Security & Compliance Center

ComplyCube is on a mission to build trust at scale. This commitment transcends security & compliance, embedding excellence into the very fabric of our technology and organizational ethos. Our Compliance Center and Trust Center are integral to ensuring we uphold the highest standards in all our operations.

ComplyCube Security & Compliance Center | Trust Center
icon showing a certified badge

Robust Compliance

Ensure adherence to regulations effortlessly with our multi-certified range of compliance solutions.

Icon with a number of human silhouettes

Enhanced Privacy

Safeguard user information with stringent privacy measures and transparent data practices.

icon showing a defensive shield

State-of-the-art Security

Experience peace of mind with ComplyCube’s stringent security measures and advanced data protection practices.

Compliance & Certifications

ComplyCube’s commitment to excellence is reinforced by certifications from multiple esteemed bodies. Our Trust Center emphasizes our dedication to top-tier data security and privacy.

Compliance & Certifications

ComplyCube is on a mission to build trust at scale. This commitment transcends security & compliance, embedding excellence into the very fabric of our technology and organizational ethos. Our Compliance Center and Trust Center are integral to ensuring we uphold the highest standards in all our operations.

Information and Privacy Protection

ISO/IEC 27001:2022

The world’s most widely recognised standard for Information Security Management Systems (ISMS), our certification to this standard recognizes the robustness of our controls regarding the security of your data.

ComplyCube is ISO 23001 Certified
ComplyCube is ISO 9001:2015 certified

Quality Management Systems

ISO/IEC 9001:2015

This globally recognized standard for quality management demonstrates our focus on constantly adapting to meet evolving customer needs and fostering a culture of continuous improvement and excellence.

CYBER THREAT PROTECTION

UK Cyber Essentials

In a world where organizations face increasing risks from cyber attacks, certification to this UK Government-backed Cyber Essentials scheme demonstrates ComplyCube’s commitment to protecting against such threats.

ComplyCube is Cyber Essentials Certified
UK DIATF for fraud checks and identity verification protection

Certified Identity Service Provider

UK DIATF

The United Kingdom’s Digital Identity and Attributes Trust Framework outlines best practices and requirements for digital identity providers to meet government-approved technical and security standards and protect users’ privacy and data. By adhering to the DIATF, ComplyCube is certified as a UK Government Identity Service Provider (IDSP).

PRESENTATION ATTACK DETECTION

ISO/IEC 30107-3

ComplyCube’s PAD Level 2 face-matching and liveness detection system was tested to assess its reliability in positively identifying spoofed and genuine presentations. The system successfully met the threshold requirements and passed the standards-based test.

ComplyCube is ISO/IEC 30107-3 (Penetration Attack Detection) Certified

Certified Identity Service Provider

ACCS 4:2020 Technical Requirements for Age Check Systems

ComplyCube was independently certified by the Age Check Certification Scheme (ACCS) to ACCS 4:2020 for Age Check Systems and ACCS 2:2021 for Data Protection and Privacy, incorporating PAS 1296:2018, with zero non-conformities. This underscores ComplyCube’s commitment to protecting minors online across various sectors.

Privacy-first Compliance

ComplyCube adheres to international privacy laws, including the UK GDPR, EU GDPR and US Data Privacy laws such as the CCPA. This ensure the privacy and security of our customers’ data. We continue to monitor and improve our processes, controls and privacy frameworks on an ongoing basis. For more information, please see our Privacy Policy.

EU GDPR Compliance

ComplyCube’s policies, procedures, and controls for processing EU residents’ personal data fully comply with EU GDPR requirements. Annual external and internal evaluations ensure ongoing compliance.

UK GDPR and DPA 2018 Compliance

ComplyCube has integrated UK GDPR and DPA 2018 requirements into its data protection framework and is registered with the Information Commissioner’s Office (ZA759515). Our compliance with UK data protection standards is evaluated annually. 

ACCS 2:2021 Technical Requirements for Data Protection and Privacy

ComplyCube has been independently audited and certified to meet ACCS 2:2021 Data Protection and Privacy requirements, approved by the ICO under Articles 57(1)(n) and 58(3)(f) pursuant to Article 42(5) of the UK GDPR.

ComplyCube Data Privacy Compliance with GDPR, UK GDPR, ACCS 2:2021 and more

Robust Security

The digital age necessitates stringent security and privacy measures. Every byte of data is valuable, and every interaction must be safeguarded. At ComplyCube, our proprietary technology is designed with this principle at its core, providing unmatched security to our customers. Our commitment to building trust starts with a steadfast dedication to privacy, security, and quality in all aspects of our organization.

Information Security Management

ComplyCube has clearly defined security principles, policies, and procedures, which management approves before being communicated and agreed to by employees. Separate information security roles and responsibilities ensure duties are distributed across all security domains.

ComplyCube has clearly defined security principles, policies, and procedures, which management approves before being communicated and agreed to by employees. Separate information security roles and responsibilities ensure duties are distributed across all security domains.

Access to the code repository is managed via an Identity Provider with SSH key authentication. Every code commit triggers automated testing through Continuous Integration (CI), alerting the team to issues like build failures or security vulnerabilities. Releases require explicit initiation by a senior staff member and must pass pre- and post-deployment checks. Rollbacks to specific infrastructure versions can be performed at any time.

ComplyCube’s platform is firmly anchored in Cloud-Native methodologies, adopting industry-leading standards and recommendations, including NIST, DSOMM, CIS Benchmarks, and OWASP. Deployments are released into a dedicated serverless environment, which is protected by multiple layers of security, including Network Firewalls, Web Application Firewalls, and Virtual Private Clouds (VPCs).

ComplyCube’s cloud-first services can be built and deployed to multiple targeted availability zones (AZs) for additional redundancy, resiliency, and improved disaster recovery. ComplyCube uses Amazon Web Services, Inc. (AWS) to host databases, applications, Application Programming Interfaces (APIs), and internal tools.

Data Storage and Backups

ComplyCube does not store any data on its premises and maintains no technical dependency on its office networks or locations. This enables ComplyCube to serve global customers with diverse storage and data localization requirements. Daily backups of all production data are performed, with all backups encrypted, stored redundantly across multiple Availability Zones (AZs), and secured by our cloud service provider.

ComplyCube encrypts data following industry-accepted encryption standards while at rest and in transit to ensure effective protection against unauthorized or unlawful processing. All web traffic through the ComplyCube website is encrypted via HTTPS and every request to the platform goes over a secure TLS channel. Stored data is encrypted using AES-256 encryption.

Our platform supports Single Sign-On (SSO), allowing customers to use their existing Identity Provider when logging in. Each request made by an authenticated user undergoes verification against an active session. User sessions are securely maintained within a host cookie exclusive to our platform’s domain.

The platform supports the use of multiple roles and access rights to ease access management and least privilege. Members can be assigned specific access rights according to their roles.

All employee platform access is also granted on a “least required access‘“ principle, and access rights are reviewed at regular intervals.

The platform supports the use of multiple roles and access rights to ease access management and least privilege. Members can be assigned specific access rights according to their roles.

All employee platform access is also granted on a “least required access‘“ principle, and access rights are reviewed at regular intervals.

Cross-border Compliance

ComplyCube is certified to the UK Digital Identity and Attributes Trust Framework (DIATF) and compliant with both eIDAS in Europe and NIST standards in the US, ensuring the highest levels of identity assurance and cross-border compliance. 

ComplyCube is certified to the UK Digital Identity and Attributes Trust Framework (DIATF) and compliant with both eIDAS in Europe and NIST standards in the US, ensuring the highest levels of identity assurance and cross-border compliance.

Leveraging the EU-US Digital Identity Mapping Exercise, ComplyCube’s certified DIATF Levels of Confidence (LoC) can be mapped to the Levels of Assurance (LoA) in Europe and Identity Assurance Levels (IAL) in the US.

This alignment demonstrates ComplyCube’s ability to meet the stringent requirements of Very High LoC under DIATF, High LoA under eIDAS, and IAL2 under NIST, providing robust, secure, and interoperable identity verification solutions that facilitate cross-border business and consumer relationships and transactions.

icon showing a seal of approval with a tick mark

Committed to Quality

We have established a Quality Governance Structure to ensure adherence to ISO standards and to continually maintain and enhance the performance of our management system.

Icon with a number of human silhouettes

Striving for Superior Service

We are dedicated to providing industry-leading services by continuously assessing and improving our processes while fostering a culture of respect, innovation, and stewardship.

icon showing account opening on a laptop

Security & Privacy Training

From their first day, all employees undergo comprehensive GDPR, CCPA, and Information Security Awareness training, which is continuously updated to keep their knowledge current and effective.

SECURITY & COMPLIANCE TRUST CENTER

ComplyCube Trust Center

For detailed insights into ComplyCube’s commitment to security and compliance, visit our Trust Centre. Explore our robust measures and ongoing initiatives to maintain the highest standards of data protection and regulatory adherence.

Illustration showing objects orbiting a cube

Explore our solutions

icon showing an official building

Sanctions & PEP screening

Our screening capability offers comprehensive coverage of sanctioned individuals and companies, as well as Politically Exposed Persons (PEPs).

Icon showing an an map location pin

Address Verification

Deliver outstanding customer experiences by confidently and accurately verifying your global customers’ locations in seconds.

Icon showing an official building

Multi-bureau checks

Instantly confirm customer details like name, address, date of birth, and social security numbers against trusted sources, minimizing user friction.

Frequently asked questions

A certified Identity Service Provider (IDSP) is an accredited organization that meets stringent standards for securely verifying identities. This certification ensures that the IDSP maintains high levels of security, accuracy, and compliance in handling sensitive personal information.

ComplyCube holds certifications across all levels of confidence under the DIATF, meeting 24 distinct profiles. With our government-certified products, we are uniquely equipped to offer specialized services such as Right-to-Rent, Right-to-Work, and Disclosure and Barring Service (DBS) checks.

PII data is categorised as “Confidential”, and special category PII, e.g. biometric data, is categorised as “Strictly Confidential”, which is subject to enhanced privacy protections. Such information is only accessed on a need-to-know basis and is stored and transmitted using the highest security measures available, including encryption, secure storage and restricted digital access controls.

ComplyCube ensures compliance with UK privacy laws, the Consumer Duty Act, and the GDPR through the appointment of a DPO, adherence and certification to local and internationally recognised standards (ISO 27001, UK DIATF, ACCS 2:2021 Technical Requirements for Data Protection and Privacy), and the implementation of Privacy-by-Design measures in product design and development.

Regulatory frameworks globally do not allow an organization to pass their obligatory AML and KYC compliance liabilities to an AML provider – instead, they remain directly accountable. Our services are designed to integrate seamlessly into AML frameworks, aiding in adopting a risk-based approach tailored to specific regulatory requirements. As a provider in this domain, we do not assume the liability obligations of our clients.

Yes, our DPR number is ZA759515.