selfie images, videos, liveness captures, anti-spoofing signals, and data derived from scans of facial geometry used to compare your face to the identity document or to confirm a real person is present.

Technical & Fraud-Prevention Data

IP address, browser, device data, timestamps, session data, geolocation inferred from network data, and similar integrity or risk signals.

Questionnaire & Workflow Data

Declarations, answers, uploaded files, consent records, and status transitions recorded during the verification session.

Verification Outputs

Match scores, warnings, fraud indicators, review outcomes, and audit evidence generated during or after the verification.

4. Purposes of Processing

Hypersign may process the data above to:

  • Verify identity and authenticate a person
  • Check document authenticity and completeness
  • Detect spoofing, manipulation, fraud, or abuse
  • Comply with legal, regulatory, sanctions, AML, KYC, and risk-management requirements configured by the Customer
  • Secure the verification flow and underlying infrastructure
  • Support manual review, resubmission, escalation, and audit processes
  • Respond to lawful requests and defend legal claims
  • Maintain service integrity, troubleshoot incidents, and perform quality and security monitoring

Secondary use (model training & quality assurance). Where law permits and appropriate controls are in place, Hypersign may also use anonymised or pseudonymised verification-related data for service testing, quality assurance, fraud-model training and validation, and security improvement. You may opt out of this processing at any time — see Section 4 of the Business Terms (DPA Annex, §2.3) or email privacy@hypermine.de with the relevant session identifier.

5. How Hypersign Handles Biometric Data

For the purposes of this notice, biometric data includes data derived from scans of facial geometry or similar biometric characteristics extracted from images or video, where that data is used to verify identity, confirm liveness, or prevent fraud.

When a workflow includes face verification or liveness, Hypersign may:

  • Capture or receive selfie images, face images, and/or video
  • Extract facial characteristics from those submissions and from the portrait on your identity document
  • Compare those signals to verify that the person presenting the document is the same person shown on the document
  • Analyse liveness and anti-spoofing indicators to confirm a real person is present
  • Generate verification results, confidence indicators, and fraud or review signals

Hypersign's Commitments on Biometric Data

Lawful Use Only

Biometric data is used only for the lawful purposes described in this notice, the Customer's instructions, and applicable law.

Sensitive-Data Safeguards

Access controls, continuous monitoring, and secure handling practices are applied specifically for biometric and sensitive data.

No Sale or Commercialisation

Hypersign does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information.

Customer Disclosure Obligation

Customers using API or white-label journeys are expected to clearly disclose Hypersign as the verification provider and obtain any notice or consent required by law before biometric capture begins.

6. Additional U.S. Biometric Privacy Disclosures

If you are located in Illinois, Texas, Washington, or another jurisdiction with biometric privacy requirements, the following points apply:

  • Biometric data may include data derived from scans of face geometry, selfie images, liveness video, or similar identity-verification media.
  • You may be asked to provide explicit electronic or written consent before biometric data is captured or uploaded.
  • The Customer should identify Hypersign as a verification provider or processor when presenting required notices in white-label or API-based journeys.
  • Hypersign uses biometric data to perform identity verification, liveness, anti-spoofing, fraud prevention, security, and related compliance operations requested by the Customer.
  • Hypersign retains biometric data only for as long as needed to provide the service, follow lawful Customer instructions, satisfy legal obligations, resolve disputes, or defend claims — and in no event longer than applicable law permits.
  • Hypersign uses a reasonable standard of care designed for sensitive data and does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information.
  • Where a jurisdiction requires a shorter retention period, a separate public schedule, or additional disclosures, Hypersign and the Customer will apply the shorter or stricter requirement governing the relevant flow.

Other jurisdictions. The above applies, with appropriate adjustments, to any jurisdiction with biometric privacy requirements — including the CCPA/CPRA, Colorado CPA, Virginia CDPA, Connecticut CTDPA, Utah UCPA, EU GDPR Article 9, UK GDPR, Swiss FADP, Canada's PIPEDA / Quebec Law 25, Brazil's LGPD, and any future biometric privacy law applicable to the relevant verification flow.

7. Disclosures and Service Providers

Hypersign may disclose verification-related data to:

  • The Customer that asked you to verify
  • Hypersign group entities involved in delivering, supporting, or securing the service
  • Providers of hosting, cloud storage, communications, identity, fraud, analytics, audit, security, and professional services
  • Regulators, courts, law enforcement, or public authorities where legally required
  • Transaction counterparties in a merger, acquisition, restructuring, or asset transfer, subject to lawful safeguards

The exact recipients depend on the service, region, workflow configuration, and applicable legal requirements. To request the current sub-processor list, email security@hypermine.de (an NDA is required).

8. International Transfers

Verification data may be processed in countries other than the country in which you began the verification flow. Hypersign's primary production infrastructure is hosted in the European Economic Area (default region: AWS eu-central-1, Frankfurt).

Where Personal Data is transferred outside the EEA, Hypersign applies appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure an equivalent level of protection.

9. Retention and Destruction

The default retention period for verification data is indefinite ("unlimited") unless the Customer configures a shorter period or you exercise a deletion right. Customers can configure retention per application in the Business Console between 30 days and 10 years and can delete any individual verification session at any time.

Biometric data cap. Biometric data retention is in every case subject to, and capped by, applicable biometric-privacy laws — including GDPR Article 9, BIPA, Texas CUBI, Washington H.B. 1493, and any other applicable biometric-privacy law. Where such law prescribes a shorter retention period or an earlier destruction obligation, that shorter or stricter rule always prevails over any default or Customer-configured period.

In every case Hypersign retains verification data according to:

  • The Customer's documented instructions and configured retention settings
  • Applicable contractual, regulatory, audit, and legal obligations
  • Fraud-prevention, security, and dispute-resolution needs
  • The shorter or stricter retention rule required by applicable law, which always governs

Biometric Data Destruction

Hypersign aims to ensure that biometric identifiers and biometric information are deleted, de-identified, or securely destroyed when:

  • The original verification purpose has been satisfied
  • The applicable retention period expires
  • The Customer lawfully instructs deletion
  • Applicable law requires earlier destruction

10. Automated Processing and Human Review

Hypersign may use automated systems to review document integrity, liveness, face match, fraud indicators, and other verification signals. Some sessions may also be routed for human review, quality assurance, or escalation depending on the Customer's workflow and risk configuration.

Except where a specific service states otherwise, the Customer remains responsible for how it uses the verification result in its own business decision-making. Hypersign's results are for informational purposes and support — not replace — the Customer's decisions.

11. Your Rights and How to Exercise Them

If you want to access, correct, delete, restrict, object to, or otherwise exercise rights over data processed in a specific verification session, you should generally contact the Customer first. The Customer usually determines the main purpose of the verification and is the best point of contact for rights tied to that relationship.

If Hypersign receives a request directly in a processor context, Hypersign may forward or redirect it to the relevant Customer. If Hypersign acts as an independent controller for a limited processing purpose, you may also contact:

You may also lodge a complaint with a supervisory authority. Hypersign's lead supervisory authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) in Germany. You may also approach your local data-protection authority.

12. Security

Hypersign uses technical, organisational, and administrative safeguards designed to protect verification data, including sensitive and biometric data. These include:

Encryption

Data is encrypted at rest (AES-256) and in transit (TLS 1.3), with key management in a dedicated KMS.

Access Controls

Role-based access control and environment separation limit who can access personal and biometric data.

Monitoring & Testing

Continuous security monitoring and regular penetration testing are performed across all production systems.

Incident Response

A documented incident response programme ensures rapid detection, containment, and notification for any data breach.

Hypersign holds the following security certifications:

SOC 2 Type 1 (Type 2 in progress)
ISO/IEC 27001:2022
iBeta Level 1 PAD (ISO/IEC 30107-3)
Government Sandbox Attestation (Tesoro / SEPBLAC / CNMV)

13. Children

Hypersign does not intend this notice to authorise the unlawful collection of children's data. If a verification flow is used for age-related or youth-related checks, the Customer must ensure a lawful basis, appropriate notices, and any required parental or guardian permissions are in place before the flow begins.

14. Changes to This Notice

Hypersign may update this Verification Privacy Notice from time to time to reflect legal, operational, or product changes. When we do, we will update the effective date at the top of this notice. We encourage you to review this notice periodically. Material changes that affect your rights will be communicated via the Customer or through the verification interface.

15. Contact

If you have questions about this notice or how Hypersign processes your data in a verification context, reach the right team directly:

Hypersign's lead supervisory authority is the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit — BfDI), Germany. Website: bfdi.bund.de. You also have the right to lodge a complaint with the supervisory authority in your country of habitual residence.