Is Veriff safe with your data?

Veriff

70/100

Good disclosure · medium confidence

Veriff earns a B (70/100) because it discloses most of its data practices.

Dealbreaker flag

D1.1 ADVERSE: Policy discloses that Veriff trains autonomous decision-making algorithms and machine learning models using End-User personal data for internal business purposes (sections 5.2(1), 5.2(13), 6.1-6.2) based on legitimate interest with no named user opt-out mechanism disclosed for End-Users.
D1.4 ADVERSE: Policy grants Veriff broad rights to use data for related business purposes, such as maintaining, improving, upgrading or enhancing the Service and developing, testing, improving and altering the functionality including for machine learning (sections 4.2, 5.2(13)) without explicit user-facing restriction on reuse scope beyond service provision.

#44

of 177 apps ranked

score · Security & compliance avg 65

vs category average

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

Veriff discloses jurisdiction-specific biometric retention limits and international transfer safeguards via standard contractual clauses, yet fails to disclose user opt-out mechanisms for model training on End-User data and grants itself broad rights to reuse data for internal AI development based on legitimate interest.

What Veriff's privacy policy says about your data

Training Data

Policy discloses machine learning development and automated decision-making under legitimate interest (sections 5.2(1), 5.2(13), 6.1-6.2) but does not name any user opt-out mechanism for End-Users' training-data use.

Biometric Governance

Jurisdiction-specific limits are named: Illinois residents' biometric data retained for 3 years maximum or when purpose is satisfied, whichever is first (section 12.2(3)); Texas residents' data retained for 1 year (section 12.2(4)); shared with service providers only.

International Transfers

Policy explicitly names standard contractual clauses (SCCs) as safeguard for cross-border transfers (section 8.4).

Data Retention

Global policy uses indefinite as long as necessary framing for most data categories (sections 10.2-10.3); jurisdiction-specific rules provide named retention periods but lack global clarity on End-User data for AI purposes.

The area-by-area breakdown for Veriff is being prepared and will appear after its next scoring pass on the current rubric. The summary and highlights above reflect the latest assessment.

Details

Category: Security & compliance
Modalities: text, image
Processes biometrics: Yes
Policy last updated: 2026-04-16
Region scored: Global / US-default
Assessed: 2026-06-20

Read Veriff's privacy policy

Other security & compliance apps

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.