Last updated: April 4, 2026
This Privacy Policy describes how Urim KYC ("we", "us", "our") collects, uses, stores, and protects your information when you use our platform, website, API, and related services (the "Service").
Account Information: When you create an account, we collect your name, email address, company name, and the subscription plan you select. If you sign up via Google, we receive your name and email from Google's authentication service.
Screening Data: When you use the Service to screen individuals, we process the subject data you submit (names, dates of birth, nationalities, locations, aliases). This data is stored in your tenant's isolated database to support your audit trail and compliance workflows.
Usage Data: We collect information about how you interact with the Service, including API requests, screen counts, login activity, and feature usage. This helps us maintain the Service, enforce plan limits, and improve performance.
Contact Information: If you contact us through our contact form, we receive your name, email address, company name, and message content.
Each tenant's screening data, audit logs, and client records are stored in a physically separate database. Your data is never shared with, accessible to, or visible to other tenants. We do not aggregate screening data across tenants.
The Service uses third-party AI services (Anthropic Claude) to generate compliance narratives and risk assessments. Subject data submitted for screening may be sent to these AI services for processing. AI-generated content is stored in your tenant database as part of the screening result.
We use the following third-party services to operate the platform:
Each third-party provider is subject to their own privacy policy. We select providers that maintain appropriate security and privacy standards.
We retain your screening data and audit logs for as long as your account is active. This is necessary to maintain the compliance audit trail that our Service provides. When you delete your account, all associated data — including your tenant database, user records, screening results, and audit logs — is permanently deleted.
We implement reasonable security measures to protect your data, including HTTPS encryption in transit, per-tenant database isolation, API key authentication, tamper-evident audit logging with SHA-256 hashing, and server-level access controls. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
Depending on your jurisdiction, you may have the right to:
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
Our servers are located in the United States (Ashburn, Virginia). If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.
We use minimal browser storage (localStorage) for theme preferences and authentication tokens only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect. Your continued use after the effective date constitutes acceptance.
If you have questions about this Privacy Policy or how your data is handled, contact us at our contact form or email [email protected].