Privacy Policy

Last updated: June 2026 · Version 1.1

Our core principle: VerifyBlind enables identity verification without requiring your Turkish national ID number (TCKN), full name, or date of birth to be shared in plain text with anyone — including us or our partners. This data is processed in encrypted form only inside a hardware-secured isolated environment (AWS Nitro Enclave) and immediately deleted.

1. Data Controller

Name

Ercüment Eşkar

[email protected]

Request

In-app "Data Request" or [email protected]

VERBİS Status

Exempt — Board Decision 2025/1572

The VERBİS registration exemption under Board Decision 2025/1572 covers only the registry filing obligation; disclosure, explicit consent, data security, and all other KVKK obligations remain fully in effect.

2. What Data Do We Process and Why?

Mobile App — Identity Verification

Temporarily processed inside the secure Enclave — then deleted

National ID number (TCKN), full name, date of birth, gender, NFC chip contents, facial image and biometric vector

Stored in our system (does not reveal your identity)

Cryptographic hash (HMAC) values — cannot be reversed to TCKN.
Verification result: only true/false.
Consent record (scope and date).

Never stored

TCKN, full name, date of birth, actual age value, biometric data, facial photo

Partner Portal

Data	Purpose	Retention
Company name, email	Account and communication	Contract + 10 years
Hashed password	Authentication	Until account deletion
Public key, Callback URL	API integration	Duration of contract

3. Parties We Share Data With

Party	Shared	Condition
Partner Organisations	Verification result only (true/false). Raw identity data is never shared.	With your explicit consent
Amazon Web Services	Encrypted processing (AWS Nitro Enclave cannot access content)	Service infrastructure
Cloudflare Web Analytics	Anonymous page view statistics (no cookies, no IP storage, no personal data)	Service quality monitoring
Sentry (Crash Diagnostics)	App crash/error reports only. TCKN, MRZ, facial and biometric data are redacted before sending. Not linked to your identity; never used for advertising or tracking.	App stability / error monitoring
Dropbox / Google Drive (optional backup)	Only if you initiate it: your end-to-end encrypted identity backup is written to your OWN cloud account. Only your device can decrypt it; we cannot access it.	At your choice
Competent Authorities	Minimum data when legally required	KVKK Art. 8/2-a

4. Retention Periods

Identity data (TCKN etc.)Processing onlyImmediately deleted by Enclave

Biometric dataProcessing onlyImmediately deleted by Enclave

Verification pseudonyms (HMAC)10 yearsAnonymised (Turkish Commercial Code Art. 82)

Technical logs (masked IP)365 daysAnonymised

Application logs90 daysDeleted

5. Security

✓AWS Nitro Enclave — Hardware isolation; no operator, including Amazon, can look inside
✓End-to-end encryption — AES-256-GCM + RSA-OAEP-SHA256
✓Android Keystore (TEE) / iOS Secure Enclave & Keychain — Keys stored in the device secure hardware zone
✓Nonce-based protection — Every operation is unique and non-replayable
✓Data minimisation — Only the minimum necessary data is written to the system

6. Your Rights

Right	How to Exercise
View my data	App → Settings → Data Request
Delete my data	App → Settings → Delete My Data
Withdraw consent	App → History → Select operation → Withdraw
Data portability	App → Settings → Download My Data
Object / Complain	[email protected] or kvkk.gov.tr

Important note: Since we do not store TCKN or email, you will need to verify ownership using your in-app nonce value when submitting a request. Response time: within 30 days.

7. Contact

For questions about our privacy policy or your personal data: [email protected]

Disclosure Notice →Privacy Policy →Terms of Use →Cookie Policy →Data Processing Agreement →