User Acknowledgement Policy

Last updated October 17, 2025

By clicking the confirmation button, I hereby voluntarily, explicitly, and knowingly provide my consent for the collection and processing of my personal data, including biometric data, by the following parties:

  • (i)

    Compligate LTD (hereinafter referred to as "Kycaid" or the "Service Provider");

  • (ii)

    The company on whose behalf my identity verification is being conducted and with which I intend to establish a business relationship (hereinafter referred to as the "Company"), which utilizes the services of the Service Provider for the aforementioned data collection and processing. This consent is granted for the purposes specified herein. The identity and contact details of Kycaid are available in the Privacy Policy.

1. Identification and Biometric Data

My name and other identifying details required for obtaining this consent will be established during the processing of my personal data carried out pursuant to this consent. I hereby agree and provide my voluntary, unequivocal, and informed consent for the processing of my biometric information, which includes facial features and facial scans.

2. Categories of Personal Data Processed

The consent granted herein applies to the processing of the following categories of personal data:

  • General personal data: full name, gender, personal identification code/number, date of birth, legal capacity, nationality and citizenship, location (street, city, country, postcode);
  • Facial image data: photographs of a face (including selfies), photos or scans of a face from an identity document, video recordings, and audio recordings;
  • Biometric data: facial scan(s);
  • Identity document data: document type, issuing country, document number, expiry date, Machine Readable Zone (MRZ) data, information embedded in document barcodes, security features;
  • Banking details: cardholder name, card expiry date, first 6 and last 4 digits of the card number, data from documents provided as proof of source of funds/wealth;
  • Contact details: address, email address, phone number, IP address;
  • Technical data: date, time, and activity logs within the Services; IP address and domain name; software and hardware attributes (e.g., camera model); general geographic location (e.g., city, country);
  • A unique identifier (Applicant ID) generated solely to associate the Data Subject with their data within the system;
  • Relevant publicly available data: information regarding Politically Exposed Person (PEP) status or inclusion in sanctions lists;
  • Personal data received by the Service Provider from the Company, such as contact details.

3. Scope of Processing and Liveness Check

I acknowledge that the specific types of data processed may vary based on the Company's requirements. I further acknowledge and agree that my facial images are processed to verify liveness and/or to confirm that the presented identity document belongs to me, its legitimate holder.

4. Purposes of Processing

I acknowledge and agree that the processing is conducted for the Company's purposes, including compliance with applicable Anti-Money Laundering/Counter-Financing of Terrorism (AML/CFT), anti-fraud legislation, age restriction laws, and other relevant regulations, as well as the Company's customer due diligence procedures. Processing will also be carried out for the Service Provider's compatible legitimate business interests, such as service development, fraud and crime prevention, litigation holds, and fulfilling statutory obligations, as detailed in the Privacy Policy. The personal data processed by the Service Provider for its own purposes includes biometric data, as listed in Section 2.

5. Delegation of Processing

5.1. I acknowledge that the Company, whose details I am aware of, is the controller of my personal and biometric data. The Company is responsible for defining the purposes, means, and other essential elements of the processing.

5.2. I acknowledge that the Company may engage processors (e.g., the Service Provider) to handle my data where necessary for the stated purposes. Data may be disclosed to entities affiliated with the Service Provider to achieve the processing objectives under this Consent. The Service Provider stores biometric information in cloud infrastructure such as AWS Amazon or Google Cloud, as stipulated by the Company's data storage requirements.

5.3. I acknowledge that my data may be disclosed to the Service Provider's affiliated entities. The Service Provider guarantees that such entities implement appropriate technical and organizational measures to ensure data security.

6. Data Processing Methods

I acknowledge and agree that my personal and biometric data will be processed using automated methods, including text extraction, authenticity/validity verification, and other automated analysis of document images. This includes automated reading and verification for liveness checks, video identification, biometric authentication, face matching, duplicate identity detection, and the development of fraud prevention systems, as elaborated in the Privacy Policy. Biometric processing methods include:

  • Identity Verification: Kycaid may process biometrics to assess the likelihood of a match between facial images, depending on the client's service choice. This involves extracting facial features from identity documents and submitted images for comparison. Biometric information is stored as instructed by our client.
  • Liveness and Fraud Detection: Clients may request liveness checks to ensure the user is genuine and present. Kycaid's Liveness check analyzes user actions and facial features to detect spoofing attempts, such as the use of static images, masks, or deepfakes.
  • Duplicate Identity Check: The Service Provider may check if a user has previously been verified for the same client by comparing facial images against its database.
  • Biometric Authentication: For authentication purposes, a new liveness facial image is compared against previously stored biometric templates of the user.

7. Data Cross-Checking, Activities, and Transfers

My personal data may be cross-checked against various databases, including international PEPs, Sanctions, and other watchlists, as well as adverse media sources.
This consent covers the following processing activities: collection, recording, storage, alteration, consultation, use, disclosure, transfer (including cross-border), combination, restriction, erasure, and destruction.
Any transfer of personal data outside the EEA is governed by appropriate safeguards, such as EU adequacy decisions or Standard Contractual Clauses. Transfers from the UK to EU/EEA are permitted under UK regulations.

8. Data Subject Rights

I confirm that I have been informed of my right to:

  • withdraw this consent to personally identifiable information processing;
  • access and adjust my personally identifiable information;
  • make a justified demand in writing to suspend the processing of my personally identifiable information due to a particular reason;
  • object to the processing of my personally identifiable information;
  • object to being subject to a decision based solely on automated processing/profiling;
  • make a justified demand in writing to erase my personally identifiable information subject to applicable laws and regulations.

9. Exercising Rights and Complaints

I may exercise these rights by contacting the Company directly or the Service Provider at [email protected]. Certain rights may be limited by statutory obligations imposed on the Company or the Service Provider.
I acknowledge my right to lodge a complaint with a supervisory authority. For complaints related to Kycaid's processing, please refer to the procedures outlined in the Privacy Policy.

10. Data Retention

I acknowledge that my personal data will be retained by the Company and the Service Provider in accordance with the Company's instructions and applicable laws. Data will be permanently destroyed upon expiration of the retention period. Where the Service Provider processes data for its own compatible purposes or under legal obligation, personal data (including biometrics) will be destroyed upon fulfillment of the purpose or after a specified period (e.g., 1 year for Texas residents, 3 years for Illinois residents, or 5 years from data provision, whichever comes first), as detailed in the Service Provider's Privacy Policy.

11. Final Confirms

I confirm that I have carefully read and fully understood all the provisions above and provide my voluntary and unequivocal agreement to them.

The website uses cookies

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.

Privacy Preference Center

We use cookies to improve the functionality of our site, while personalizing content and ads. You can enable or disable optional cookies as desired. For more detailed information about the cookies we use, see our Cookie Policy

Menage cookies