Trust Center

We enable over 4,000 organizations across Europe to deliver exceptional business services, with a central focus on earning and maintaining your trust.

Operational Practices

As much as securing our products is a priority, we also understand the importance of being conscious of the way we conduct our internal day-to-day operations. The concept of “building security in” is the same philosophy we use with our internal processes and influences how our business is conducted.

Access to Customer Data

Access to customer data stored within applications is restricted and only happens based on a service and support request initiated by our customers.

Within our SaaS platform, we treat all customer data as equally sensitive and have implemented stringent controls governing this data. Awareness training is provided to our internal employees and contractors during the on-boarding / induction process which covers the importance of and best practices for handling customer data.

Within Verified, only authorized Verified employees have access to customer data stored within our applications. Authentication is done via individual passphrase-protected public keys, and the servers only accept incoming SSH connections from Verified locations. All access to data is logged to offer a complete audit-trail.

Unauthorized or inappropriate access to customer data is treated as a security incident and managed through our incident management process. This process includes instructions to notify affected customers if a breach of policy is observed.

Support Access

Our global support team has access to our cloud-based systems and applications to facilitate maintenance and support processes. Hosted applications and data are only able to be accessed for the purpose of application health monitoring and performing system or application maintenance, and upon customer request via our support system.

Our support teams will only access customer data when necessary to resolve an open ticket.

Training and Awareness

Our security training and awareness program doesn’t just check compliance boxes but results in a genuine uplift in knowledge across the company.

Our awareness program is built on the premise that security is the responsibility of everyone. These responsibilities are extracted from our internal Security Policy Program, and the training and awareness program is used as the primary vehicle for communicating these responsibilities to our staff.

Candidates and contractors are required to sign a confidentiality agreement prior to starting with us, and subsequently, during the onboarding process, security awareness courses are delivered to these new hires.

Keeping in line with the theme of ‘continuous improvement’, we disseminate security messages through company-wide messages and blog posts. These messages generally carry a message that is relevant at that time, e.g. a newly discovered and published threat, and reinforces the importance of following security good practices.

Employee Hiring

Verified as a company attracts and hires only the best and the brightest to work for us. During recruiting, we perform employment, visa, background, criminal records and financial checks. On acceptance of an offer, we ensure each new hire has an on-boarding plan and access to on-going training based on their role.

Customer Exit Procedure

If a contract between Verified and one of our customers using our cloud products ends, customer data will be removed from our cloud environment according to the timelines below.

Scenarios where customer contract can end include:

  • Missed payments: Where an existing customer misses a payment for their product subscription (whether monthly or annually);
  • Subscription cancellation: Where an existing customer cancels their subscription;

Missed payments

When a customer misses a payment or the payment cannot be made, they are unsubscribed from all products 30 days after the due date for the payment. Once this occurs, their data is retained in backup for 180 days, after which it is deleted. Customers can ensure their data is not deleted by rectifying any missed payments within 15 days. It is not possible to restore customer data after this timeline even if payment has been made.

Data retention and destruction

Your account and associated users will be deactivated when your subscription ends. Verified retains data for deactivated accounts after the end of your current subscription period for 180 days.

Your data cannot be recovered after it’s deleted. We strongly recommend creating a Verified data backup from the archive. This can be done manually or via the API.

Amazon

Description and relevant certification

Hosting of our platform for our operational services storage ISO/IEC 27001:2013, SOCI-III, PCI DSS and more.

Company ID and address

Org no: 516411-0669, Kungsgatan 49, 111 22 Stockholm, Sverige

Processing customers data

Processing customers data

Region

EU

Bronnoysundregistrene

Description and relevant certification

Lookup services

Company ID and address

974 760 673, Brønnøysundregistera, Postboks 900, 8910 Brønnøysund

Processing customers data

Yes

Region

EU

Datadog

Description and relevant certification

Use logdata for Observability, monitoring and security purposes. Read more: https://trust.datadoghq.com/.

Company ID and address

Datadog, Inc. 620 8th Ave 45th Floor, New York, NY 10018 USA https://trust.datadoghq.com/

Processing customers data

Yes

Region

EU

Dun & Bradstreet

Description and relevant certification

Lookup services

Company ID and address

Org no: 556341-5685, Rosenborgsgatan 4-6, Solna, Sweden

Processing customers data

Yes, from Dec 27, 2023

Region

EU

EID Easy OÜ

Description and relevant certification

Signing, authentication

Company ID and address

14080014, Telliskivi tn 60/1, Tallinn, Estonia, 10412

Processing customers data

If customer uses the service

Region

EU

Finansiell ID-Teknik BID AB

Description and relevant certification

Signing, authentication, lookup services with BankID SE

Company ID and address

556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm

Processing customers data

If customer uses the service

Region

EU

Google Ireland Limited

Description and relevant certification

Storage of files that enables the customer to maintain the text and its translations to different languages that are used if the service “smart forms” is used.

Company ID and address

ISO/IEC 27001:2013, SOC 2, CSA STAR and more: https://cloud.google.com/security IEno 6388047V, Gordon House, Barrow Street, Dublin 4

Processing customers data

If customer uses the service

Region

EU if customer select to use the service

MongoDB Limited

Description and relevant certification

Storage of process data generated and could be used during usage of some of our services as custom flows and AML.

Company ID and address

ISO/IEC 27001:2013, SOC 2, PCI DSS and more: Number One Ballsbridge, Ballsbridge, Dublin 4, Ireland

Processing customers data

Region

EU if customer select to use the service

Nets AS

Description and relevant certification

Signing, authentication, payments, lookup services

Company ID and address

556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm

Processing customers data

If customer uses the service.

Region

EU

Plisec AB

Description and relevant certification

Lookup services supporting AML and KYC compliance

Company ID and address

559161-4275, Dansbanevägen, 16, 126 31 Hägersten, Sweden

Processing customers data

If customer uses the service

Region

EU

Tagd AB

Description and relevant certification

Operational services for contract management.

Company ID and address

559364-3058
Skogsfrugränd 1, 16762 Bromma, Sweden

Processing customers data

If customer select to use the service.

Region

EU

Trapets AB

Description and relevant certification

Signing, authentication, payments, lookup services

Company ID and address

Org no: 556586-4773, Kungsgatan 56, 111 22 Stockholm, Sweden

Processing customers data

If customer select to use the service

Region

EU

Trust Services ApS

Description and relevant certification

Offer eID (MitID Erhverv in Denmark)

Company ID and address

c/o Nets Denmark A/S
Klausdalsbrovej 601
2750 Ballerup

Processing customers data

If customer select to use the service

Region

EU

Vipps AS

Description and relevant certification

Signing, authentication, payments, lookup services

Company ID and address

918 713 867, Postboks 9236 Grønland, 0134 Oslo

Processing customers data

If customer uses the service

Region

EU

Zendesk, Inc.

Description and relevant certification

Tool for our customer support services and ticket application. Contains information provided by the customer and support staff about the service. ISO 27001:18, AICPA, SOCII etc. See: https://www.zendesk.com/product/zendesk-security/

Company ID and address

EIN no: 26-4411091, SEC CIK #0001463172, 989 Market St, San Francisco, CA 94103

Processing customers data

If customer uses the service

Region

EU

Basic electronic - Level 2

Character

Quick and easy

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Customer on-boarding
  • Signing when receiving a parcel

Type

Touch ID, Email, SMS OTP

Advanced electronic - Level 3

Character

  • Linked to signer
  • Increased legally binding proof
  • More trustworthy than basic electronic signature

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Loan application
  • Employment contracts
  • Insurance documents
  • Documents from public authorities

Type

SMS OTP, Mail OTP, BankID Sweden, BankID Norway, FTN, MitID

Qualified electronic - Level 4

Character

  • Highest level of security
  • Personal link to signer
  • Digital equivalent of a written signature
  • Legal obligation

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Loan application
  • Employment contracts
  • Insurance documents
  • Documents from public authorities

Type

BankID Norway

Standard

ISO 27001

Sponsor

International Organization for Standardisation

Status

Certified ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes.

Standard

BankID

Sponsor

BankID

Status

Verified is a compliant partner and issuer of BankID in Norway and Sweden. Merchants get their certificates issued through Verified. Verified adheres to the current requirements of BankID to keep this status/position. BankID meets the banks’ own high standards for Internet banking security.