Procurement / Printable pack

AffixIO procurement summary

Date: 22 June 2026 · Product: Verification infrastructure API · Company: AffixIO, Cardiff and Swansea, UK

Vendor summary

Stateless REST API returning signed allow or deny for eligibility, AI agent gates, payments, and offline QR verification. OpenAPI 3.1. Production: api.affix-io.com

Data role

Processor on enterprise contracts. No standing PII at verifier by default. DPA available on request.

Security highlights

• TLS 1.2+, encryption at rest, scoped API keys, MFA on admin
• Noir zero-knowledge circuits (open-source Barretenberg stack)
• Merkle audit tree with inclusion proofs
• ML-DSA-65 post-quantum attestation paths (NIST FIPS 204)

Compliance alignment

GDPR/UK GDPR processor terms; EU AI Act audit evidence; PCI scope reduction (no cardholder data by default). SOC 2 / ISO mappings available under NDA.

Sub-processors

Categories published at affix-io.com/trust/sub-processors. Named list under DPA.

Contact

affix-io.com/contact · Subject: Procurement · Patent pending GB2510622.0

Print / Save as PDF