Security & compliance

Security-first verification with minimal data exposure.

Nexiel is designed to reduce sensitive data handling while still producing strong compliance evidence.

Request security pack Contact us

Data minimisation by default

No raw PII storage by default—Nexiel relays verification decisions and retains only the evidence needed for audit.
Scoped sharing: request only the attributes required (e.g., age threshold instead of full DOB).
Short-lived sessions so verification links expire quickly and reduce risk.

Audit logs (what gets recorded)

Who initiated the check (tenant, app, or operator).
When it happened (timestamp).
What was requested (policy/scope).
Result (pass, fail, fallback).
Non-sensitive technical metadata to support investigations.

DPA-style readiness

Data Processing Addendum available on request.
Retention controls aligned to your policies.
Incident response process with runbooks.
Access controls and role-based permissions.
Security roadmap: ISO 27001 (in progress).

Fallback and vendor coexistence

Nexiel sits alongside your current KYC/document workflows: run EUDI-first where it works and fall back cleanly when it doesn’t. Sensitive operations—like inviting staff or approving credential issuance—require fresh EUDI + password auth with maker-checker approvals, so no single operator can bypass controls.

Need a deeper audit?

We’ll walk through DPAs, architecture, and logging controls with your security team.

Request security pack View docs