Privacy Policy
1. Introduction
This Privacy Policy describes how AffixIO (“AffixIO,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with our website, application programming interfaces (APIs), software development kits (SDKs), documentation, and related services (collectively, the “Services”). AffixIO provides stateless yes/no eligibility verification: a verifier receives only a cryptographic verdict and an optional signed proof, not a copy of underlying personal data retained at the verification layer.
We designed the Services for organisations that must confirm eligibility, entitlement, or compliance without building large stores of personally identifiable information (“PII”) at the point of verification. Typical use cases include payment authorisation checks, government benefit or permit eligibility, agent and broker compliance gates, and regulated workflow automation where a durable audit trail is required but raw identity payloads are not.
By accessing or using the Services, you acknowledge that you have read this Privacy Policy. If you use the Services on behalf of an organisation, you represent that you have authority to bind that organisation and that organisation accepts this policy.
2. Data Controller
For the purposes of applicable data protection law, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, and substantially similar laws in other jurisdictions, AffixIO acts as the data controller for personal data we process about visitors to our website, account holders, billing contacts, and individuals who communicate with us through permitted channels.
When an enterprise customer integrates AffixIO into its own products or internal systems, that customer typically acts as an independent controller (or joint controller, where agreed in writing) for personal data it submits to or derives from eligibility checks. The customer is responsible for providing its own privacy notices to end users and for establishing a lawful basis for processing. AffixIO processes such data as a processor only where a data processing agreement (“DPA”) is in place and the customer’s instructions permit the processing.
2.1 Controller vs processor summary
- AffixIO as controller: website analytics (subject to Cookie Policy), account administration, security logging, sales and support records, billing, and compliance with legal obligations.
- AffixIO as processor: eligibility inputs and verdict outputs processed on behalf of enterprise customers under contract, except where we are required by law to process independently.
- Customer as controller: relationship with the data subject, privacy notices, consent or other lawful basis for checks, and retention of any copies of underlying records the customer holds outside AffixIO.
3. Scope
This policy applies to information processed through:
- the AffixIO public website and status pages;
- hosted verification endpoints, dashboards, and management consoles made available to registered customers;
- REST and GraphQL APIs, webhooks, and SDKs distributed for server-side or client-side integration;
- signed proof generation, verification, and optional anchoring or registry features where enabled;
- support, incident response, and trust communications initiated through our contact facilities.
This policy does not govern third-party websites, identity providers, payment networks, government registries, or other data sources that a customer may connect upstream of AffixIO. Those parties maintain their own privacy practices. Customers are responsible for mapping data flows across their entire stack.
4. Privacy Architecture
AffixIO’s verification model is built around minimisation at the verifier:
- Stateless evaluation: Eligibility logic evaluates conditions and returns a boolean or enumerated yes/no outcome. Session state at the verifier is not used to reconstruct a subject profile beyond what the customer explicitly passes per request.
- No PII retention at verifier: By default, AffixIO does not store names, government identifiers, full account numbers, biometric templates, or free-text attributes returned from upstream systems once the verdict is produced, unless a customer opts into a narrowly scoped retention feature documented in the DPA.
- Signed proof: Where proofs are enabled, the Services emit a tamper-evident artefact binding the verdict, policy reference, timestamp, and cryptographic identifiers. Proofs are designed for audit and dispute resolution without re-exposing underlying PII.
- Customer-held records: Any copy of underlying personal data remains under the customer’s control in its own systems of record. AffixIO is not a system of record for identity.
Architectural choices reduce risk but do not eliminate all processing. Operational logs, billing metadata, and abuse-prevention signals may still contain personal data as described below.
5. Categories of Information
5.1 Information you provide
- Account registration details (organisation name, role, authentication credentials).
- Configuration data (API keys, webhook URLs, policy identifiers, circuit definitions).
- Support submissions and security reports submitted through our contact channels.
- Billing and invoicing details processed by our payment service providers.
5.2 Information processed during verification
Depending on customer configuration, a verification request may include pseudonymous tokens, hashed identifiers, age brackets, jurisdiction codes, entitlement flags, or other attributes required to evaluate a rule set. Customers must not send categories of data prohibited by contract or law (for example, special category data under Article 9 GDPR) unless explicitly permitted under an executed DPA with appropriate safeguards.
5.3 Automatically collected information
- IP address, user agent, request timestamps, and API usage metrics.
- Diagnostic and performance telemetry (latency, error codes, rate-limit counters).
- Security signals (failed authentication attempts, anomaly indicators).
- Cookie and similar technologies on the website as described in our Cookie Policy.
5.4 Signed proof artefacts
Proofs may contain verdict labels, policy version hashes, nonces, public key identifiers, and integrity tags. They are not intended to carry raw PII. Customers choose whether to present proofs to third parties or store them in their own archives.
6. The Verifier Model and PII Minimisation
Traditional identity or KYC pipelines often centralise copies of documents and attributes. AffixIO inverts that pattern at the verification hop: the Services answer a defined question (“Is this subject eligible under policy X right now?”) and optionally attest to that answer cryptographically.
Implications for data subjects and customers include:
- Data subjects may interact with a customer application; AffixIO may never receive direct contact from the subject unless the customer routes support through us.
- Erasure requests concerning underlying identity records must generally be directed to the customer as controller. AffixIO will assist processors under the DPA to delete or anonymise processor-held remnants where they exist.
- Transparency materials presented to end users should describe that verification is yes/no based and that AffixIO does not retain PII at the verifier by default.
7. Signed Proofs and Audit Records
Signed proofs allow relying parties to verify that AffixIO issued a particular verdict under a identified policy version at a given time, without accessing AffixIO’s internal systems. Proof verification uses public keys published through customer configuration or our trust documentation.
7.1 Proof contents
Standard proof payloads are structured to avoid re-identification. Fields may include:
- verdict (yes/no or enumerated outcome);
- policy and circuit identifiers;
- Unix or ISO timestamp;
- request correlation id chosen by the customer;
- digital signature and algorithm identifier.
7.2 Retention of proofs
AffixIO may retain proof issuance logs for security, billing reconciliation, and dispute resolution for the period stated in the customer agreement or Section 10 below. Customers may disable long-term proof logging features where available and retain proofs solely in their own environments.
8. Purposes and Legal Bases
Where UK/EU GDPR applies, we rely on the following legal bases:
- Contract (Art. 6(1)(b)): providing the Services, account management, and customer support necessary to perform our agreement with enterprise customers.
- Legitimate interests (Art. 6(1)(f)): securing the platform, preventing abuse, improving reliability, and communicating service changes, balanced against data subject rights.
- Legal obligation (Art. 6(1)(c)): tax, accounting, and responses to lawful requests from authorities.
- Consent (Art. 6(1)(a)): non-essential cookies and optional marketing where required; withdrawable at any time.
Processor processing on behalf of customers is performed under the customer’s documented instructions and lawful basis; AffixIO does not determine the purpose of eligibility checks in processor mode.
8.1 Use-case-specific notes
Payments: AffixIO may process transaction context tokens and risk flags supplied by payment customers to return yes/no authorisation assistance. We do not replace PCI DSS obligations of merchants or acquirers.
Government: Public-sector customers must configure policies consistent with applicable public law, official secrecy, and citizen transparency duties.
Agents and compliance: Broker-dealer, insurance, and professional licensing workflows may use AffixIO to gate access to products; customers must ensure fair processing and appeal mechanisms where regulated.
10. International Transfers
AffixIO may process data in the United Kingdom, the European Economic Area, the United States, and other countries where we or our sub-processors maintain facilities. When personal data is transferred from the UK or EEA to countries without an adequacy decision, we implement appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or equivalent mechanisms, supplemented by transfer impact assessments where required.
Enterprise customers may select processing regions or dedicated deployment options where offered under contract. Customers are responsible for ensuring their own transfers into AffixIO are lawful.
11. Retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Verifier-layer eligibility inputs: not retained by default after verdict issuance; ephemeral processing in memory except where short-lived caching is enabled and documented.
- Proof and verdict logs: typically 30 to 90 days for operational tiers unless a customer selects extended retention under DPA schedules.
- Account and billing records: duration of the contract plus statutory limitation periods.
- Security logs: up to 24 months unless a longer period is required for an active investigation.
- Marketing and consent records: until withdrawal of consent plus a reasonable audit period.
Upon contract termination, we delete or return processor-held personal data within the timeframe specified in the DPA, subject to legal holds and backup rotation cycles that purge on schedule.
12. Security Measures
We implement technical and organisational measures described in our Security & Trust page, including encryption in transit, key management, access controls, vulnerability management, and incident response. No method of transmission or storage is completely secure; customers must protect API credentials and configure least-privilege access.
13. Your Rights
Depending on jurisdiction, individuals may have rights to access, rectify, erase, restrict, object, port data, and lodge complaints with supervisory authorities. Because AffixIO often does not hold underlying PII at the verifier, many requests are most effectively handled by the enterprise customer that collected the data.
If you believe AffixIO holds your personal data as controller, submit a request through our contact page with sufficient detail to locate your record. We will respond within applicable statutory timelines (typically one month under UK/EU GDPR, extendable where permitted). We may request proof of identity where reasonable.
13.1 UK and EU rights summary
- Right of access and copy
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”) in applicable cases
- Right to restriction of processing
- Right to data portability for automated processing based on consent or contract
- Right to object to processing based on legitimate interests
- Rights related to automated decision-making where Article 22 applies
California residents may have additional rights under the CCPA/CPRA as applicable to our processing; contact us to exercise those rights where relevant.
14. Automated Decision-Making
AffixIO executes customer-defined rules and circuits to produce yes/no outcomes. We do not profile website visitors for eligibility. Enterprise deployments may involve solely automated decisions with legal or similar effects; in those cases the customer must provide required notices, human review, and appeal paths under applicable law. AffixIO supplies tooling and logs to support customer compliance but does not assume the customer’s regulatory duties.
15. Children
The Services are directed to organisations and professionals. We do not knowingly collect personal data from children under 16 (or the age defined by local law) through our website. Customers must not configure checks involving children unless they have appropriate authority and safeguards.
16. Enterprise Customers and DPAs
Enterprise agreements include or reference a Data Processing Agreement setting out subject matter, duration, nature and purpose of processing, types of personal data, categories of data subjects, subprocessors, security measures, audit rights, and breach notification timelines. In case of conflict between this Privacy Policy and an executed DPA, the DPA controls for processor processing.
17. Changes to This Policy
We may update this Privacy Policy to reflect legal, technical, or business developments. Material changes will be posted on this page with an updated “Last updated” date and, where required, notified to registered customers. Continued use after the effective date constitutes acceptance where permitted by law.
18. Contact
For privacy enquiries, data subject requests, or supervisory authority correspondence, use the Contact Us page. Enterprise customers may also use designated security or privacy channels referenced in their order form.
