spitfire logo
Solutions

Regulatory Compliance

Spitfire API prioritizes data security and user privacy, ensuring you can confidently integrate our solutions into your operations. Here's an overview of our commitment to compliance

Regulatory Compliance

General Data Protection Regulation (GDPR) Compliance

  • Data Protection by Design

    Spitfire API adheres to the strict principle of data protection by design and by default. Stringent technical and organizational

  • Strict Internal Security Policy

    Only authorized personnel with top-level clearances can access customer information, requiring your explicit permission.

  • GDPR-Compliant Data Centers

    We only partner with reputable data center providers who themselves are GDPR compliant.

  • Regular Data Protection Assessments

    We conduct frequent data protection impact assessments to identify and mitigate potential risks.

  • EU Data Storage and Processing

    We conduct frequent data protection impact assessments to identify and mitigate potential risks.

Regulatory Compliance

Information Security Management System (ISO/IEC 27001)

  • ISO 27001 Certification

    Spitfire API is ISO 27001 certified by BSI, demonstrating our commitment to a robust information security management system. This rigorous certification process validates our security protocols.

  • Third-Party Vendor Standards

    We prioritize partnerships with third-party providers who also hold ISO 27001 certification, further strengthening our security posture.

Information Security Management System (ISO/IEC 27001)

Regulatory Compliance

Health Information Privacy (HIPAA) Compliance

  • Focus on Identity Verification

    Spitfire API is widely used by healthcare providers to verify patient identities, particularly in tele-health settings.

  • Separation of Identity and Health Data

    Our solutions focus solely on verifying user identities. We do not process or store any Protected Health Information (PHI) as defined under HIPAA regulations. Your organization remains responsible for secure storage of identity information alongside health data to maintain HIPAA compliance.

Health Information Privacy (HIPAA) Compliance

Regulatory Compliance

Digital Identity Guidelines (NIST IAL-2 Aligned)

  • IAL-2 Compliant Identity Verification

    When configured correctly with biometric verification, Spitfire API's ID Verification API and DocuPass fulfill all digital identity requirements set forth in NIST IAL-2.

  • Remote or Physical Proofing

    Our solutions support both remote and physically-present identity proofing, aligning with IAL-2 standards.

  • Real-World Identity Verification

    Spitfire API's systems automatically verify the real-world existence of identities claimed by your users, ensuring they are legitimately associated with the provided credentials.

Digital Identity Guidelines (NIST IAL-2 Aligned)

Regulatory Compliance

No-Log Policy for Enhanced Security

  • Commitment to Transparency

    As a SaaS provider, we understand the importance of data privacy. Our no-log policy ensures peace of mind for all our customers.

  • Data Deletion Upon Request

    If you choose to disable our vault storage system, we will not retain any uploaded information, including images or personal data, on our servers. This minimizes the potential impact of a security breach.

No-Log Policy for Enhanced Security

Autonomous - Ultra Fast Identity Validation Solutions

Get started with world's leading identity check API today.

  • 3Seconds or Less Identification
  • 50+Million Identity Verified
  • 98%Fraud Prevention
  • 50xTime & Cost Saved