Home » FAQ
Ensuring Trust, Transparency, and Compliance Across Global Privacy Regulations
At Valid.it, we understand that trust, transparency, and compliance are essential expectations from our customers. That’s why we have made it our core principle to safeguard data and process it with high level of care, security, and respect.
We recognize that leveraging advanced remote integrity assessments and AI-driven behavioral analysis has great potential for our clients, providing valuable insights and enhancing decision-making. However, we firmly believe that such innovation must be accompanied by responsible, ethical, and privacy-conscious data handling. Our commitment is to ensure that data is used safely, lawfully, and in compliance with global privacy regulations.
The following sections outline how we achieve this and maintain high standards in data privacy and security.
Valid.it aligns with the General Data Protection Regulation (GDPR) by ensuring that all personal data is processed lawfully, fairly, and transparently. As a Data Processor, we operate strictly under our customers’ instructions, implementing strong security measures and privacy-focused safeguards to help them meet compliance requirements.
To support GDPR compliance, our platform is designed around key GDPR principles such as, Fairness, Lawfulness, Transparency, Data Minimization and Storage Limitation.
Storage Limitation & Security Measures
At Valid.it, data security and privacy are our top priorities. We are committed to ensuring that data is stored securely, retained only for as long as necessary, and protected using industry-leading security measures.
Privacy laws such as the GDPR, PIPEDA and the Israeli Privacy Protection Law require that personal data be retained for no longer than necessary for its intended purpose. We recognize that minimizing data storage not only ensures legal compliance but also reduces security risks.
Our approach to data retention and minimization includes:
Valid.it was founded by security professionals with backgrounds in national security and intelligence agencies, bringing top-tier expertise in cybersecurity and risk management. We apply strict security frameworks to safeguard customer data and ensure compliance with global regulations. Our security measures include:
Accountability & Cross-Border Data Transfers
At Valid.it, we work with clients across the globe, spanning diverse industries and regulatory environments. We understand that compliance is not one-size-fits-all, which is why we goal to align with privacy and security standards worldwide. Our platform is designed to help businesses meet their legal and ethical requirements, ensuring that they can operate with confidence across multiple jurisdictions.
NY SHIELD Act (New York, USA) – Data Security & Breach Notification
PIPEDA (Canada) – Accountability & Data Minimization
POPIA (South Africa) – Purpose Limitation & Security Measures
Japan’s APPI (Act on Protection of Personal Information) – Consent Management
GDPR (EU & UK) – Comprehensive Privacy Compliance
At Valid.it, we are fully aware of our role and responsibilities in handling personal data and are committed to data processing limitations.
By maintaining strict processing limitations and adhering to customer instructions, we ensure that personal data is handled securely, responsibly, and in compliance. This dual-layered approach, we ensure that both our customers and their end-users benefit from high level of privacy protection. This also guarantees transparency regarding who processes their data and for what purposes.
At Valid.it, we implement industry-leading security measures to safeguard personal data and prevent unauthorized access, aligned with global regulations such as GDPR, NY SHIELD, PIPEDA, and POPIA. Our SOC 2 Type II certification demonstrates our ongoing commitment to security, availability, and confidentiality through rigorous, independent audits. Our approach includes:
No, Valid.it does not keep or store Personally Identifiable Information (PII). Our platform is designed with a privacy-by-design approach, ensuring that all assessments are conducted without gathering direct identifiers such as names, emails, phone numbers, or government-issued IDs from our end. Instead, the assessment process relies on randomly assigned identifiers that are used solely for processing. These random identifiers are automatically deleted after the evaluation is completed.
Additionally, Valid.it does not record, view, or store any video or audio from the assessment process. All video processing occurs locally on the end user’s device, and no raw footage or related data is ever transmitted to Valid.it’s servers.
This privacy-preserving methodology support compliance with GDPR and other global privacy regulations, reinforcing our commitment to data minimization and security.
Valid.it operates primarily as a Data Processor, meaning we process personal data on behalf of our customers, who act as the Data Controllers. As such, we do not handle direct requests from end users but provide the necessary tools and support for our customers to fulfill their compliance obligations under global privacy laws.
How We Help Customers Comply with Data Subject Requests
We offer functionalities that enable our customers to respond efficiently to requests from their end users, including:
Data Retention & Deletion Policies
At Valid.it, we are committed to ensuring that our assessments are fair, transparent, and free from discrimination. Our platform is designed with strong governance measures to support ethical AI and compliance with privacy and data protection laws.
First off, we take proactive and serious measures to minimize security risks and protect personal data from breaches. Our security framework is built on robust encryption, strict access controls, real-time monitoring, and compliance with global data protection standards. However, in the unlikely event of a security incident, we have a comprehensive incident response plan in place to contain, mitigate, and prevent recurrence.
*This Q&A is for informational purposes only and does not constitute legal advice. Customers are responsible for assessing their own compliance requirements based on their specific use of the Valid.it platform and the laws applicable to them.
Our cutting-edge technology revolutionizes the way you assess authenticity. Save valuable time and resources by implementing our solution to streamline your validation processes. Contact us today to learn more.