Privacy Policy
Effective May 22, 2026 · Last updated May 22, 2026
Introduction
Business Partner Vetting (“BPV,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals whose information we process in connection with our document verification services. This Privacy Policy explains what data we collect, why we collect it, how we use it, how long we retain it, and the rights available to you.
This policy applies to all users of our website, document upload portal, and API. By using our services, you acknowledge that you have read and understood this policy.
Data We Collect
We collect the following categories of personal data:
| Category | Data Elements | Source |
|---|---|---|
| Business contact | Company name, email address | Stripe checkout |
| Corporate documents | Articles of incorporation, business licenses, operating agreements, corporate structure charts | Upload portal |
| Identity documents | Passports, national ID cards, driver's licenses, proof of address | Upload portal |
| Financial records | Bank statements, financial statements, tax returns, audit reports | Upload portal |
| Ownership information | UBO declarations, beneficial ownership structures, PEP/sanctions screening results | Upload portal |
| Compliance records | AML/KYC policies, regulatory filings, compliance certificates | Upload portal |
What We Do Not Collect
We do not use Google Analytics, Google Fonts, or any other Google tracking services. We do not use cookies for advertising or behavioral tracking. Public profiles expose only your company name and awarded badge categories — never the underlying documents or personal data within them.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases under the UK/EU General Data Protection Regulation:
- Legal obligation (Article 6(1)(c)): Processing identity and ownership documents to maintain records consistent with AML/CFT best practices and applicable record-keeping requirements.
- Legitimate interests (Article 6(1)(f)): Providing verification services, preventing fraud, maintaining platform integrity, and enabling counterparty verification lookups. Our legitimate interests are balanced against the rights and expectations of data subjects.
- Contract (Article 6(1)(b)): Processing necessary to perform the verification service you have purchased and to fulfill our contractual obligations to you.
How We Use Your Data
- To perform document review and award verification badges
- To create and maintain your public verification profile
- To respond to API requests from authorized counterparties seeking your verification status (badge list only — no underlying documents)
- To communicate with you regarding your verification and any follow-up required
- To comply with applicable legal and regulatory record-keeping requirements
- To detect and prevent fraud and misuse of the platform
Data Sharing and Third-Party Processors
We do not sell your personal data. We share data only with the following processors, each operating under data processing agreements:
| Processor | Purpose | Transfer Basis |
|---|---|---|
| Stripe | Payment processing | Standard Contractual Clauses (SCCs) |
| Vercel | Platform hosting and document storage | Standard Contractual Clauses (SCCs) |
| Neon | Database (verification records, badge data) | Standard Contractual Clauses (SCCs) |
API counterparty lookups retrieve only your verification status and badge list. Underlying documents and the personal data within them are never shared via the API or public profile.
Data Retention
| Data Type | Retention Period |
|---|---|
| Submitted documents | 5 years from verification date (AML/CFT standard) |
| Verification records and badges | Retained while profile is active; 5 years after deactivation |
| Payment records | 7 years (tax and accounting requirements) |
| Failed or abandoned submissions | 90 days |
Following the applicable retention period, data is securely deleted or anonymized.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
GDPR Rights (EEA and UK)
- Access: Request a copy of personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion, subject to legal retention obligations (e.g. AML/CFT records)
- Restriction: Request that we limit processing in certain circumstances
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interests
- Complaint: Lodge a complaint with your national data protection supervisory authority
CCPA Rights (California Residents)
- Know what personal information we collect and how it is used
- Delete personal information (subject to legal exceptions)
- Correct inaccurate personal information
- Non-discrimination for exercising your privacy rights
To exercise any of these rights, contact us at support@businesspartnervetting.com. We will respond within 30 days (GDPR) or 45 days (CCPA) of receiving a verifiable request.
International Data Transfers
BPV operates from the United States. If you are located outside the US, your data may be transferred to and processed in the US. For transfers from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection.
Security
We implement appropriate technical and organizational measures to protect your personal data:
- TLS encryption for all data in transit
- Encryption of documents and personal data at rest
- Access controls restricting document access to authorized BPV staff only
- Regular security reviews
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by applicable law.
Children's Privacy
The Services are intended for businesses and their authorized representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, contact us at support@businesspartnervetting.com and we will delete it promptly.
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated by updating the “Last Updated” date at the top of this page. Continued use of the Services after the effective date of any changes constitutes acceptance of the updated policy.
Contact
For privacy inquiries, data subject requests, or complaints: