Data Privacy & Compliance
Blockpass is designed to support strong compliance requirements while minimizing the collection and retention of personal data.
Built to minimize data, by default
Four controls that keep personal data out of your stack without compromising the strength of your verification.
Data-free KYC
Verify users without ever accessing or storing the underlying personal data. Blockpass performs the check and returns only the required compliance result via API.
Access & deletion via API
Where you do need the underlying data, retrieve it through the dashboard or API — then delete those records from the Blockpass platform via API to keep retention to a minimum.
Retention & encryption
KYC data is retained for two years, then sensitive data is permanently deleted while audit records remain. Need longer? Encrypt it with your own public key — only you can decrypt it.
EU data residency
All data is processed and hosted within the European Union on infrastructure located in the Netherlands — supporting our commitment to GDPR and data protection.
From submitted to deleted
Personal data has a defined path through Blockpass — and a defined end.
Submitted
The user submits their KYC data directly to Blockpass — never to your servers.
Verified
We run the checks and return only the compliance result to you via API.
Retained
Data is held encrypted at rest for a default of two years from submission.
Deleted
Sensitive personal data is permanently deleted; a compliance record stays for audit.
Need to retain longer? Hold the key yourself.
For extended retention, data can be encrypted with your organization's public key — so only you can ever decrypt it, not Blockpass.
Security & Compliance Standards
Blockpass maintains compliance with key security and privacy standards, including:
GDPR
General Data Protection Regulation
ISO/IEC 27001
Information Security Management
Cyber Essentials Plus
UK government-backed certification
These controls help ensure the secure handling, storage, and processing of personal data.