The security of your client's personal information is at the heart of our product. We employ best practice standards to ensure unauthorised access and disclosure of your client's information does not occur. We ensure the level of security our technology provides to you and the level in which we hold our data partners is of the highest of standards.


The entirety of our process is designed to protect the privacy of your data


Some of the security measures we take to protect our users


The Biometric & OCR  technology has been explicitly scanned for vulnerabilities across a broad range of categories


The Biometric and OCR technology is ISO 27001 and ISO 22301 certified


Once you have verified and identified your customer and have downloaded your report, ALL global data is cleaned and the verification will be archived within a 5 minute period. 


We DO keep an internal reference number to allow us to match products to ID’s completed and for internal billing purposes. 


We NEVER keep any personal data related to any person you have verified. 


Once a report has been downloaded, any data such as images and videos stored during our biometric verification process will be DELETED from our database.


If for any reason, you haven’t downloaded the report, your customer hasn’t completed the process or because you’re satisfied with just using APLY’s web interface, the maximum life span of a verification is 7 days. Beyond this, verification data is automatically cleansed, images and videos deleted, and the verification is archived as previously described


We are confident in our hosting services and development tools (Amazon Web Services/Heroku) and their expertise regarding internet security questions, we also know that not a single system on earth is 100% safe. APLY’s method of handling customer data ensures we and our clients have only very limited data in our database in case of a breach at any given time.



End to end data encryption: Every connection and data transfer is made through secure connections using HTTPS or SSH with credentials

AES-256 Encryption for images and videos. Our verification assets are stored on an encrypted disk

Verification assets are stored using 3 randomly generated keys to access them. It is impossible to predict what URL will be generated

AES-256 Encryption for our database. Our database is encrypted on disk

Our database and verification assets are not stored in the same location

The maximum lifespan of our data is 7 days


The Biometric and OCR technology has undergone penetration tests. Load tests are conducted four times a year on production environments and one time a year on test environments. The penetration tests cover OWASP Top 10, OWASP 3.0, SANS Top-25, Broken Authentication, Sensitive Data Exposure, XML, Broken Access Control, Security Misconfiguration, Cross Site Scripting (XSS) and Insecure Deserialisation. Daily server scans are conducted and are explicitly scanning for vulnerabilities in a broad range of categories, including backdoors and trojan horses, brute force attacks, CGI, databases, DNS and Bind, e-commerce applications, file sharing, SFTP, firewalls, General Remote Services, hardware and network appliances.


The Biometric & OCR technology has been ISO 27001 and ISO 22301 certified



ISO 27001 Focus

  • To protect confidentiality, integrity and availability of information within a company

  • Achieved via

    • Risk assessment

    • Risk mitigation

    • Risk treatment


Controls are developed through policies, procedures and technical implementation. ISO 27001 clearly identifies the risk in process management, legal protection, human resources, physical protection and many more as well as IT security

ISO 22301 Focus


The ISO 22031 is the Business Continuity Management System standard. This certification has been developed to ensure protection due to unexpected disruption and disaster. This policy provides asset owners, personnel and sub-contractors an understanding of what is required in the course of recovering from a disaster.