TrustVerify logo
POLICIES

Privacy Policy

This Privacy Policy explains how Magnificentech Solution Ltd trading as TrustVerify collects, uses, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Table Of Contents

1. Who We Are & Controller Information2. What Data We Collect3. How We Use Your Data4. Data Sharing & Third Parties5. Data Retention6. International Transfers7. Your Rights Under UK GDPR8. Cookies9. Policy Changes10. Contact & DPO

1. Who We Are & Controller Information

Effective Date: October 15, 2025
Last Updated: June 2026
Data Controller: Magnificentech Solution Ltd trading as TrustVerify (Company No.: 16321180)
Jurisdiction: United Kingdom

1.1 Magnificentech Solution Ltd trading as TrustVerify (Company No.: 16321180), a company incorporated and registered in England and Wales, is the data controller responsible for the personal data processed through this website (trustverify.co.uk), the web application, mobile application, and API platform.

1.2 Where TrustVerify processes personal data on behalf of a business customer (a "tenant") — for example, when running identity checks on that customer's end-users — TrustVerify acts as a data processor and the business customer is the data controller. This Policy principally covers TrustVerify's own processing activities as a controller.

1.3 TrustVerify is registered with the Information Commissioner's Office (ICO) under registration reference ZB962144. Any enquiries relating to data protection should be directed to the Data Protection Officer identified in Section 10.

2. What Data We Collect

2.1 TrustVerify collects and processes the following categories of personal data, depending on how you interact with our platform:

Data Categories & Legal Bases

CategoryExamplesLegal Basis
Identity DataFull name, date of birth, nationality, government-issued ID numbersContract / Legal obligation
Contact DataEmail address, postal address, phone numberContract
Biometric DataFace image, liveness check signal (Article 9 special-category)Explicit consent
Financial DataPayment card details (tokenised via Stripe), billing addressContract
Technical DataIP address, device fingerprint, browser type, cookiesLegitimate interests
Usage DataPages visited, API calls, timestamps, error logsLegitimate interests
KYC / AML DataDocument scans, sanctions-screening results, trust scoresLegal obligation / Contract

2.2 Biometric data (face images and liveness signals) is treated as special-category data under UK GDPR Article 9. We process it only with your explicit consent and it is encrypted at rest using a per-tenant data encryption key (DEK).

2.3 We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact our DPO immediately.

3. How We Use Your Data

3.1 TrustVerify uses personal data for the following purposes:

Identity & KYC verification: To verify the identity of individuals, screen against sanctions and PEP lists (AML), and generate trust scores as required by our business customers and applicable law.
Fraud prevention: To detect, investigate, and prevent fraudulent transactions, account takeovers, and other malicious activity using device fingerprinting, behavioural signals, and AI-based risk scoring.
Service delivery: To create and manage your account, process payments, provide API access, and deliver the features you have subscribed to.
Legal & regulatory compliance: To fulfil obligations under Anti-Money Laundering (AML) regulations, Financial Conduct Authority (FCA) requirements, and other applicable law.
Platform improvement: To analyse usage patterns, diagnose errors, and improve the performance and security of our services.
Communications: To send you service notifications, product updates, and — where you have opted in — marketing communications.
Automated Decision-Making
TrustVerify's fraud and trust-scoring systems involve automated processing, including profiling. Where decisions produce legal or similarly significant effects, you have the right to request human review under UK GDPR Article 22.

4. Data Sharing & Third Parties

4.1 TrustVerify does not sell personal data. We share data only as necessary to deliver our services or comply with legal obligations, with the following categories of recipients:

Sub-processors: Cloud infrastructure providers (data stored in UK/EU regions), payment processors (Stripe), identity verification partners (Ondato), AML screening providers (OpenSanctions), and error-monitoring tools (Sentry).
Regulatory authorities: We may disclose data to law enforcement, financial regulators, or courts where required by law or to protect against fraud.
Business customers (tenants): Where you are the end-user of a TrustVerify-powered service operated by a business customer, that customer is the controller and we share verification results with them under a data processing agreement.
Business transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred to the acquiring entity subject to equivalent protections.

4.2 All third-party processors are bound by data processing agreements that require them to implement appropriate technical and organisational measures to protect personal data.

5. Data Retention

5.1 TrustVerify retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, and reporting requirements. The following principles guide our retention schedule:

a. Biometric data is purged after the tenant's configured retention window (default 180 days) via cryptographic erasure of the per-tenant DEK.
b. KYC/AML records are retained for a minimum of 5 years from the end of the business relationship as required by the Money Laundering Regulations 2017.
c. Account and billing records are retained for the duration of the contract plus 7 years for HMRC tax compliance purposes.
d. Technical and usage logs are retained for up to 12 months for security monitoring and audit purposes.
e. Marketing preferences and opt-out records are retained indefinitely to respect your wishes.

5.2 At the end of the applicable retention period, personal data is securely deleted or anonymised. Where deletion is not immediately possible (e.g., backup systems), the data is isolated and protected until deletion can be completed.

6. International Transfers

6.1 TrustVerify stores personal data in UK or EU cloud regions by default. Certain sub-processors (such as global AML databases or third-party analytics tools) may process data outside the UK.

6.2 Where personal data is transferred outside the UK, TrustVerify ensures that appropriate safeguards are in place as required by UK GDPR Article 46. These safeguards include:

• The UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum.
• Adequacy decisions made by the UK Secretary of State under UK GDPR Article 45.
• Binding corporate rules where applicable.

6.3 You may request a copy of the relevant transfer mechanism by contacting our DPO at the details in Section 10.

7. Your Rights Under UK GDPR

7.1 As a data subject, you have the following rights in relation to your personal data processed by TrustVerify:

Your Rights

Access (Article 15): Request a copy of personal data we hold about you.
Rectification (Article 16): Ask us to correct inaccurate or incomplete data.
Erasure (Article 17): Request deletion of your data where no longer necessary.
Restriction (Article 18): Ask us to pause processing while a dispute is resolved.
Portability (Article 20): Receive your data in a structured, machine-readable format.
Object (Article 21): Object to processing based on legitimate interests, including profiling.
Withdraw Consent (Article 7): Withdraw consent for biometric or marketing processing at any time.

7.2 To exercise any of these rights, please email michael.omotayo@magnificentechsolution.co.uk with the subject line "Data Subject Request". We will acknowledge your request within 5 working days and respond within one calendar month.

7.3 You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time. The ICO can be contacted at ico.org.uk or by telephone on 0303 123 1113. We ask that you contact us first so we can try to resolve your concern.

8. Cookies

8.1 TrustVerify uses cookies and similar tracking technologies on its digital platforms. Cookies are small text files placed on your device that help us deliver a secure and functional experience.

8.2 We use the following categories of cookies: strictly necessary cookies (required for authentication and security), performance/analytics cookies (to understand how users interact with the platform), functionality cookies (to remember your preferences), and targeting/advertising cookies (to deliver relevant content).

8.3 For full details of the cookies we use, their purposes, retention periods, and how to manage your cookie preferences, please refer to our Cookie Policy.

9. Policy Changes

9.1 TrustVerify may update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, our data processing activities, or our business operations. The "Last Updated" date at the top of this page indicates when the Policy was most recently revised.

9.2 Where we make material changes to the Policy — for example, changes to the legal basis for processing, new categories of data, or changes to your rights — we will notify you by:

• Sending a direct email notification to your registered email address.
• Displaying a prominent notice on the TrustVerify website and/or in the web application.
• Where required by law, obtaining fresh consent before continuing to process your data.

9.3 Your continued use of TrustVerify's services after the effective date of any changes constitutes your acknowledgement of the updated Policy. If you disagree with any changes, you may close your account and request deletion of your data as described in Section 7.

10. Contact & DPO

10.1 For all data protection queries, subject access requests, or concerns about how TrustVerify processes your personal data, please contact:

Privacy email: michael.omotayo@magnificentechsolution.co.uk
Data Protection Officer: Michael Omotayo (registration reference: ZB962144)
DPO job title: Director
ICO: You may also lodge a complaint with the Information Commissioner's Office at ico.org.uk

10.2 All privacy enquiries will be acknowledged within five (5) working days. A substantive response will be provided within one (1) calendar month of receipt, as required by UK GDPR Article 12.

Registered Address
Magnificentech Solution Ltd trading as TrustVerify
Company No.: 16321180
England and Wales