Compliance

Validia is committed to maintaining a high standard of compliance, transparency, and operational security.

Validia is built with enterprise-grade compliance in mind. Our infrastructure, consent model, and data handling practices are aligned with major privacy frameworks, including SOC 2, GDPR, CCPA, and biometric-specific laws across U.S. states.

SOC 2

  • SOC 2 Type I: Completed

  • SOC 2 Type II: In progress

  • Audited by: Independent third-party security firm

  • Scope: Covers security, availability, and confidentiality controls across our systems

GDPR & CCPA

Validia supports full compliance with major global and U.S. privacy regulations:

  • GDPR

    • Data subject rights: Access, correction, and deletion requests honored

    • Data minimization and purpose limitation enforced

    • Optional data residency available for enterprise customers

  • CCPA / CPRA

    • Clear opt-in/opt-out workflows for sensitive data like biometrics

    • Transparent disclosures on data collection and use

    • No sale or unauthorized sharing of personal data

Biometric Privacy

Validia is designed to comply with biometric privacy regulations such as BIPA, and sets a high standard for biometric data protection:

  • Explicit consent is required and documented before any biometric data is processed

  • No biometric data is stored long-term, displayed, or used for any purpose other than real-time authentication

  • Users can decline participation and still proceed via alternate verification methods, unless restricted by the requesting organization

Biometric Compliance by State

Validia’s platform is structured to meet state-specific biometric privacy laws across the U.S.:

California (CCPA/CPRA)

  • Informed notice and consent presented during onboarding

  • Users may opt out of biometric authentication at any time

  • No data is retained without explicit permission

Illinois (BIPA)

  • Written, dual-checkbox consent captured prior to biometric processing

  • Clear disclosures on purpose, usage, and retention

  • No biometric data processed without affirmative opt-in

Texas & Washington

  • Notice and explicit consent required before biometric data use

  • Fulfilled via onboarding email and in-app consent form

Colorado, Connecticut, and Others

  • Supports opt-out for biometric and profiling data

  • All consent events are logged and auditable

  • Alternate verification methods offered for users who decline

Trust Center

For real-time updates on our compliance status, third-party attestations, and internal policies, visit our Trust Center. 🔗 Validia Trust Center

PreviousPrivacy Controls & RedactionNextSupport & Onboarding Help

Last updated

Was this helpful?