Login
Talk to an expertExplore demos
WEB 5461388809 WP Gated Assets Thank You Page Banner 4

Socure Privacy Rights FAQ

The what and how of exercising your rights

Socure is in the business of protecting you from identity-based fraud. These days, personal information has been stolen to such a great extent that fraudsters frequently use it to impersonate people, take over accounts, trick businesses, steal funds and benefits, and cause many other harms. We really know the value of personal information and appreciate that you care about your individual privacy rights. This page is to answer commonly asked questions about our privacy rights process, which starts with this Data Rights Form.

Why do you need to collect my name, email, and phone number in my request?

We use your name, email, and phone number to find your specific data in our records. Name alone is generally insufficient because there are many people with the same or similar names. We also use this information to verify your identity, which is a step that is required by privacy laws. This is so that we can know that we are dealing with an honest person and not a fraudster using stolen information.

Why do you need to verify my identity?

There are many fraudsters who impersonate good people for dishonest purposes. Because it is your rights and your data, it’s important that we first check that we are truly interacting with you. This verification is so important that it’s actually required by privacy laws.

How do you verify my identity?

First, we try to automatically verify you based on the information you provide and what we have in our records. Second, if the situation calls for further verification, we will ask you for a government-issued ID.

We start with Fraud and Risk checks to confirm that your name, email, and phone are actually associated with you. Specifically, these are our Email Risk and Phone Risk products. 

If we can’t confidently confirm that it’s you, then we ask you to use our Document Verification service where you provide proof via government identification and a selfie. 

What happens if I create a one-time-use, new, or fake email address or phone number for my request?

As explained in “How do you verify my identity”, we try to minimize asking you for personal information, so we start with name, email, and phone number. As we try to confirm that your email and phone number are associated with your name, if you just created a new email or phone number that has never been used before with your name, we will correctly see that there is no known association between them, which is a risk factor. Since we won’t have confidence that you are who you say you are, we will then ask you to use document verification. Please note, fraudsters commonly create brand new emails/phone numbers specifically because they may not have access to your real email or phone.

To be clear, you are welcome to do this, but if it impedes our ability to verify your identity, we will ask you to additionally undergo document verification, as verification is required under the law.

Why wouldn’t I want to delete my data from Socure?

First and most importantly, Socure will comply with any rights you may have under privacy laws to delete your data and we are not trying to inhibit any such right.

At the same time, Socure’s products and services are used to protect you and hundreds of millions of individuals like you from the loss and hardship associated with identity misuse without you ever thinking about it. We explain in our Privacy Policy our exact uses for your data. We are an identity verification and fraud prevention company for many businesses and agencies that serve you. We focus on fraud prevention to minimize the risk that fraudsters use your information to open accounts in your name or to take over your existing accounts. 

For example, if you want to open a new account with one of our customers, they may verify your identity (i.e., to ensure that you are not a fraudster) with Socure products. While each customer decides how they will exactly use Socure, if you have deleted your information from Socure, our services may not be able to verify your identity automatically and they may not have confidence in your identity. On the other hand, if a fraudster tries to create an account as you, without your information to cross check against, we may not be able to flag the attempt as fraudulent.

What is your appeal process?

If you are unsatisfied with a decision made regarding your rights request, you have the right to appeal for 45 days after the decision. Please use the Data Rights Form and select the “Right to Appeal”. Please include your case number or enough information for us to identify the decision you are appealing.

During the appeal, a manager in our Legal department–who was uninvolved in the original decision–will review the decision and make a new decision subject to final review by our Data Protection Officer. We will provide you a written reply within 60 days of the appeal or a shorter period if otherwise required by law. The reply will document any action taken or not taken in response to the appeal and include a written explanation of the reasons for the decision. If the appeal is denied, we will provide you a method to submit a complaint to your Attorney General, if that information is available in your state.

How long do you retain the data from a request?

We retain your initial request information (e.g., name, email, phone number) only as long as necessary for compliance with privacy law (for example, in California, this is 5 years). Many privacy laws include oversight such as allowing investigations by your Attorney General. To show that we have complied with privacy laws, including explaining why a request was granted or denied, we keep the initial information in the request.

However, in the case we require additional verification via document verification, we only keep the images and biometrics collected for 7 days, to allow for a few days to process and review them.

What do you use the data submitted in a request for?

As required by privacy laws, any information collected for processing the request is used strictly for processing the request or for proving compliance with privacy laws.

Have fraudsters tried to abuse the privacy request process?

Yes. While there is no definitive way for us to confirm someone is a fraudster, we have denied privacy requests when our services detected potentially fraudulent risk factors.