Devcode Identity API Policy Statement

At Devcode, we value your privacy. The main section of this privacy statement describes which personal data Devcode collects from you, how Devcode processes such personal data, and why Devcode collects the personal data in connection with Devcode's provision of solutions.

Devcode is an electronic identity services provider who enables connection and interaction between organizations and their customers through verified digital identities. Devcode is a private company registered in Sweden with registration number and its registered main office located at Sveavägen 49 4 tr, 113 59 Stockholm, Sweden. Please direct any questions or requests to or the channels provided for at

Please note that Devcode acts as a processor for most of the personal data we process, whereas Devcode's customer is the controller. Devcode has signed data processing agreements with customers acting as controllers to secure your privacy. In cases where you, as an end user, have questions about how personal data is processed, the controller must be contacted.

Devcode Identity API

Devcode Identity Platform consists of our API for verifying identities and our backoffice IdentityIQ. This policy concerns our API.

When using our API, Devcode acts as a data processor on behalf of our customer (company). End users are managed by the merchant company that acts as a data controller. Devcode does not store any user data permanently. GDPR related information is kept during the identity session and then deleted according to the instructions from the data controller.

Necessary logs/audit for an identity session will be kept according to retention policy to be able to resolve issues that can come up after the Identity Verification request is completed.

Purpose and processing

The controllers and responsible entities for such content are Devcode's respective customers. As the data processor, Devcode signs a data processor agreement with the client as data controller. The data processor agreement establishes the frameworks for Devcode's personal data processing activities. The specific security measures and deletion deadline for processing will be established in each individual data processor agreement.

The purpose of identity transactions is to perform Know Your Customer and perform Customer Due Diligence on behalf of Devcode's customers. This is done by Identifying natural or legal persons using available digital ID methods or digital identity document verification methods, visual recognition and liveness detection and relevant registries to verify address or check if the subject is listed as a Politically Exposed Person or on sanctions lists.

The collected information will be obtained by the Devcode customer, and will be deleted from Devcode's systems as defined by the controller. The controller can delete the collected information in Devcode's systems at own discretion at any point.

Categories of data subjects

End users of the Controller: End users of the Controller's solutions or Processor's solutions used by Controller

During the processing some Personally Identifiable Information (PII) related to Data Subjects will be processed to perform Know Your Customer and Customer Due Diligence.

The following types of personal data could be processed on end users of the controller:

  • Account number
  • Age
  • Birth Location
  • Client meta information
  • Date of birth
  • Device ID
  • Device type
  • Digital certificate number
  • Email address
  • Gender
  • Identity document
  • Information contained in provided Identity documents
  • IP address
  • Mobile phone number
  • Name
  • National ID
  • Nationality
  • PEP/Sanctions status
  • Physical address
  • Picture or video from optical capture of Identity document
  • Picture or video from selfie during face match and liveness detection session
  • Signature