SOCYiD

Data Protection & Security

Last updated: November 13, 2025

Privacy by Default

SOCYiD is a consent-based identity exchange, not a social network. Your privacy is built into every feature:

  • Phone numbers and email addresses are never shared with other users
  • No public profiles—Your SOCYiD ID is private until you share it
  • Personal data collected only for account management, not user-to-user sharing
  • Consent-based model—you control what's visible and for how long

At SOCYiD Inc., protecting your personal information is our top priority. This page describes the security practices and technical measures we implement to safeguard your data.

Encryption Standards

Data at Rest: AES-256 encryption for all stored data

Data in Transit: TLS 1.3 encryption for all network communications

Messages: End-to-end encryption for user communications

Access Controls

Role-based access control (RBAC) for internal systems

Multi-factor authentication for administrative access

Principle of least privilege for employee data access

Regular access audits and reviews

Monitoring & Detection

24/7 security monitoring and alerting

Automated threat detection systems

Regular security assessments and penetration testing

Incident response procedures and protocols

Compliance & Standards

Privacy-by-design principles integrated into development

Industry-standard security practices and frameworks

Regular third-party security reviews

Compliance with applicable data protection regulations

Third-Party Security

We carefully vet all third-party service providers and require them to maintain appropriate security standards:

  • Database Infrastructure: Enterprise-grade database systems with encryption at rest and in transit, regular security audits, and compliance certifications including SOC 2 Type II.
  • Identity Verification: Government-issued ID verification services with bank-level security, SOC 2 Type II certification, and compliance with KYC/AML regulations. Verification documents are processed and stored securely according to legal retention requirements.
  • Communication Services: Secure transactional email delivery and push notification systems with industry-standard authentication protocols, TLS encryption, and encrypted message payloads.
  • Caching & Performance: Secure caching infrastructure with TLS encryption, data replication, and automatic backups.
  • Hosting Infrastructure: Edge network hosting with DDoS protection, automatic SSL certificates, and global content delivery.
  • Compliance: All third-party providers maintain SOC 2 Type II or equivalent security certifications and undergo regular security audits.

Data Protection Practices

  • Minimal Data Collection: We collect only the information necessary to provide our Service
  • Automatic Data Deletion: Location history automatically deleted after 90 days
  • Secure Document Processing: Identity verification documents are processed securely following industry standards
  • Secure Development: Security testing integrated into our software development lifecycle
  • Employee Training: Regular security awareness training for all team members

Your Security Responsibilities

While we implement robust security measures, your cooperation is essential:

  • Choose a strong, unique password for your SOCYiD account
  • Never share your account credentials with anyone
  • Enable device security features (PIN, biometric authentication)
  • Keep your app updated to the latest version
  • Report suspicious activity or potential security issues immediately
  • Log out of your account on shared or public devices

Security Incident Response

In the event of a data breach or security incident affecting your personal information:

  • We will notify affected users promptly as required by applicable law
  • We will provide details about what information was compromised
  • We will outline steps we're taking to address the incident
  • We will provide recommendations for protecting your information
  • We will cooperate with law enforcement and regulatory authorities as appropriate

Limitations

Despite our best efforts, no security system is impenetrable. Important limitations to understand:

  • Internet transmission is never 100% secure or error-free
  • Unauthorized access can occur through user error (weak passwords, phishing attacks)
  • Device security depends on your device's security features and settings
  • Third-party service providers maintain their own security practices

We continuously work to improve our security posture and adapt to emerging threats, but we cannot guarantee absolute security. Your use of the Service acknowledges these inherent limitations.

Questions or Concerns

If you have questions about our security practices or believe you've discovered a security vulnerability, please contact us immediately:

SOCYiD Inc.
Email: SOCYiDsupport@socyid.com

For security vulnerabilities, please do not disclose publicly until we've had an opportunity to address the issue. We appreciate responsible disclosure and will work with you to resolve security concerns promptly.