Security is the foundation of everything we do. We treat your data as if it were our own, applying security by design and by default. In short:
- Encryption always. Your data is encrypted in transit and at rest using industry standards.
- Minimal access. Strict access controls: only those who need access have it.
- Trusted infrastructure. We operate on leading cloud providers (e.g., AWS) with high security standards.
- Transparency about incidents. If a high-risk breach were to occur, we would notify you and the authorities without undue delay.
1. Our approach: Security by Design
We apply the principles of Privacy & Security by Design and by Default. This means that protecting your data is not a layer added at the end, but part of how we build and operate every component of the platform, in line with Law No. 21,719 (Chile), the GDPR, and the LGPD.
2. Data encryption
- In transit: All communication between your device and our servers is encrypted using modern TLS protocols.
- At rest: Stored information, including sensitive data, is encrypted using industry-standard encryption.
3. Access controls
We apply the principle of least privilege: access to personal data is restricted to strictly necessary personnel and subject to authentication controls. We keep activity logs to audit access and detect misuse.
4. Protection of biometric data
Biometric data is an especially sensitive category and receives reinforced protection. It is only captured with your explicit consent and is deleted once the verification purpose has been fulfilled, or retained for the minimum indispensable time required by applicable law, after which it is securely destroyed. You can review the details in our Privacy Policy.
5. Infrastructure and providers
We operate on market-leading cloud infrastructure providers (for example, AWS), which act as Data Processors under strict confidentiality agreements and high international security standards. When data is hosted outside your country of residence, we guarantee that transfers are carried out under valid legal mechanisms, such as Standard Contractual Clauses (SCCs).
- Our provider’s security policy: Security at AWS
6. Automated decisions and human oversight
Our verification process uses algorithms to compare your document with your face. If the automated system rejects your verification, you have the right to request a manual review by a human operator.
7. Security incident notification
No system is 100% infallible. In the unlikely event of a security breach that puts your personal data at high risk, Idesify will notify you and the competent authorities without undue delay (and within the 72 hours required by international standards), indicating the nature of the breach and the mitigation measures adopted.
8. Vulnerability reporting
We value the collaboration of the security community. If you believe you have found a vulnerability in our systems, we ask you to report it responsibly and confidentially to privacidad@idesify.com, avoiding accessing other people’s data or degrading the service. We commit to reviewing all reports and responding promptly.
9. Contact
For questions about security or about how we protect your data, write to our Data Protection Officer (DPO) at privacidad@idesify.com.