Privacy Policy

RapidVerify — A Trading Name of Orchestrating Identity LimitedVersion 1.0 | Last updated: 19th February 2026

1. Introduction and Who We Are

RapidVerify is a trading name of Orchestrating Identity Limited, a company incorporated in England and Wales (Company Registration Number: 142636) with its registered office at Kings Parade, Lower Coombe Street, Croydon, England, CR0 1AA (“we”, “us”, “our”, or “RapidVerify”).

We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our identity verification services, visit our website, or otherwise interact with us.

Orchestrating Identity Limited is registered as a data controller with the Information Commissioner’s Office (ICO) under registration reference ZB475194. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data (Use and Access) Act 2025, and all other applicable data protection legislation.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Contact and Account Data

  • The payment provider (Shopify/Stripe) collects the following details: email address, telephone number (optional), and postal address for payment
  • Account preferences and communication preferences with Shopify

2.2 Technical and Usage Data

  • IP address, browser type and version, operating system
  • Device identifiers and mobile device information
  • Pages visited, time spent on pages, links clicked
  • Log-in and access timestamps
  • Cookies and similar tracking technologies (see our Cookie Policy)

2.3 Financial Data

  • Payment card information (processed via our secure payment provider, Shopify/Stripe)
  • Transaction history relevant to identity checks

3. How We Collect Your Personal Data

We collect personal data through the following means:

  • Directly from you when you register for or use the RapidVerify Shopify site to purchase identity verification services
  • Automatically through your use of our website or platform via cookies and tracking technologies

4. Legal Basis for Processing

We collect and use your personal data on the following legal bases under UK GDPR:

  • Contract performance: Processing is necessary to fulfil your purchase of identity verification services through our Shopify store, including processing your order and managing your account.
  • Legal obligation: Where we are required by law to retain or process certain data (for example, financial records for HMRC compliance).
  • Legitimate interests: For improving our services, fraud prevention, and ensuring platform security, where these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent, such as for marketing communications or non-essential cookies.

5. How We Use Personal Data

We process personal data for the following purposes:

5.1 Purchasing Identity Verification Services

  • Providing Orchestrating Identity Limited with the data it needs to invite a subject to complete an Identity Verification process, including sending them specific terms and conditions for that purpose.

5.2 Business Improvement

  • Improving and developing our identity verification technology and algorithms
  • Conducting anonymised statistical analysis and research
  • Testing and quality assurance of our services

6. Sharing Your Personal Data

We may share your personal data with the following categories of recipients:

  • Payment processors and financial institutions
  • IT service providers, cloud hosting providers, and platform operators
  • Professional advisors including lawyers, auditors, and accountants
  • Regulatory bodies, law enforcement agencies, and courts where we are legally required to do so
  • A purchaser or successor entity in the event of a merger, acquisition, or sale of business assets

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting requirements. Our retention periods are as follows:

  • Financial transaction records: 7 years (as required by HMRC regulations)
  • Identity Verification records: Stored within Orchestrating Identity Limited on behalf of RapidVerify for 7 years as per Companies House requirements
  • Website usage data and cookies: Up to 12 months
  • Marketing consent records: Until consent is withdrawn, plus 1 year

Where we are required to retain data for longer periods by applicable law or regulation (for example, in connection with legal proceedings or regulatory investigations), we will retain it for only the period required. At the end of the applicable retention period, we will securely delete or anonymise your personal data.

8. Your Rights Under UK GDPR

Subject to applicable law and certain conditions and exceptions, you have the following rights in relation to your personal data:

  • Right of Access (Article 15): To request a copy of the personal data we hold about you (subject access request).
  • Right to Rectification (Article 16): To request that we correct inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): To request that we delete your personal data in certain circumstances (the ‘right to be forgotten’).
  • Right to Restrict Processing (Article 18): To request that we restrict how we use your personal data in certain circumstances.
  • Right to Data Portability (Article 20): To receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Article 21): To object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Article 7(3)): To withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Rights Related to Automated Decision-Making (Article 22): Not to be subject to solely automated decisions that have significant effects on you.

Please note that some of these rights are not absolute and may be subject to limitations. In particular, our ability to delete identity verification records may be restricted by legal and regulatory retention obligations.

To exercise any of your rights, please contact our DPO using the details in Section 14. We will respond within one month of receiving your request, or within three months where the request is complex or numerous, in which case we will notify you of any extension within the first month. We will not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113 | Website: www.ico.org.uk

9. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include but are not limited to:

  • End-to-end encryption of data
  • Encryption of data at rest
  • Orchestrating Identity Limited is ISO 27001 certified

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and will report the breach to the ICO within 72 hours of becoming aware of it, as required by UK GDPR Article 33.

10. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website and platform. Cookies are small text files placed on your device to help us provide a better user experience and to understand how our services are used.

We use the following types of cookies:

  • Strictly Necessary Cookies: Essential for the operation of our services. These cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how users interact with our platform (e.g., Google Analytics). These are set only with your consent.
  • Functional Cookies: Remember your preferences and customise your experience.
  • Targeting/Marketing Cookies: Used to deliver relevant advertisements. These are only set with your explicit consent.

You can manage your cookie preferences through our Cookie Consent Manager available on our website. Please refer to our separate Cookie Policy for full details.

11. Children’s Privacy

Our services are not directed at children under the age of 18 and we do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take immediate steps to delete such data from our records.

If you believe that we may have collected personal data from or about a child, please contact our DPO immediately.

12. Third-Party Links and Services

Our website and platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy applies only to our own services. We are not responsible for the privacy practices of third parties and encourage you to read the privacy policies of any third-party websites or services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website with a new effective date
  • Sending you an email notification (where we hold your email address)
  • Displaying a prominent notice on our platform

We encourage you to review this Privacy Policy periodically. Your continued use of our services after the effective date of an updated Privacy Policy constitutes your acceptance of the changes, to the extent permitted by law. Where changes require your consent, we will seek your agreement before the changes take effect.

14. International Data Transfers

We do not transfer, store, or process your personal data outside of the United Kingdom.

All personal data collected through this website is processed and stored within the same jurisdiction and is not transferred to, accessed from, or processed in any country outside of the United Kingdom.

If our practices change in the future regarding international data transfers, we will update this Privacy Policy accordingly and ensure appropriate transfers mechanisms are implemented in compliance with UK data protection legislation

15. Contact Us and Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or our data processing practices, please contact us:

Data Protection Officer
RapidVerify, a trading name of Orchestrating Identity Limited
Kings Parade, Lower Coombe Street, Croydon, England, CR0 1AA
Email: dpo@rapidverify.co.uk

We will endeavour to respond to all enquiries within 30 days. If you are not satisfied with our response, you have the right to make a complaint to the ICO (see Section 8 for contact details).

This Privacy Policy was prepared by Orchestrating Identity Limited and applies to all services offered under the RapidVerify trading name.