Regulatory Compliance
Spitfire API prioritizes data security and user privacy, ensuring you can confidently integrate our solutions into your operations. Here's an overview of our commitment to compliance
Regulatory Compliance
General Data Protection Regulation (GDPR) Compliance
Data Protection by Design
Spitfire API adheres to the strict principle of data protection by design and by default. Stringent technical and organizational
Strict Internal Security Policy
Only authorized personnel with top-level clearances can access customer information, requiring your explicit permission.
GDPR-Compliant Data Centers
We only partner with reputable data center providers who themselves are GDPR compliant.
Regular Data Protection Assessments
We conduct frequent data protection impact assessments to identify and mitigate potential risks.
EU Data Storage and Processing
We conduct frequent data protection impact assessments to identify and mitigate potential risks.
Regulatory Compliance
Information Security Management System (ISO/IEC 27001)
ISO 27001 Certification
Spitfire API is ISO 27001 certified by BSI, demonstrating our commitment to a robust information security management system. This rigorous certification process validates our security protocols.
Third-Party Vendor Standards
We prioritize partnerships with third-party providers who also hold ISO 27001 certification, further strengthening our security posture.
Regulatory Compliance
Health Information Privacy (HIPAA) Compliance
Focus on Identity Verification
Spitfire API is widely used by healthcare providers to verify patient identities, particularly in tele-health settings.
Separation of Identity and Health Data
Our solutions focus solely on verifying user identities. We do not process or store any Protected Health Information (PHI) as defined under HIPAA regulations. Your organization remains responsible for secure storage of identity information alongside health data to maintain HIPAA compliance.
Regulatory Compliance
Digital Identity Guidelines (NIST IAL-2 Aligned)
IAL-2 Compliant Identity Verification
When configured correctly with biometric verification, Spitfire API's ID Verification API and DocuPass fulfill all digital identity requirements set forth in NIST IAL-2.
Remote or Physical Proofing
Our solutions support both remote and physically-present identity proofing, aligning with IAL-2 standards.
Real-World Identity Verification
Spitfire API's systems automatically verify the real-world existence of identities claimed by your users, ensuring they are legitimately associated with the provided credentials.
Regulatory Compliance
No-Log Policy for Enhanced Security
Commitment to Transparency
As a SaaS provider, we understand the importance of data privacy. Our no-log policy ensures peace of mind for all our customers.
Data Deletion Upon Request
If you choose to disable our vault storage system, we will not retain any uploaded information, including images or personal data, on our servers. This minimizes the potential impact of a security breach.
Autonomous - Ultra Fast Identity Validation Solutions
Get started with world's leading identity check API today.
- 3Seconds or Less Identification
- 50+Million Identity Verified
- 98%Fraud Prevention
- 50xTime & Cost Saved