Search Icon

Versions: Español | Français (Canadien) | Portugues (Brasileiro)

About Socure. Socure Inc. (collectively, “Socure,” “we”, “us” or “our”) provides products, tools, and services powered by artificial intelligence and machine learning to help our business customers validate identities, assess risk, and detect and prevent identity theft and fraud (the “Products”). We use what we learn about you on an ongoing basis to continually develop and improve the Products.

Scope of this Privacy Statement. This statement (the “Privacy Statement”) applies only in the ordinary course of our business and only to: (1) personal information or personal data, as defined by applicable law; and (2) anyone who uses the Products, directly or indirectly, or visits us at any one of our websites, hyperlinks, social media pages, or elsewhere on the Internet (the “Sites,” or, when referred to with the “Products,” collectively known as the “Services”). This Privacy Statement describes how we collect, use, and disclose personal information and identifies our data sources, our lawful bases for processing, and our data security and data retention practices. It also contains important information about your data rights and how to contact us. This Privacy Statement does not apply to job applicants or to any non-affiliated third parties.

Changes to this Privacy Statement. Socure reserves the right to modify this Privacy Statement by posting an update on this website. Please review this Privacy Statement from time to time to stay informed, as any material changes to this Privacy Statement will be effective immediately and your continued use of our Services mean you agree to your data being used accordingly. 

Collection of Personal Information

The categories of personal information, including sensitive personal information, that we may collect about you in connection with your use of the Services include:

Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), including the Identifiers listed above, as well as education, employment, and employment history, bank account number, or other financial information.

Characteristics of protected classifications, such as age, sex, gender, gender identity, immigration status, race, skin tone, and national origin.

• Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

• Biometric information, such as information derived from photographs of a face or inferred from keystroke or other data entry patterns.

• Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interactions with the Services.

• Geolocation data, such as Internet Protocol address and Global Positioning System coordinates.

• Audio, electronic, visual, thermal, olfactory, or similar information, such as identity document and selfie photographs and readings from device sensors.

• Professional or employment-related information, such as any business-related contact information used when you create an account with us or interact with the Sites.

• Inferences drawn from the information we collect to create a profile about you that reflects your preferences, characteristics, predispositions, or behavior.

• Sensitive personal information, such as personal information that reveals your social security number, driver’s license or state identification card number, passport number, financial account and routing number, financial or commercial account activity and history, criminal history, contents of your email, and biometric information.

Sources of Personal Information

The sources of the personal information we collect are:
• you, directly or indirectly, when you use the Services;
• third parties who test, purchase, or resell the Products;
• public sources of information; and
• our third-party vendors and service providers.

Use of Personal Information

We may use your personal information in accordance with law and our customer contracts to:

• carry out our operational or other purposes, as necessary to provide the Services;
• prevent, detect, protect or defend against, or respond to security incidents, identity theft, fraud, harassment, malicious, deceptive, or illegal activities;
• preserve the integrity or security of our systems;
• debug and otherwise identify and repair errors that impair existing intended functionality of the Services;
• audit or otherwise perform quality control related to a current or concurrent transaction;
• perform services for or on behalf of our customers, including maintenance or service of accounts, troubleshooting transactions, and providing other customer support; and
• undertake internal research for technological development and demonstration, which includes the development, validation, and improvement of the Services.

Socure does not market or advertise directly to consumers in connection with our provision of Products to our customers. However, if you engage with certain content on the Sites, such as white papers and webinars, you may receive marketing or advertising communications from Socure in accordance with this Privacy Statement. 

Where permitted or required by law, we may also use your personal information to:

• comply with federal, state, or local laws, rules, or regulations;
• comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities;
• provide support to a customer or partner who is being investigated or audited;
• cooperate with law-enforcement agencies concerning conduct or activity that we or our customer reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; and/or
• investigate, establish, exercise, prepare for, or defend legal claims.

Lawful Bases for Processing Personal Information

For consumers located in jurisdictions that require a lawful basis for processing, please note that your personal information are processed in accordance with:

• your consent;
• performance of a contract;
• overriding legitimate interests, such as identity verification, risk assessment, and ongoing fraud prevention; or
• a legal requirement or obligation.

Where Socure relies on legitimate interests, we take into consideration the reasonable expectations of data subjects based on their relationship with the controller, including ongoing customer relationships and access to goods or services, and balance them against our customer’s ongoing needs to validate identities, assess risk, and prevent, detect, protect or defend against, or respond to security incidents, identity theft, fraud, harassment, malicious, deceptive, or illegal activities.

Where Socure processes special categories of personal information, we do so only in accordance with your freely given consent, which may be provided to our customer, to us directly, or both, when you use the Services, whether directly or indirectly.

Disclosure of Personal Information

Socure may disclose your personal information to third parties for business purposes, as follows:

Categories of Personal Information Categories of Third Parties Disclosed To For Business Purposes
Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, photographs, or other similar identifiers. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, signature, social security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, or other financial information. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.
Characteristics of protected classifications, such as age, sex, gender, gender identity, immigration status, race, skin tone, and national origin. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations; and
• corporate subsidiaries and affiliates in order to provide the Services.
Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.
Biometric information, such as information derived from photographs of a face or inferred from keystroke or other data entry patterns. • Not “disclosed” as we understand the meaning of the term, but this information is stored by a third-party service provider in accordance with the deletion policy specified herein.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interactions with the Services. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.
Geolocation data, such as Internet Protocol address and Global Positioning System coordinates. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.
Audio, electronic, visual, thermal, olfactory, or similar information, such as identity document and selfie photographs and readings from device sensors. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.
Professional or employment-related information, such as any business-related contact information used when you create an account with us or interact with the Sites. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.
Inferences drawn from the information we collect to create a profile about you that reflects your preferences, characteristics, predispositions, or behavior. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.
Sensitive personal information, such as personal information that reveals your social security number, driver’s license or state identification card number, passport number, financial account and routing number, racial or ethnic origin, criminal background, and contents of your email. • customers and their auditors, corporate affiliates, sponsor banks, and regulators, in order to provide the Services or otherwise fulfill our contractual or legal obligations;
• third-party service providers or subprocessors, as necessary to provide or otherwise improve the Services; and
• corporate subsidiaries and affiliates in order to provide the Services.

From time to time, for business purposes, Socure may also need to disclose your personal information to the following third parties:

professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us;
a court of law, arbitral tribunal, law enforcement agency or other third party, where required or otherwise permitted by law; or
a third party as part of a business transaction such as a merger or acquisition.

Socure does not disclose sensitive personal information for purposes other than those specified in section 7027(l) of the California Consumer Privacy Act Regulations.

Targeted Advertising. Socure does not market or advertise directly to consumers in connection with our provision of Products to our customers. To the extent we use third-party service providers to assist us with targeted (i.e. cross-contextual behavioral) advertising, we do so only in connection with actions you take on our Sites that suggest you may be interested in purchasing our Products on behalf of your employer. For our third-party service providers to help us serve any such advertisements, we may share with them your identifiers, professional or employment-related information, and/or personal information categories listed in the California Customer Records statute, alone or in combination with information from other sources (like our data vendors and offline customer data), and they may use various tracking technologies.

Socure does not “sell” any personal information, as defined by applicable law. In addition, Socure has no actual knowledge that it sells or shares the personal information of consumers under 16 years of age, as defined by applicable law.

When We Delete Information

At Socure, we believe (because we’ve seen) that ongoing identity verification, risk assessment, and fraud prevention are purposes for data collection, use, and retention that do not expire. Nonetheless, our general policy is to delete your personal information permanently and securely within 7 years from your last interaction with Socure or the Services, unless otherwise specified herein or where the law or a contract requires deletion to occur sooner.

Special Notices re Biometrics: To the extent Socure collects your “biometric information” or “biometric identifiers” as defined by applicable law, we will delete that information permanently and securely no later than 3 years after your last interaction with Socure or the Services.

Special Notice re Data Protection Rights: Personal information used to verify your identity via the Services in connection with your exercise of a Data Protection Rights request will be deleted within 72 hours of verification, except to the extent that audit records must be maintained to demonstrate compliance with privacy and data protection laws.

How We Secure Your Information

Socure uses commercially reasonable physical, electronic, and procedural safeguards to protect information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction, in accordance with applicable law, and we require our customers to do the same. Our security practices are also audited on a recurring basis, and we maintain ISO 27001 and SOC 2 Type 2 certifications. That said, there is simply no way to guarantee that any safeguards or security measures will be sufficient to prevent a security incident.  

Your Data Protection Rights

Based on where you live, you may be subject to one or more of the following data protection rights (some of which are limited rights subject to certain exceptions), as well as the right to file/lodge a complaint with the relevant supervisory authority:

Right to know/be informed as to the personal information or categories of personal information we have about you.
Right to access a copy of the personal data we have about you.
Right to correction/rectification inaccurate personal information that we have about you.
Right to deletion/erasure of personal information about you.
Right to opt out of/object to certain processing, such as targeted advertising or certain types of profiling.
Right to restrict processing, if you meet certain limited applicable circumstances.
Right to withdraw consent at any time, free of charge. Any such withdrawal only applies prospectively and will not impact prior processing conducted in accordance with your prior freely given consent.
Right to appeal a refusal to take action on a request within a reasonable period of time after you receive the initial decision.

Non-discrimination. Privacy and data protection laws generally prohibit discrimination against consumers who choose to exercise their data protection rights. Socure will not deny you any goods or services as a result of your exercise of data protection rights.

To exercise applicable data protection rights requests, please fill out this form. After receipt of your request, we will attempt to notify our customers and data vendors of the request and will let you know what actions we intend to take in response. You can also exercise your data protection rights by sending us an email with your name, state or country of residence, and which right(s) you’d like to exercise. Please note that Socure may be subject to specific exemptions and limitations in how we respond to such requests and that certain rights may not be applicable to you. 

Additional information regarding opt outs. To learn how to manage targeted advertisements you might see on LinkedIn, click here. If you would like more information about how targeted advertising works and how to control the use of your data in this way, you also can visit the NAI (National Advertising Institute) or the DAA (Digital Advertising Alliance). 

Verifiable Data Protection Rights Requests: Socure will use commercially reasonable methods to confirm that you submitted a verifiable request, where applicable or required. This means that we may need to ask you for additional information, verify your identity using the Services, and save some of your personal information to prove that we complied with your request.

Authorized Agent:  You also may designate an authorized agent to make a request on your behalf, subject to appropriate verification and other applicable legal requirements.  Your authorized agent will need to provide documentation supporting the agent’s authority to make the request on your behalf.  We also may require you to verify your identity directly with us and confirm the request.

Opt Out Preference Signals:  We respond to signals or mechanisms enabled in web browsers and on mobile devices that indicate a preference to exercise the rights listed above as required by applicable law.  At this time, we do not honor “do not track” signals if enabled in a web browser. 

EU-U.S. Data Privacy Framework Commitment

Socure complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Socure has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Socure has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. Socure subject to the investigatory and enforcement powers of the Federal Trade Commission.

Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should submit their request via this form. If requested to remove data, we will respond within a reasonable timeframe. 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request via this form

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

Socure’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Socure remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Socure proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S DPF, the UK Extension to the EU-U.S DPF, and the Swiss-U.S DPF Principles, Socure commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU-U.S DPF, the UK extension to the EU-U.S DPF, and the Swiss-U.S DPF Principles. European Union, United Kingdom, and Swiss individuals with inquiries or complaints should first contact Socure at privacy@socure.com.

Socure has further committed to refer unresolved privacy complaints under the EU-U.S. DPF program to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit this website for more information and/or to file a complaint. This service is provided free of charge to you.

If your EU-US DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. Click here for more information.

If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the relevant Principles shall govern.  To learn more about the EU-U.S. DPF program, please visit this website. You can verify Socure’s participation here.

Contact Us

To contact the Socure Privacy team, including our Data Protection Officer, you may email privacy@socure.com or call 1-888-690-3709.

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Socure has appointed the European Data Protection Office (EDPO) as its GDPR Representative in the EU. You may contact EDPO regarding matters pertaining to the GDPR: (1) by using EDPO’s online request form; or (2) by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

Pursuant to Article 27 of the UK GDPR, Socure has appointed the EDPO UK Ltd as its UK GDPR representative in the UK. You may contact EDPO UK regarding matters pertaining to the UK GDPR: (1) by using EDPO’s online request form; or (2) by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

Versions: 2022