Privacy Policy

Last updated: June 2026

1. Who We Are

FlashVerify is operated by 9Eons Limited, a company registered in England & Wales. We act as a data processor on behalf of our business customers (data controllers) who use our API to verify their end users' phone numbers.

Contact: [email protected]

2. Data We Collect

Account Data (Business Customers)

• Company name, contact name, email, phone number
• Billing information and payment history
• API usage logs and verification history

Verification Data (End Users)

• Phone numbers submitted for verification via the API
• Verification status and timestamps
• Country code and verification method used

We do not collect end users' names, email addresses, or any personal data beyond the phone number submitted by the business customer.

3. How We Use Data

• Phone numbers: Solely to deliver verification calls/SMS and report delivery status
• Account data: To provide the service, process payments, and communicate with customers
• Usage data: To generate billing, analytics, and improve service quality

4. Legal Basis (GDPR)

• Contract performance: Processing necessary to deliver the verification service
• Legitimate interest: Fraud prevention, service monitoring, and security
• Legal obligation: Financial record-keeping and regulatory compliance

5. Data Security

• Phone numbers are encrypted at rest using AES-256-GCM
• All API communication is over HTTPS/TLS 1.2+
• API secrets are stored using one-way hashing where possible
• Access to production systems is restricted and audited
• Database hosted on AWS RDS with encryption at rest

6. Data Retention

• Verification records: Retained for 90 days, then anonymised
• Account data: Retained while the account is active, plus 6 years for financial records
• Audit logs: Retained for 12 months

7. Data Sharing

We do not sell personal data. We may share data with:

• Telecom carriers: Phone numbers are transmitted to carriers to deliver calls/SMS (necessary for the service)
• Payment processors: Revolut Business processes payments
• AWS: Infrastructure hosting (EU-West-2, London region)
• Law enforcement: When legally required

8. International Transfers

Phone numbers may be transmitted to carriers in the destination country to complete the verification call. All data storage is within the EU (AWS London region).

9. Your Rights

Under GDPR, business customers have the right to:

• Access your account data
• Rectify inaccurate data
• Request deletion of your account and data
• Export your data in a portable format
• Object to processing based on legitimate interest

End users should contact the business that initiated the verification, as they are the data controller.

10. Cookies

The FlashVerify website uses essential cookies only (session management for the dashboard). We do not use tracking cookies or analytics cookies.

11. Changes

We may update this policy and will notify customers via email of material changes.

Questions? Contact our data protection team at [email protected]