Login
Sign up

ComplyCube for Business Privacy Policy

Updated on January 12, 2026

This ComplyCube for Business Privacy Policy (“Policy”) explains how ComplyCube (as defined below) collects, uses, discloses, and otherwise processes information when you use the ComplyCube for Business application (the “App”) in connection with identity verification, Know Your Customer (“KYC”), Anti-Money Laundering (“AML”), sanctions screening, fraud prevention, and related compliance workflows (the “Services”).

Key role clarification: The App is activated using a Client API key. The organisation that asks you to complete a verification check using this App (the “Client”) is the data controller for personal data processed in connection with that check. ComplyCube acts as a data processor/service provider and processes personal data only on the Client’s documented instructions.

1. DEFINITIONS

  • “Client” means the organisation (e.g., business, bank, fintech, marketplace, employer, or other entity) that provides you with access to the App or requests that you complete a verification check.
  • “Client Data” means personal data and other information that the Client (or you on the Client’s behalf) submits to the Services for processing as part of KYC/AML or related workflows.
  • “ComplyCube,” “we,” “us,” “our” means TEEMO TECHNOLOGY LTD (trading as ComplyCube), Company No. 12392069, registered address: Crown House, 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom.
  • “Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual, including “personal information” as defined by certain U.S. state laws.
  • “Sensitive Personal Data / Sensitive Personal Information” includes, where applicable, biometric information and other categories treated as sensitive under GDPR/UK GDPR and/or U.S. state privacy laws.

2. SCOPE AND WHO THIS POLICY APPLIES TO

This Policy applies to personal data processed through the App in connection with verification checks initiated by a Client. This Policy does not replace or override the Client’s privacy policy. The Client is responsible for providing you with appropriate notices about its processing activities and for determining the lawful basis for processing.

3. CONTROLLER/PROCESSOR AND SERVICE PROVIDER STATUS

For verification checks, the Client is the Data Controller (or “Business” under certain U.S. laws). ComplyCube processes Client Data as:

  • a Data Processor (GDPR/UK GDPR terminology), and/or
  • a Service Provider/Processor (CCPA/CPRA terminology),

and will not use Client Data for purposes other than providing the Services, improving security, preventing fraud, complying with law, and other purposes permitted under applicable processor/service-provider frameworks and our agreements with Clients.

4. PERSONAL DATA WE PROCESS THROUGH THE APP

Depending on the workflow chosen by the Client, we may collect and process the following categories of Personal Data:

4.1 Identity and Contact Data

  • Name
  • Date of birth
  • Residential address
  • Email address
  • Telephone/mobile number
  • Nationality and/or residency status (where required)

4.2 Identity Document Data

  • Images of identity documents (e.g., passport, national ID card, residence permit, driver’s licence)
  • Document number, expiry date, issuing authority
  • Machine Readable Zone (MRZ) data
  • Barcode data (where applicable)
  • NFC chip data and associated security checks (where supported and enabled by the Client)

4.3 Biometric Data (Sensitive / Special Category)

  • Selfie images and/or video captured for liveness detection
  • Facial geometry templates (biometric identifiers) derived from images/video for face matching and liveness purposes

4.4 Device, Network, and Technical Data

  • IP address
  • Device model, manufacturer
  • Operating system and version
  • App version
  • Device identifiers and device signals (e.g., device ID, advertising identifier where applicable and permitted, integrity signals)
  • Language/locale, time zone
  • Network and connection metadata

4.5 Verification, Security, and Fraud-Prevention Data

  • Verification attempt timestamps
  • Session and audit logs
  • Fraud signals, risk indicators, and integrity checks
  • Approximate location derived from IP address (not precise GPS, unless explicitly enabled by the Client and you grant permission)

4.6 Communications and Support Data

  • Support requests and correspondence with ComplyCube (if you contact us directly)
  • Technical diagnostics shared to troubleshoot issues

4.7 One-Time Passcodes (OTP)

Where enabled by the Client, we may send functional, non-marketing OTP messages to facilitate authentication in the Client’s workflow. Standard messaging rates may apply.

5. HOW THE APP USES PERMISSIONS (iOS & ANDROID)

The App may request access to the following device features:

  • Camera: to capture identity documents and facial images/video for verification and liveness detection.
  • Microphone (optional): if the Client enables video liveness that requires audio.
  • Local storage (limited): temporary storage/processing of captured images/video prior to secure transmission. Upload from device
  • Network access: to transmit verification data securely and retrieve workflow instructions/results.

Permissions are used solely for providing the Services. You can manage permissions in your device settings; however, disabling certain permissions may prevent the verification workflow from completing.

6. PURPOSES OF PROCESSING

ComplyCube processes personal data through the App strictly to provide the Services on behalf of the Client. Typical purposes include:

  • Identity verification and document authenticity checks
  • Biometric liveness detection and face matching
  • Fraud detection and prevention, risk assessment, and platform security
  • Audit logging and compliance recordkeeping (as instructed by the Client and/or required by law)
  • Customer support, troubleshooting, and incident response
  • Service reliability, performance monitoring, and security improvements

ComplyCube does not use Client Data for advertising or for selling personal data.

7. LEGAL BASES (GDPR/UK GDPR)

The Client is responsible for determining and communicating the lawful basis for processing under GDPR/UK GDPR. Depending on the workflow and jurisdiction, lawful bases may include:

  • performance of a contract
  • compliance with a legal obligation
  • legitimate interests (e.g., fraud prevention, security)
  • consent, including explicit consent where required for biometric processing

Where biometric data constitutes special category data, processing is typically based on explicit consent (Article 9(2)(a) GDPR/UK GDPR) or another applicable exception determined by the Client.

8. DISCLOSURE OF PERSONAL DATA

We may disclose personal data as follows:

  • To the Client: the organisation that requested the verification and is the data controller/business.
  • To Subprocessors/Service Providers: trusted vendors that support hosting, infrastructure, security, fraud prevention, analytics limited to operational performance, and related services. They are bound by contractual confidentiality and data protection obligations.
  • For legal reasons: to comply with applicable laws, lawful requests, court orders, or to protect rights, safety, and security.
  • Corporate transactions: in connection with a merger, acquisition, financing, reorganisation, insolvency, or sale of assets, subject to appropriate confidentiality and data protection safeguards.

We do not sell Client Data. We do not share Client Data for cross-context behavioural advertising.

9. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the UK/EEA, we use appropriate safeguards such as Standard Contractual Clauses and/or other lawful transfer mechanisms, and we require subprocessors to implement appropriate security measures.

10. DATA RETENTION

Retention is determined by the Client and applicable legal requirements. ComplyCube retains personal data only:

  • for as long as necessary to provide the Services and maintain audit/security records,
  • as instructed by the Client, and
  • as required or permitted by law (e.g., to resolve disputes, enforce agreements, or comply with legal obligations).

11. YOUR RIGHTS (GDPR/UK GDPR AND OTHER REGIONS)

Subject to applicable law, you may have rights such as access, correction, deletion, restriction, objection, portability, and withdrawal of consent.

Because ComplyCube acts as a processor/service provider for verification checks, requests relating to Client Data should be directed to the Client that initiated the verification. If you contact ComplyCube, we may refer your request to the Client or assist the Client in fulfilling the request as required by law.

12. U.S. STATE PRIVACY NOTICE (INCLUDING CALIFORNIA CCPA/CPRA)

This section applies to residents of certain U.S. states with privacy laws, including California (CCPA as amended by CPRA). For verification checks, the Client is typically the “Business” and ComplyCube is a “Service Provider”/“Processor” with respect to Client Data.

12.1 Categories of Personal Information Collected

Within the past 12 months, personal information processed through the App may include:

  • Identifiers: name, email, phone number, IP address, device identifiers
  • Customer Records: address, date of birth, identity document details
  • Biometric Information (Sensitive): facial images and biometric templates for face matching and liveness
  • Internet/Network Activity: app usage logs, technical events, session identifiers
  • Geolocation Data: approximate location derived from IP address (unless otherwise enabled)
  • Sensitive Personal Information: biometric information, and identity document data (where treated as sensitive under applicable law)

12.2 Purposes of Collection/Use

  • To provide identity verification and compliance screening services to the Client
  • To maintain security, prevent fraud, debug, and perform quality assurance
  • To comply with legal obligations and enforce our agreements

12.3 Sale/Sharing of Personal Information

ComplyCube does not “sell” personal information and does not “share” personal information for cross-context behavioural advertising, as those terms are defined under CCPA/CPRA.

12.4 Disclosure of Personal Information

We may disclose personal information to:

  • the Client (Business) that requested the verification,
  • service providers/subprocessors that assist in delivering the Services, and
  • authorities or other parties where required by law or permitted under CCPA/CPRA.

12.5 Consumer Rights

Depending on your state, you may have rights such as:

  • Right to know/access
  • Right to delete
  • Right to correct
  • Right to data portability
  • Right to opt out of sale/sharing (where applicable)
  • Right to limit use and disclosure of sensitive personal information (where applicable)
  • Right to non-discrimination for exercising privacy rights

Because the Client is the Business/Controller for verification checks, you should submit requests to the Client in the first instance. If you submit a request to ComplyCube, we may redirect it to the Client or process it as a service provider as permitted by law.

12.6 Authorized Agents (California)

California residents may use an authorized agent to submit requests. We (or the Client) may require verification of the agent’s authority and your identity.

13. CHILDREN

The App is not intended for use by individuals under 18 unless the Client explicitly authorises such use and it is permitted by applicable law.

14. CHANGES TO THIS POLICY

We may update this Policy from time to time. The “Last Updated” date indicates when this Policy was last revised. Where required by law, we will provide additional notice of material changes.

15. CONTACT US

If you have questions about this Policy or ComplyCube’s privacy practices:

  • Email: privacy@complycube.com
  • Data Protection Officer: dpo@complycube.com

BIOMETRIC CONSENT NOTICE (APP)

This Biometric Consent Notice explains how biometric data may be collected and used when you complete an identity verification workflow in the App.

1. WHAT BIOMETRIC DATA MAY BE PROCESSED

Depending on the workflow, the App may capture a selfie image and/or a short video of your face for liveness detection. From this, biometric identifiers (such as facial geometry templates) may be created to compare your face to the photo on your identity document and to confirm you are a live person.

2. PURPOSE OF BIOMETRIC PROCESSING

  • To verify your identity
  • To perform face matching between your selfie and identity document
  • To perform liveness detection and detect spoofing attempts
  • To prevent fraud and protect the security of the verification process

3. EXPLICIT CONSENT

By proceeding with the biometric step in the App and following the on-screen instructions, you provide your explicit consent to the processing of your biometric data for the purposes described above, where such consent is required by applicable law (including Article 9(2)(a) GDPR/UK GDPR).

4. WHO RECEIVES BIOMETRIC DATA

Biometric data is processed on behalf of the Client that requested your verification. The Client is the data controller/business. ComplyCube acts as a data processor/service provider. Biometric data may be disclosed to the Client and to ComplyCube’s authorised subprocessors strictly as necessary to deliver the verification workflow, and subject to contractual safeguards.

5. RETENTION

Retention of biometric data is determined by the Client based on regulatory requirements and the Client’s policies. ComplyCube retains biometric data only for as long as instructed by the Client and as permitted/required by law.

6. WITHDRAWING CONSENT

You may withdraw consent by discontinuing the verification process or by contacting the Client that requested the verification. Please note that withdrawing consent may prevent completion of the verification check requested by the Client.

7. QUESTIONS

For questions about why biometric processing is required for your verification, contact the Client that asked you to complete the check. You may also contact ComplyCube at privacy@complycube.com.