Privacy Policy¶
Last Updated: December 2024
This Privacy Policy describes how Circuit KYC Network ("Circuit," "we," "us," "our") collects, uses, and protects information through our services.
1. Introduction¶
Circuit KYC Network provides identity verification infrastructure for banks and fintechs. This policy covers:
- Partner Data: Information about businesses using our API
- End User Data: Information about individuals verified through our services
- Website Visitors: Information collected via our website
2. Information We Collect¶
2.1 Partner Account Information¶
When you register, we collect: - Company name and legal entity information - Contact details (email, phone, address) - Billing information - Tax identification numbers - Business registration documents
2.2 End User Data (Submitted by Partners)¶
Partners may submit: - Full name - Email address - Phone number - Date of birth - Government ID information - Address information - Verification status
Important: We use blind indexing to store End User PII. Raw personal data is hashed immediately upon receipt and cannot be reversed.
2.3 Automatically Collected Information¶
- API usage logs (endpoints called, response times)
- IP addresses
- Device and browser information
- Cookies and similar technologies
3. How We Use Information¶
3.1 Partner Data¶
- Provide and maintain services
- Process payments
- Send service communications
- Comply with legal obligations
- Prevent fraud and abuse
3.2 End User Data¶
- Perform identity verification matching
- Enable cross-network KYC sharing
- Detect fraud patterns
- Maintain audit logs for compliance
3.3 Analytics¶
- Improve service performance
- Develop new features
- Generate aggregated insights (never individual-level)
4. Legal Basis for Processing (GDPR)¶
| Purpose | Legal Basis |
|---|---|
| Provide services | Contract performance |
| Process payments | Contract performance |
| Prevent fraud | Legitimate interest |
| Comply with law | Legal obligation |
| Marketing (opt-in) | Consent |
5. Data Sharing¶
5.1 Network Sharing¶
The core purpose of Circuit is sharing verified identity data across the network:
- Partners can query if an individual has been verified
- No raw PII is shared—only verification status
- Partners only see data they have legitimate need for
5.2 Service Providers¶
We share data with: - Cloud infrastructure providers (AWS, Supabase) - Payment processors (Stripe) - Analytics tools (aggregated data only)
5.3 Legal Requirements¶
We may disclose data: - To comply with legal process - To protect our rights - In connection with a merger or acquisition
6. Data Security¶
We implement:
- Encryption in transit: TLS 1.3 for all connections
- Encryption at rest: AES-256 for stored data
- Blind indexing: PII hashed with HMAC-SHA256
- Access controls: Role-based permissions
- Audit logging: Immutable access records
- Regular testing: Penetration testing and security audits
7. Data Retention¶
| Data Type | Retention Period |
|---|---|
| Partner account data | Duration of relationship + 7 years |
| API usage logs | 90 days |
| Audit logs | 7 years |
| End User data (hashed) | Until deletion requested |
| Billing records | 7 years |
8. Your Rights (GDPR/CCPA)¶
8.1 For Partners¶
You have the right to: - Access your data - Correct inaccurate data - Delete your account - Export your data - Object to processing - Withdraw consent
8.2 For End Users¶
End Users should contact the Partner who collected their data. Partners can use our API to: - Check what data exists for a user - Request deletion (Right to be Forgotten)
9. International Transfers¶
We process data primarily in the United States. For EU data: - We rely on Standard Contractual Clauses - Additional safeguards are detailed in our DPA
10. Cookies¶
We use:
| Cookie Type | Purpose |
|---|---|
| Essential | Authentication, security |
| Analytics | Usage patterns (anonymized) |
| Preferences | Dashboard settings |
You can manage cookies in your browser settings.
11. Children's Privacy¶
Our services are not directed to individuals under 18. We do not knowingly collect data from children.
12. Changes to This Policy¶
We may update this policy. Material changes will be communicated via email or dashboard notification.
13. Contact Us¶
Data Protection Officer: - Email: privacy@circuitkyc.com
EU Representative: - [To be appointed if required]
General Inquiries: - Email: support@circuitkyc.com
14. Supervisory Authority¶
EU residents may lodge complaints with their local data protection authority.
For the most current version, visit circuitkyc.com/privacy