SECURITY & COMPLIANCE

The most advanced technologies to stay compliant to GDPR, KYC, AML

Global compliance
Sumsub's identity verification platform is globally applicable, as our approach and methodology are carefully designed according to FATF recommendations regarding AML and CTF requirements (specifically, Article 10), which served the international basis for local AML laws.

KYC / AML Compliance

Here at Sumsub data protection and financial compliance are at the core.
Risk-based approach
The system is built on risk-based approach and follows global and local regulatory norms (including FATF, FINMA, FCA, CySEC, MAS). Our expertise in compliance and a range of technologies help businesses and financial authorities to speak in common language.
Ongoing Monitoring
We constantly monitor all the existing users' profiles to manage the risks associated with your customers. The system will notify you if the user has been put on a Sanction list or his document has expired, so, you can react immediately in case of any changes.
Enhanced KYC verification
The platform is equipped with tools for completely automatic verification as well as for checks based upon human review which is complied to current European legislation to non-face-to-face customer identification in banking industry.
Sum&Substance: Security infrastructure
Customer Consent
We receive a customer consent before processing personal data. It is a separate checkbox before requesting a verification, so, a user clearly understands, what exactly he or she agrees with.

Data Privacy Compliance

We at Sum&Substance established a comprehensive ongoing GDPR compliance program and give trainings and meetings on how important Data protection is for the whole core team. Just to show how we built transparency, here are a few examples of what we have in place:
Clear Privacy Policy
In the policy it is stated comprehensively, how the data will be used and for how long to give a user transparency and fair information about the purposes and methods of processing.
The right to be forgotten
Our uses have the right to withdraw the consent in a reasonable timeframe. To revoke an approval it is needed only to drop a message to [email protected]
European Data Centers and Data Protection Officer
We store all the data in Amazon GDPR compliant servers which are located in EU. Overall responsibility for all data lies on DPO (Data Protection Officer), who lives and work in Berlin,Germany and doesn't have any conflict of interest.
Breach Notification
Despite of all the preparations, something always can go wrong. We have a tested process and technologies that allows us to detect and address breaches within 72 hours.
Sum&Substance: Security infrastructure
Secure data Storage
User data is stored in an encrypted format on our servers, which are kept at Uptime Institute classified Tier III data centers compliant with TIA-942 and PCI DSS standards. The data centers are protected technically and guarded physically around the clock by specially audited security personnel.

Sum&Substance: Security and Compliance

Bank-level security

We know that data security is paramount, that's why we'd like to tell you a bit about how we ensure it.
Leading Encryption Technologies
All data transfered on a protected channel with cryptographic encryption based on the TLS 1.2 protocol. Decryption keys are stored separately from the actual data, so people with criminal intent won't get access to your sensitive data.

Independent Testing
We work with independent experts from the sphere of information security in order to find and prevent potential vulnerabilities. Our site, iFrame, and API undergo constant penetration testing, security checks, threat detection, and testing of "white" and "black" drawers.
Constant Monitoring
Our information security team performs regular checks on all aspects of our security systems.
Contact us
© Sum And Substance Ltd (UK), 2018. All rights
Data Protection Registration Number: ZA222205. Company Registration Number: 09688671
Sum&Substance is registered with the Information Commissioner's. Office in compliance with the Data Protection Act 1998. Supports 256-bit TLS encryption on every device.
Follow us
Media/Industry Analysts
Sales/Other Requests
Developers
We are more than happy to send our technical documentation. Tell us a bit about yourself and we will send over a link to the documentation to your work email.
Your Name
Company Name
Phone Number
Company Email Address
Your Message