Privacy Policy

Who We Are

EnemoVerify™ is a wholly owned subsidiary of The Ravine of Willows, Inc. (a Texas corporation). The intellectual property underlying the Services — including software, designs, trademarks, and proprietary methods — is wholly owned by Enemo Consulting Group, Inc. and licensed to EnemoVerify™ for use in operating the Services.

Our principal place of business and contact address for privacy inquiries is:

EnemoVerify™
The Adolphus Tower
1412 Main Street
STE 609
Dallas, TX 75202
United States

Data Controller

For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data-protection laws, the data controller for personal information processed in connection with the EnemoVerify™ Services is EnemoVerify™, at the address above. Where we process personal data on behalf of a customer (e.g., a business using our API to verify its end users), we act as a data processor, and the customer is the data controller.

1. Information We Collect

From customers: account details, billing information (via Stripe), API usage logs, and support communications.

From subjects: identity documents, biometric data (liveness), contact information, business registration details, and screening results — only when initiated by a customer who has obtained the subject's consent.

2. How We Use Information

To process verification requests, deliver results, manage billing, prevent fraud, comply with legal obligations (including AML record-keeping), and improve the Services using aggregated, de-identified data.

3. Legal Basis (GDPR)

We process personal data on the basis of: contract performance, legitimate interests (fraud prevention, security), legal obligation (AML regulations), and consent (where explicitly required, such as biometric processing).

4. How We Share Information

With verified third-party verification providers to process your requests. With Stripe for payment processing. With service providers (hosting, email) under data processing agreements. With law enforcement when legally compelled. We never sell personal information.

5. Data Retention

Verification records are retained for the duration required by applicable AML/FCRA regulations (typically 5–7 years). Biometric data is retained only as long as necessary for the verification, then deleted or anonymized. Account data is retained for the life of the account plus 90 days.

6. Security

We use TLS 1.3 in transit, AES-256 at rest, HMAC-signed webhooks, scoped access controls, and comprehensive audit logging. Our security team can be reached at security@enemoverify.com.

7. Your Rights

GDPR: access, rectification, erasure, restriction, portability, and objection. Contact privacy@enemoverify.com to exercise these rights.

CCPA: right to know, delete, and opt out of sale (we do not sell personal information).

FCRA: if a background check impacted an adverse decision, you have the right to receive a copy of the report and dispute inaccuracies.

8. International Transfers

We may transfer data outside the EEA using Standard Contractual Clauses and other legally approved transfer mechanisms.

9. Children

Our Services are not intended for individuals under 18. We do not knowingly collect data from children.

10. Changes

We will notify customers of material changes at least 30 days before they take effect.

Contact

EnemoVerify™
The Adolphus Tower
1412 Main Street
STE 609
Dallas, TX 75202
United States
privacy@enemoverify.com