Built on Trust. Backed by Control.
At IDYC360, we believe that data protection isn’t a legal checkbox—it’s a foundation for trust.
As a platform purpose-built for compliance, we treat your data, your customers’ data, and all information processed through our systems with the utmost care.
Our approach to data protection is guided by global regulations, industry best practices, and a commitment to security, transparency, and accountability.
Our Data Protection Commitment
We apply strong, privacy-by-design principles across all IDYC360 services to ensure:
- Lawful, fair, and transparent data processing
- Purpose limitation and data minimization
- Accuracy, integrity, and confidentiality of all processed data
- Clear rights for users and customers regarding their information
- Proactive protection against unauthorized access or misuse
Global Compliance Standards We Follow
IDYC360 is fully aligned with the following data protection frameworks: is fully aligned with the following data protection frameworks:
- General Data Protection Regulation (GDPR) – EU/EEA
- UK Data Protection Act 2018 – United Kingdom
- California Consumer Privacy Act (CCPA) – United States
- Other applicable national and sector-specific regulations, depending on jurisdiction and use case
What Data We Process
We process both:
Business Contact Data
For users accessing our website, requesting demos, or engaging with sales/support.
Includes:
- Name, email, phone, role, company
- IP address and device/browser details
- Usage data and preferences
Customer & Screening Data
Submitted by clients through our platform in the context of AML/KYC/fraud workflows.
Includes:
- Customer names, IDs, and risk scores
- Screening results (e.g., PEPs, sanctions, adverse media)
- Case activity logs and compliance decisions
All platform data is handled in strict accordance with applicable laws and customer agreements.
How We Protect Your Data
Data protection is enforced through a multi-layered approach:
- End-to-end encryption of data in transit and at rest
- Role-based access controls across the platform
- Regular vulnerability scans and penetration testing
- Isolation of customer environments where required
- Audit logging for all user actions and data changes
- Continuous security monitoring and incident response readiness
Data Hosting & Residency
We host our infrastructure with reputable, globally distributed cloud providers, with options to localize data based on:
- Client preference
- Regulatory jurisdiction (e.g., EU-only storage for GDPR)
- Contractual or licensing requirements
Specific data residency requests can be configured during onboarding.
Data Transfers & Safeguards
For international data transfers, we apply appropriate safeguards:
- Standard Contractual Clauses (SCCs) for EU/UK transfers
- Data Processing Agreements (DPAs) with all subprocessors
- Regional processing rules, where applicable
No data is transferred to jurisdictions with inadequate protection unless legal safeguards are in place.
Your Data Rights
Where applicable (e.g., under GDPR or CCPA), individuals may have the right to:
- Access their personal data
- Correct or delete inaccurate or outdated records
- Object to or restrict processing
- Request data portability
- Withdraw consent
- Lodge a complaint with a supervisory authority
All such requests can be submitted to: [email protected]
Governance & Oversight
We maintain an internal data governance framework led by cross-functional stakeholders in:
- Compliance & Risk
- Information Security
- Legal & Operations
- Product & Engineering
This ensures that privacy decisions are embedded across our platform lifecycle—from product design to data disposal.
Documentation Available on Request
We offer:
- Data Processing Agreements (DPAs)
- Subprocessor lists
- Security whitepapers
- Platform-specific compliance statements
- Audit logs and reporting packages (for enterprise customers)
To request documentation, contact us at [email protected]