ComplyCube combines identity assurance, privacy, security, and compliance into a single platform designed for regulated industries. Backed by internationally recognized certifications and trust frameworks, we help organizations reduce risk, protect customer data, strengthen customer onboarding, and meet regulatory requirements across global markets with confidence.
Ensure adherence to regulations effortlessly with our multi-certified range of compliance solutions.
Safeguard user information with stringent privacy measures and transparent data practices.
Experience peace of mind with ComplyCube’s stringent security measures and advanced data protection practices.
ComplyCube’s commitment to excellence is reinforced by certifications from multiple esteemed bodies. Our Trust Center emphasizes our dedication to top-tier data security and privacy.
Information and Privacy Protection
The world’s most widely recognised standard for Information Security Management Systems (ISMS), our certification to this standard recognizes the robustness of our controls regarding the security of your data.
Quality Management Systems
This globally recognized standard for quality management demonstrates our focus on constantly adapting to meet evolving customer needs and fostering a culture of continuous improvement and excellence.
CYBER THREAT PROTECTION
In a world where organizations face increasing risks from cyber attacks, certification to this UK Government-backed Cyber Essentials scheme demonstrates ComplyCube’s commitment to protecting against such threats.
Certified Identity Service Provider
The United Kingdom’s Digital Identity and Attributes Trust Framework outlines best practices and requirements for digital identity providers to meet stringent technical and security standards and protect users’ privacy and data. By adhering to the DIATF, ComplyCube is certified as a UK Identity Service Provider (IDSP).
PRESENTATION ATTACK DETECTION
ComplyCube’s PAD Level 2 face-matching and liveness detection system was tested to assess its reliability in positively identifying spoofed and genuine presentations. The system successfully met the threshold requirements and passed the standards-based test.
Certified Identity Service Provider
ComplyCube was independently certified by the Age Check Certification Scheme (ACCS) to ACCS 4:2020 for Age Check Systems and ACCS 2:2021 for Data Protection and Privacy, incorporating PAS 1296:2018, with zero non-conformities. This underscores ComplyCube’s commitment to protecting minors online across various sectors.
ComplyCube adheres to international privacy laws, including the UK GDPR, EU GDPR and US Data Privacy laws such as the CCPA. This ensure the privacy and security of our customers’ data. We continue to monitor and improve our processes, controls and privacy frameworks on an ongoing basis. For more information, please see our Privacy Policy.
ComplyCube’s policies, procedures, and controls for processing EU residents’ personal data fully comply with EU GDPR requirements. Annual external and internal evaluations ensure ongoing compliance.
ComplyCube has embedded UK GDPR and DPA 2018 requirements throughout its data protection framework. Regular internal and external assessments help ensure ongoing compliance with UK data protection standards.
ComplyCube has been independently audited and certified to meet ACCS 2:2021 Data Protection and Privacy requirements, approved by the ICO under Articles 57(1)(n) and 58(3)(f) pursuant to Article 42(5) of the UK GDPR.
The digital age necessitates stringent security and privacy measures. Every byte of data is valuable, and every interaction must be safeguarded. At ComplyCube, our proprietary technology is designed with this principle at its core, providing unmatched security to our customers. Our commitment to building trust starts with a steadfast dedication to privacy, security, and quality in all aspects of our organization.
ComplyCube has clearly defined security principles, policies, and procedures, which management approves before being communicated and agreed to by employees. Separate information security roles and responsibilities ensure duties are distributed across all security domains.
ComplyCube has clearly defined security principles, policies, and procedures, which management approves before being communicated and agreed to by employees. Separate information security roles and responsibilities ensure duties are distributed across all security domains.
Access to the code repository is managed via an Identity Provider with SSH key authentication. Every code commit triggers automated testing through Continuous Integration (CI), alerting the team to issues like build failures or security vulnerabilities. Releases require explicit initiation by a senior staff member and must pass pre- and post-deployment checks. Rollbacks to specific infrastructure versions can be performed at any time.
ComplyCube’s platform is firmly anchored in Cloud-Native methodologies, adopting industry-leading standards and recommendations, including NIST, DSOMM, CIS Benchmarks, and OWASP. Deployments are released into a dedicated serverless environment, which is protected by multiple layers of security, including Network Firewalls, Web Application Firewalls, and Virtual Private Clouds (VPCs).
ComplyCube’s cloud-first services can be built and deployed to multiple targeted availability zones (AZs) for additional redundancy, resiliency, and improved disaster recovery. ComplyCube uses Amazon Web Services, Inc. (AWS) to host databases, applications, Application Programming Interfaces (APIs), and internal tools.
ComplyCube does not store data on its premises and has no technical dependency on office networks or locations. Production data is backed up daily, with backups encrypted, stored redundantly across multiple Availability Zones, and secured by our cloud service provider.
ComplyCube encrypts data following industry-accepted encryption standards while at rest and in transit to ensure effective protection against unauthorized or unlawful processing. All web traffic through the ComplyCube website is encrypted via HTTPS and every request to the platform goes over a secure TLS channel. Stored data is encrypted using AES-256 encryption.
Our platform supports Single Sign-On (SSO), allowing customers to use their existing Identity Provider when logging in. Each request made by an authenticated user undergoes verification against an active session. User sessions are securely maintained within a host cookie exclusive to our platform’s domain.
The platform supports the use of multiple roles and access rights to ease access management and least privilege. Members can be assigned specific access rights according to their roles.
All employee platform access is also granted on a “least required access‘“ principle, and access rights are reviewed at regular intervals.
The platform supports the use of multiple roles and access rights to ease access management and least privilege. Members can be assigned specific access rights according to their roles.
All employee platform access is also granted on a “least required access‘“ principle, and access rights are reviewed at regular intervals.
ComplyCube is certified to the UK Digital Identity and Attributes Trust Framework (DIATF) and compliant with both eIDAS in Europe and NIST standards in the US, ensuring the highest levels of identity assurance and cross-border compliance.
Leveraging the EU-US Digital Identity Mapping Exercise, ComplyCube’s certified DIATF Levels of Confidence (LoC) can be mapped to the Levels of Assurance (LoA) in Europe and Identity Assurance Levels (IAL) in the US.
This alignment demonstrates ComplyCube’s ability to meet the stringent requirements of Very High LoC under DIATF, High LoA under eIDAS, and IAL2 under NIST, providing robust, secure, and interoperable identity verification solutions that facilitate cross-border business and consumer relationships and transactions.
We have established a Quality Governance Structure to ensure adherence to ISO standards and to continually maintain and enhance the performance of our management system.
We are dedicated to providing industry-leading services by continuously assessing and improving our processes while fostering a culture of respect, innovation, and stewardship.
From their first day, all employees undergo comprehensive GDPR, CCPA, and Information Security Awareness training, which is continuously updated to keep their knowledge current and effective.
SECURITY & COMPLIANCE TRUST CENTER
For detailed insights into ComplyCube’s commitment to security and compliance, visit our Trust Centre. Explore our robust measures and ongoing initiatives to maintain the highest standards of data protection and regulatory adherence.
Our screening capability offers comprehensive coverage of sanctioned individuals and companies, as well as Politically Exposed Persons (PEPs).
Deliver outstanding customer experiences by confidently and accurately verifying your global customers’ locations in seconds.
Instantly confirm customer details like name, address, date of birth, and social security numbers against trusted sources, minimizing user friction.
Identity assurance refers to the degree of confidence that an individual is genuinely who they claim to be. It helps organizations determine whether identity verification processes are appropriate for the level of risk involved and supports trusted digital interactions.
Strong identity assurance reduces the risk of fraud, impersonation, and identity misuse while helping organizations meet regulatory and customer due diligence requirements. ComplyCube supports multiple internationally recognized identity assurance frameworks, enabling organizations to build trusted onboarding journeys while maintaining security, compliance, and user experience across global markets.
Identity assurance levels measure the degree of confidence that a verified identity genuinely belongs to the person claiming it. They help organizations determine whether identity verification processes are appropriate for the level of risk involved.
Higher assurance levels typically require more rigorous verification checks and provide greater protection against fraud, impersonation, and identity misuse. While terminology varies across jurisdictions, the concept is similar. The UK Digital Identity and Attributes Trust Framework (DIATF) uses Levels of Confidence (LoC), Europe’s eIDAS framework uses Levels of Assurance (LoA), and the United States NIST framework uses Identity Assurance Levels (IAL).
By aligning with recognized assurance frameworks, organizations can strengthen customer onboarding, support customer due diligence requirements, reduce fraud risk, and meet regulatory expectations across different markets and jurisdictions.
ComplyCube aligns with internationally recognized identity assurance frameworks, including the UK Digital Identity and Attributes Trust Framework (DIATF), eIDAS assurance requirements in Europe, and NIST identity assurance standards in the United States.
This enables organizations to deploy identity verification processes with confidence across multiple jurisdictions while maintaining consistent levels of trust, security, and compliance. ComplyCube’s certified identity verification capabilities help organizations satisfy regional requirements without the complexity of managing different providers for different markets.
A Certified Identity Service Provider (IDSP) is an organization that has demonstrated compliance with recognized digital identity standards and trust frameworks for securely verifying identities.
ComplyCube is certified under the UK Digital Identity and Attributes Trust Framework (DIATF) across all Levels of Confidence and supports 23 certified profiles. This places ComplyCube among a select group of providers capable of supporting specialized use cases such as Right to Work, Right to Rent, and Disclosure and Barring Service (DBS) checks, while delivering high levels of identity assurance, security, and compliance.
ComplyCube aligns with recognized identity assurance frameworks across multiple jurisdictions, including DIATF in the UK, eIDAS in Europe, and NIST standards in the United States. This enables organizations to implement identity verification processes that meet local expectations while maintaining a consistent global onboarding experience.
ComplyCube’s approach is supported by internationally recognized security, privacy, and quality certifications, helping organizations safeguard customer data, meet regulatory obligations, and support digital identity compliance requirements across different regions. This allows businesses to scale internationally without compromising trust, security, or compliance.
Privacy and data protection are embedded throughout ComplyCube’s platform, operational processes, and governance framework. ComplyCube adheres to international privacy requirements, including UK GDPR, EU GDPR, and applicable U.S. privacy regulations, while maintaining independently audited controls and certifications.
The company combines privacy-focused practices with robust security controls, employee training, documented policies, and continuous compliance monitoring. This helps organizations protect customer data, support regulatory obligations, and maintain trust throughout the identity verification process.
Independent certifications provide objective evidence that an identity verification provider has been assessed against recognized standards for security, privacy, quality, and identity assurance. They help organizations perform vendor due diligence and reduce the risk associated with selecting a critical compliance partner.
ComplyCube maintains certifications and independent validations including, but not limited to, ISO/IEC 27001, ISO 9001, Cyber Essentials, UK DIATF certification, ISO/IEC 30107-3 testing, and ACCS certifications. These credentials demonstrate ComplyCube’s commitment to maintaining high standards across security, privacy, operational excellence, and digital identity assurance.
Regulated organizations choose ComplyCube because it combines identity verification, compliance, fraud prevention, and identity assurance capabilities within a single platform backed by internationally recognized standards and certifications.
By aligning with frameworks such as DIATF, eIDAS, and NIST, while maintaining strong privacy, security, and quality credentials, ComplyCube helps organizations onboard customers with confidence, reduce fraud, support regulatory compliance, and scale across multiple jurisdictions. This combination of trust, compliance, and global capability makes ComplyCube a preferred partner for organizations operating in highly regulated industries.
