Nighttime view of Earth from space showing illuminated cities, cloud cover, and the planet's curvature against a dark starry background.

At Veridable, security and compliance are fundamental to what we do.

We design the platform to protect confidentiality and integrity from day one.

  • 1. Data Protection

    Data in transit

    All data transmitted between your browser and Veridable is protected using Transport Layer Security (TLS).

    We enforce HTTPS for all connections.

    Modern cipher suites are used so that data cannot be easily intercepted or tampered with while travelling over the internet.

    This prevents third parties from reading or altering information as it moves between you and our platform (for example, when clients upload KYC documents or institutions review them).

    Data at rest

    Data stored within Veridable is encrypted at rest.

    Databases and storage volumes are encrypted using industry-standard symmetric encryption (such as AES).

    Encryption keys are managed securely using the underlying cloud provider’s key management services.

    This means that even if someone were to gain access to the raw storage layer, the data itself would remain unreadable without the correct keys.

  • 2. Access control & auditability

    We design Veridable so that only the right people can see the right data, at the right time, and every action leaves a trail.

    Role-based access control (RBAC)

    User access is governed by roles and permissions. Institutions and corporates can configure who can view, edit, approve or share specific KYC items and profiles.

    User authentication

    All users authenticate with a unique account. Support for stronger options such as SSO/MFA is on our roadmap for enterprise customers.

    Fine-grained permissions

    Access to sensitive KYC data can be restricted to specific teams or named individuals. Separate workspaces ensure clear separation between clients, entities and counterparties.

    Audit logging

    Veridable maintains a full audit trail of key actions:

    Document uploads and changes

    Data edits and approvals

    Access to specific KYC profiles or items

    Sharing or revoking access

  • 3. Documents and data controls

    KYC often involves highly sensitive documents. Veridable provides controls to reduce unnecessary copying and leakage.

    Document watermarking

    PDF documents can be watermarked to show who accessed them and when, discouraging unauthorised redistribution.

    Print and download restrictions

    Where appropriate, access can be limited to view-only, with print or download restricted to specific users or roles.

    Controlled sharing

    Corporates and institutions decide which counterparties can see which documents or data fields. Sharing can be revoked, and access can be time-limited if required.

    These controls are designed to move KYC away from uncontrolled email attachments toward a more secure, traceable model.

  • 4. Application & infrastructure security

    Veridable is built on top of reputable cloud infrastructure and follows secure development practices.

    Secure cloud infrastructure

    We use leading cloud providers (such as AWS or equivalent) that offer strong physical, network and platform security, as well as compliance with recognised standards.

    Environment separation

    Production, staging and development environments are separated to reduce the risk of accidental exposure and to support safe testing.

    Testing & hardening

    As the platform matures beyond early pilots, we plan to:

    Conduct independent penetration tests at least annually.

    Perform regular vulnerability scanning and remediation.

    Apply security patches and updates in a timely manner.

    Secure development lifecycle

    We aim to embed security into the way we build:

    Code reviews and change control

    Principle of least privilege for internal access

    Logging and monitoring of key systems

  • 5. Compliance & privacy

    Veridable is being designed with UK/EU data protection principles and financial crime compliance in mind.

    Data protection

    We act as a data processor and/or controller depending on the context and contract with your organisation. We will enter into Data Processing Agreements (DPAs) where required.

    GDPR-aligned

    Our approach is aligned with GDPR principles such as data minimisation, purpose limitation and access control. We only process personal data to provide the Services or as required by law.

    Compliance roadmap

    As we grow, we intend to pursue formal certifications such as:

    SOC 2

    ISO 27001

    These are part of our medium-term roadmap and will be updated here as they are achieved.

  • 6. Your responsibilities

    Security and compliance are shared responsibilities.

    You are responsible for managing who in your organisation has access to Veridable, including onboarding and offboarding users promptly.

    You should configure roles and permissions in line with your internal policies.

    You should ensure you have a lawful basis for providing personal data and documents to Veridable as part of your KYC processes.

    If you have specific regulatory or contractual requirements, we’re happy to discuss how Veridable can support them as the platform evolves.