TrustVerifi Verification Policy

Entity: Skanda Projects Pty Ltd trading as TrustVerifi

Effective date: 02 October 2025

Contact: support@trustverifi.com

This Verification Policy explains how identity (KYC), business (KYB), and staff verification work on TrustVerifi; what data is processed; how it's secured; how long we keep it; and how verification affects badges, Trust Scores, and feature access. This policy is intended to be read alongside our Privacy Policy, Terms of Service, Acceptable Use Policy, Community Guidelines, and Dispute Policy.

1) Purpose & Goals

TrustVerifi is built on authentic, verified reputations. We verify users and businesses to:

• prevent impersonation and fraud;
• provide buyers with reliable trust signals;
• maintain content integrity (reviews, replies, testimonials);
• comply with applicable laws and platform safety standards.

2) Scope & Roles

Who is covered:

• Individuals (e.g., freelancers, consultants, job seekers);
• Businesses (companies of any size), including their staff/contractors onboarded to a Business account;
• Reviewers who submit testimonials (where optional verification is offered).

Controller/Processor roles:

• TrustVerifi acts as Controller for platform integrity, fraud prevention, product improvement, and legal compliance.
• Where a Business Customer uses TrustVerifi to collect/process personal data from its users or clients, TrustVerifi acts as Processor under a DPA (on request). See our DPA for details.

3) Key Definitions

• KYC (Know Your Customer): Identity verification of an individual using government‑issued documents, selfie/liveness checks, and other signals.
• KYB (Know Your Business): Verification of a legal entity using registries (e.g., ABN), director links, and corporate documents.
• Staff Verification: Optional KYC for employees/contractors linked to a Business account; displays verified staff indicators.
• Verification Provider: Third party that performs checks on our behalf. We currently use ComplyCube.
• Verification Outcome/Metadata: Status (e.g., Verified/Failed/Pending/Expired), date/time, check type, and minimal technical details required for audit/security.

4) Data Flow & "No Document Storage" Commitment

• Direct submission to ComplyCube: When you start verification, you are securely redirected or embedded into our provider's capture flow.
• TrustVerifi does not store your identity documents. We do not keep copies of passports, driver licences, selfies, or corporate certificates on our servers.
• What we receive: We only receive the verification outcome and minimal metadata (e.g., success/failure, reason code, timestamp).
• What we may log: Device, IP, and session-level telemetry may be logged by TrustVerifi for security, rate limiting, and fraud prevention.
• Video/liveness: Any biometric processing (e.g., liveness detection) is handled by the provider. TrustVerifi does not receive biometric templates.

5) Legal Bases & Regional Notes

• Australia (APPs): We process verification outcomes for identity assurance and platform safety (APP 3/6). Sensitive document images are collected/processed by ComplyCube.
• EU/UK (GDPR/UK GDPR): Legal bases include Legitimate Interests (platform safety/fraud prevention) and Performance of a Contract (enabling verified features). If local law requires consent for specific processing, we will obtain it.
• US (CCPA/CPRA): We do not "sell" personal information. Verification outcomes are used for security/fraud prevention and service delivery.

We will update this section as regulations evolve in the regions where we operate.

6) What We Verify

• Individuals (KYC): Legal name, date of birth, document validity/match, selfie/liveness result.
• Businesses (KYB): Legal entity name, registration/number (e.g., ABN), registered address, directors or UBO checks where required.
• Staff: Association between a verified person and a verified/claimed business profile.
• Reviewers (optional): Email verification is required for public reviews; invite‑originated reviews are deemed Verified by provenance.

7) Verification Outcomes & Platform Effects

• Badges: Successful verification unlocks badges (e.g., KYC Verified, Business Verified) displayed on profiles and sub‑profiles.
• Trust Score: Verification status positively impacts your Trust Score; failed/expired checks may reduce visibility until resolved.
• Feature Access: Certain features (e.g., some embeds, directory visibility, API quotas) may require current verification.
• Labels: Content may show provenance labels (e.g., Verified via Invite, Email‑Verified, Imported).

8) Re‑verification, Expiry & Changes

• Expiry: Verification may expire after a period defined by risk and regional norms (e.g., periodic re‑checks).
• Triggers: We may prompt re‑verification upon name changes, profile transfers, suspected misuse, or policy changes.
• If you decline: Some features may be disabled and badges/labels updated accordingly.

9) If Verification Fails

• We'll provide general reasons where available (e.g., unreadable document, mismatch).
• You can re‑submit corrected information or contact support for guidance.
• Repeated failure or suspected fraud may lead to feature limits or account action according to our Acceptable Use Policy.

10) Fraud Detection & Abuse Prevention

• Signals: We combine verification outcomes with device telemetry, rate limits, dispute/misuse history, and anomaly detection.
• Enforcement: We may pause features, require additional checks, remove badges, and adjust Trust Scores. Serious abuse may result in suspension or referral to authorities (see AUP & Trust & Safety Guidelines).

11) Data Retention

• Documents & biometric data: Held by ComplyCube, not TrustVerifi. Retention is governed by the provider's policies and applicable law.
• Outcomes/metadata at TrustVerifi: Retained for the life of your account and for a limited period afterwards (typically up to 24 months) for fraud prevention, audit, and dispute handling, unless law requires a different period.
• Reviewer provenance: Invite/public/import provenance and timestamps may be retained for auditability.
• Deletion: When you delete your account (or request deletion), we remove verification outcomes/metadata from our systems subject to legal/contractual retention. We will also forward or direct erasure requests to ComplyCube when applicable.

12) Security Measures

• Cloud & isolation: Hosted on Microsoft Azure with network isolation, firewalls, and WAF/DDoS protections.
• Encryption: Data in transit (TLS 1.2+) and at rest (AES‑256). Keys managed through Azure Key Vault.
• Access control: Role‑based access, principle of least privilege, audit logging.
• Operational security: Vulnerability management, change control, backups, and incident response.

13) International Transfers

If verification outcomes/metadata are transferred internationally, we rely on appropriate safeguards (e.g., EU Standard Contractual Clauses/UK IDTA) and supplementary measures. Sub‑processor lists are maintained in our Trust Center.

14) Your Choices & Rights

• Access & correction: View and update account data in Settings.
• Download: Request a copy of your account data.
• Deletion: Request deletion of verification outcomes/metadata at TrustVerifi; we will also forward relevant requests to ComplyCube.
• Objection/Restriction: Where applicable, you may object to or restrict certain processing used for fraud prevention or product improvement.
• Support: support@trustverifi.com

15) Business Customers (Processor Terms)

For Business use where we process data on your behalf (e.g., reviewer data collection), our Data Processing Addendum (DPA) applies. Verification used for platform integrity and abuse prevention is handled by TrustVerifi as an independent Controller.

16) Transparency for Reviewers

• Invite‑verified reviews: Reviews submitted through a profile owner's direct invite are marked Verified by provenance.
• Public reviews: Require email verification; may be held for moderation if flagged.
• Imported reviews: Clearly labeled; not treated as Verified by invite.

17) Children & Restricted Use

TrustVerifi is not intended for children under the minimum age required by local law (typically 16). We do not knowingly verify minors without appropriate legal basis/consent. Accounts found in breach may be limited or removed.

18) Changes to This Policy

We may update this policy to reflect changes in law, providers, or platform features. We will post updates with a new effective date and, if changes are material, notify users in‑product or by email.

19) Contact

Questions or requests about verification?

Email: support@trustverifi.com

Post: Skanda Projects Pty Ltd (TrustVerifi), 48 Blackheath Road, Oxley 4075, Australia

Appendix A – Frequently Asked Questions (Verification)

Do you store my passport/ID?

No. Documents are handled by ComplyCube. TrustVerifi only stores the result of the check (e.g., Verified/Failed) and minimal metadata.

Is biometric (liveness) data stored by TrustVerifi?

No. Any biometric processing is performed by ComplyCube; TrustVerifi does not receive biometric templates.

How long do you keep verification results?

For the life of your account and a limited period afterwards (typically up to 24 months) for fraud prevention/audit, unless law requires differently.

Can I request deletion?

Yes. Request deletion in Settings → Privacy or email privacy@trustverifi.com. We'll delete outcomes/metadata we hold and relay erasure requests to ComplyCube where applicable.

What if my check fails?

We'll share a general reason (where available). You can retry with clear, current documents. Persistent fraud flags may lead to limits per our AUP.

Does verification affect my Trust Score and badges?

Yes. Verified status unlocks badges and improves Trust Score. Expired/failed checks may reduce visibility or limit features.