Toggle navigation

Security Support

Version 1.0.0

We know that your data is the most important thing for you. Hence we provide best-in-class security and encryption standards to safeguard your data. Our data security controls and standards are given below in detail:

Internal and external audits are conducted on a regular basis to ensure the effectiveness of Information Security controls and processes. These audits are performed by certified professionals to help us create a secure environment for your data. 

We are ISO 27001 certified and Google Cloud Platform (our cloud hosting provider) is SOC 2 Type II Certified. These certifications are provided to only a handful of organizations after rigorous checks and trials of each of their services. Links to both these certifications are given below:

Access Control

Access to our cloud infrastructure is strictly managed via Google Identity and Access Management (IAM) . We have imposed a strong password policy with Two-Factor Authentication (2FA). Access is regularly reviewed to keep your data safe from unauthorized access.

Data Storage and Server Location

We are hosted on the Google Cloud Platform (Mumbai, India) across 3 zones to ensure high availability. This is done to ensure that if there is ever a problem in an individual data center, your service is not disrupted. 


We have implemented strong encryption policies for all your data. 

Thread Modelling

We follow a secure software development lifecycle. Our thread modeling and development methodology contains the following:

  • Perform regular vulnerability assessment and penetration testing on our Application and Infrastructure by CERT-In empanelled organizations. 
  • Tests are performed as per the OWASP standards.
  • Security-focused static analysis tools have been deployed as a part of our CI/CD pipeline.
  • We have a Business Continuity Plan / Disaster Recovery (BCP/DR) plan in place and we perform BCP/DR drill on a yearly basis to ensure critical functions can continue during and after a disaster.


We support long-lived bearer tokens for authentication of the callbacks. This is a backend configuration and will be done along with the callback endpoint configuration. 

Purging Policy

To ensure the safety of your data, IDfy recommends that you delete all customer data from our platform after a customer journey is complete.  We provide multiple automated and manual purging mechanisms:
Automated purging mechanisms

  • API based purging – You may call our purge API when you are looking to purge data
  • Auto purging – You may choose to enable auto purging of data after a configurable span of time (e.g. purge 90 days after data is collected)

Manual purging mechanism

  • Manual purging – Here, you can inform IDfy by email to purge data as a one-time activity 

When data has been purged from our systems, it means that none of the end-user artifacts, transaction logs, or insights data will remain on our systems.

The default system setting is to automatically purge after 90 days of data being received in the IDfy system. Please note that IDfy will not be able to recover the data after this period and will not be liable for any loss of data on account of such policy implementation. If this purge period needs to be modified, please contact us.

Personal Identifiable Information and Data

A custom Data Protection Framework has been implemented by us to put an emphasis on the most sensitive and valuable data within our organization, including your Personal Identifiable Information (PII) and those of your customers.

Threat Protection

Google Cloud Armor has been deployed in our system, which provides defenses against DDoS and application attacks(WAF). 

We use the Google Security Command Center for security and risk management across our Google Cloud Platform infrastructure. Google Security command center provides the following key services:

  • Centralized visibility and control to manage misconfigurations and vulnerabilities.
  • Detects threats targeting IDfy Google Cloud assets.
  • Generate automated reports and maintain compliance against standards like ISO, CIS, NIST, etc

If there are any specific support needed, please mail the query on

Go to the Integration Support Page