This notice supplements Hypersign's Privacy Policy and the End User Terms for Identity Verification. Where those documents overlap with this notice, this notice governs for verification-specific data processing.
1. Scope
This notice applies when you interact with a verification flow powered by Hypersign — including hosted pages, SDKs, API-based journeys, mobile flows, or white-label experiences operated by one of Hypersign's customers (each, a "Customer").
It covers the processing of:
- Identity and contact data
- Documents and files you submit
- Selfies, face images, videos, and liveness captures
- Biometric data derived from those submissions
- Device, IP, location, and anti-fraud telemetry
- Verification results, risk signals, and audit records
- Related support, compliance, and security records connected to the verification session
2. Who Are the Parties and What Are Their Roles?
| Party | Typical Role | What That Means |
|---|---|---|
| Customer | Controller / Business | The Customer decides why your verification is required, which checks are enabled, and how the result is used. |
| Hypersign | Processor / Service Provider | Hypersign provides the verification technology and processes data on the Customer's behalf to perform the configured checks. |
| Hypersign | Independent Controller (limited purposes) | Hypersign may process limited data for security, abuse prevention, legal compliance, audit logging, and defence of legal claims. |
If the verification journey is white-labeled or uses a custom domain, Hypersign may still be the technology provider processing your data behind the branded interface.
3. Categories of Data Used in Verification
Depending on the configured workflow, Hypersign may process:
Identity Data
Name, date of birth, address, phone number, email, nationality, and other identifying details.
Document Data
Passports, ID cards, residence permits, driver's licences, proof-of-address documents, and data extracted from those materials.
Biometric & Liveness Data
Face images, selfie images, videos, liveness captures, anti-spoofing signals, and data derived from scans of facial geometry used to compare your face to the identity document or to confirm a real person is present.
Technical & Fraud-Prevention Data
IP address, browser, device data, timestamps, session data, geolocation inferred from network data, and similar integrity or risk signals.
Questionnaire & Workflow Data
Declarations, answers, uploaded files, consent records, and status transitions recorded during the verification session.
Verification Outputs
Match scores, warnings, fraud indicators, review outcomes, and audit evidence generated during or after the verification.
4. Purposes of Processing
Hypersign may process the data above to:
- Verify identity and authenticate a person
- Check document authenticity and completeness
- Detect spoofing, manipulation, fraud, or abuse
- Comply with legal, regulatory, sanctions, AML, KYC, and risk-management requirements configured by the Customer
- Secure the verification flow and underlying infrastructure
- Support manual review, resubmission, escalation, and audit processes
- Respond to lawful requests and defend legal claims
- Maintain service integrity, troubleshoot incidents, and perform quality and security monitoring
Secondary use (model training & quality assurance). Where law permits and appropriate controls are in place, Hypersign may also use anonymised or pseudonymised verification-related data for service testing, quality assurance, fraud-model training and validation, and security improvement. You may opt out of this processing at any time — see Section 4 of the Business Terms (DPA Annex, §2.3) or email privacy@hypermine.de with the relevant session identifier.
5. How Hypersign Handles Biometric Data
For the purposes of this notice, biometric data includes data derived from scans of facial geometry or similar biometric characteristics extracted from images or video, where that data is used to verify identity, confirm liveness, or prevent fraud.
When a workflow includes face verification or liveness, Hypersign may:
- Capture or receive selfie images, face images, and/or video
- Extract facial characteristics from those submissions and from the portrait on your identity document
- Compare those signals to verify that the person presenting the document is the same person shown on the document
- Analyse liveness and anti-spoofing indicators to confirm a real person is present
- Generate verification results, confidence indicators, and fraud or review signals
Hypersign's Commitments on Biometric Data
Lawful Use Only
Biometric data is used only for the lawful purposes described in this notice, the Customer's instructions, and applicable law.
Sensitive-Data Safeguards
Access controls, continuous monitoring, and secure handling practices are applied specifically for biometric and sensitive data.
No Sale or Commercialisation
Hypersign does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information.
Customer Disclosure Obligation
Customers using API or white-label journeys are expected to clearly disclose Hypersign as the verification provider and obtain any notice or consent required by law before biometric capture begins.
6. Additional U.S. Biometric Privacy Disclosures
If you are located in Illinois, Texas, Washington, or another jurisdiction with biometric privacy requirements, the following points apply:
- Biometric data may include data derived from scans of face geometry, selfie images, liveness video, or similar identity-verification media.
- You may be asked to provide explicit electronic or written consent before biometric data is captured or uploaded.
- The Customer should identify Hypersign as a verification provider or processor when presenting required notices in white-label or API-based journeys.
- Hypersign uses biometric data to perform identity verification, liveness, anti-spoofing, fraud prevention, security, and related compliance operations requested by the Customer.
- Hypersign retains biometric data only for as long as needed to provide the service, follow lawful Customer instructions, satisfy legal obligations, resolve disputes, or defend claims — and in no event longer than applicable law permits.
- Hypersign uses a reasonable standard of care designed for sensitive data and does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information.
- Where a jurisdiction requires a shorter retention period, a separate public schedule, or additional disclosures, Hypersign and the Customer will apply the shorter or stricter requirement governing the relevant flow.
Other jurisdictions. The above applies, with appropriate adjustments, to any jurisdiction with biometric privacy requirements — including the CCPA/CPRA, Colorado CPA, Virginia CDPA, Connecticut CTDPA, Utah UCPA, EU GDPR Article 9, UK GDPR, Swiss FADP, Canada's PIPEDA / Quebec Law 25, Brazil's LGPD, and any future biometric privacy law applicable to the relevant verification flow.
7. Disclosures and Service Providers
Hypersign may disclose verification-related data to:
- The Customer that asked you to verify
- Hypersign group entities involved in delivering, supporting, or securing the service
- Providers of hosting, cloud storage, communications, identity, fraud, analytics, audit, security, and professional services
- Regulators, courts, law enforcement, or public authorities where legally required
- Transaction counterparties in a merger, acquisition, restructuring, or asset transfer, subject to lawful safeguards
The exact recipients depend on the service, region, workflow configuration, and applicable legal requirements. To request the current sub-processor list, email security@hypermine.de (an NDA is required).
8. International Transfers
Verification data may be processed in countries other than the country in which you began the verification flow. Hypersign's primary production infrastructure is hosted in the European Economic Area (default region: AWS eu-central-1, Frankfurt).
Where Personal Data is transferred outside the EEA, Hypersign applies appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure an equivalent level of protection.
9. Retention and Destruction
The default retention period for verification data is indefinite ("unlimited") unless the Customer configures a shorter period or you exercise a deletion right. Customers can configure retention per application in the Business Console between 30 days and 10 years and can delete any individual verification session at any time.
Biometric data cap. Biometric data retention is in every case subject to, and capped by, applicable biometric-privacy laws — including GDPR Article 9, BIPA, Texas CUBI, Washington H.B. 1493, and any other applicable biometric-privacy law. Where such law prescribes a shorter retention period or an earlier destruction obligation, that shorter or stricter rule always prevails over any default or Customer-configured period.
In every case Hypersign retains verification data according to:
- The Customer's documented instructions and configured retention settings
- Applicable contractual, regulatory, audit, and legal obligations
- Fraud-prevention, security, and dispute-resolution needs
- The shorter or stricter retention rule required by applicable law, which always governs
Biometric Data Destruction
Hypersign aims to ensure that biometric identifiers and biometric information are deleted, de-identified, or securely destroyed when:
- The original verification purpose has been satisfied
- The applicable retention period expires
- The Customer lawfully instructs deletion
- Applicable law requires earlier destruction
10. Automated Processing and Human Review
Hypersign may use automated systems to review document integrity, liveness, face match, fraud indicators, and other verification signals. Some sessions may also be routed for human review, quality assurance, or escalation depending on the Customer's workflow and risk configuration.
Except where a specific service states otherwise, the Customer remains responsible for how it uses the verification result in its own business decision-making. Hypersign's results are for informational purposes and support — not replace — the Customer's decisions.
11. Your Rights and How to Exercise Them
If you want to access, correct, delete, restrict, object to, or otherwise exercise rights over data processed in a specific verification session, you should generally contact the Customer first. The Customer usually determines the main purpose of the verification and is the best point of contact for rights tied to that relationship.
If Hypersign receives a request directly in a processor context, Hypersign may forward or redirect it to the relevant Customer. If Hypersign acts as an independent controller for a limited processing purpose, you may also contact:
You may also lodge a complaint with a supervisory authority. Hypersign's lead supervisory authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) in Germany. You may also approach your local data-protection authority.
12. Security
Hypersign uses technical, organisational, and administrative safeguards designed to protect verification data, including sensitive and biometric data. These include:
Encryption
Data is encrypted at rest (AES-256) and in transit (TLS 1.3), with key management in a dedicated KMS.
Access Controls
Role-based access control and environment separation limit who can access personal and biometric data.
Monitoring & Testing
Continuous security monitoring and regular penetration testing are performed across all production systems.
Incident Response
A documented incident response programme ensures rapid detection, containment, and notification for any data breach.
Hypersign holds the following security certifications:
13. Children
Hypersign does not intend this notice to authorise the unlawful collection of children's data. If a verification flow is used for age-related or youth-related checks, the Customer must ensure a lawful basis, appropriate notices, and any required parental or guardian permissions are in place before the flow begins.
14. Changes to This Notice
Hypersign may update this Verification Privacy Notice from time to time to reflect legal, operational, or product changes. When we do, we will update the effective date at the top of this notice. We encourage you to review this notice periodically. Material changes that affect your rights will be communicated via the Customer or through the verification interface.
15. Contact
If you have questions about this notice or how Hypersign processes your data in a verification context, reach the right team directly:
Privacy Enquiries
privacy@hypermine.de
→General Contact
hello@hypermine.de
→Data Protection Officer
dpo@hypermine.de
→Security
security@hypermine.de
→Hypersign's lead supervisory authority is the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit — BfDI), Germany. Website: bfdi.bund.de. You also have the right to lodge a complaint with the supervisory authority in your country of habitual residence.