Legal
Privacy Policy
Last updated: April 14, 2026
This Privacy Policy explains how Enemo Consulting Group, Inc. ("EnemoVerify," "we," "us") collects, uses, and protects personal information in connection with our identity verification platform. It applies to our customers (businesses using our API) and to subjects (individuals and businesses undergoing verification).
1. Information We Collect
From customers: account details, billing information (via Stripe), API usage logs, and support communications.
From subjects: identity documents, biometric data (liveness), contact information, business registration details, and screening results — only when initiated by a customer who has obtained the subject's consent.
2. How We Use Information
To process verification requests, deliver results, manage billing, prevent fraud, comply with legal obligations (including AML record-keeping), and improve the Services using aggregated, de-identified data.
3. Legal Basis (GDPR)
We process personal data on the basis of: contract performance, legitimate interests (fraud prevention, security), legal obligation (AML regulations), and consent (where explicitly required, such as biometric processing).
4. How We Share Information
With verified third-party verification providers to process your requests. With Stripe for payment processing. With service providers (hosting, email) under data processing agreements. With law enforcement when legally compelled. We never sell personal information.
5. Data Retention
Verification records are retained for the duration required by applicable AML/FCRA regulations (typically 5–7 years). Biometric data is retained only as long as necessary for the verification, then deleted or anonymized. Account data is retained for the life of the account plus 90 days.
6. Security
We use TLS 1.3 in transit, AES-256 at rest, HMAC-signed webhooks, scoped access controls, and comprehensive audit logging. Our security team can be reached at security@enemoverify.com.
7. Your Rights
GDPR: access, rectification, erasure, restriction, portability, and objection. Contact privacy@enemoverify.com to exercise these rights.
CCPA: right to know, delete, and opt out of sale (we do not sell personal information).
FCRA: if a background check impacted an adverse decision, you have the right to receive a copy of the report and dispute inaccuracies.
8. International Transfers
We may transfer data outside the EEA using Standard Contractual Clauses and other legally approved transfer mechanisms.
9. Children
Our Services are not intended for individuals under 18. We do not knowingly collect data from children.
10. Changes
We will notify customers of material changes at least 30 days before they take effect.
Contact
Enemo Consulting Group, Inc.
Dallas, Texas
privacy@enemoverify.com