Proof Web Services (“we,” “us,” or “our”) operates the platform located at proof.pk (the “Service”). We are committed to protecting the sensitive personal data and identity information you entrust to us for verification, KYC (Know Your Customer), and certification purposes.
Given the nature of our Service as a KYC and verification platform, we collect highly sensitive information (“Personal Data”).
- Identity Information: Government-issued IDs (CNIC, Passport, Driving License), tax residency documents, and utility bills.
- Biometric Data: Facial recognition scans, liveness detection data, and fingerprint data (if applicable) used strictly for identity verification.
- Contact Information: Name, email address, phone number, and physical address.
- Technical Data: IP addresses, device fingerprints, and browser type to prevent fraud and ensure session security.
We use your Personal Data solely for the following purposes:
- Verification: To authenticate your identity against issuing authorities or third-party databases.
- Certification: To issue digital proofs or certificates of identity/status requested by you or a relying third party.
- Compliance: To assist our clients in meeting their Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) obligations.
- Security: To detect and prevent identity fraud, spoofing, and unauthorized access.
3. Data Retention and Storage
We retain Personal Data only for as long as necessary to fulfill the verification request or as required by law.
- Transient Processing: Wherever possible, biometric data is processed instantly and not permanently stored (“verify and discard”), unless specific certification standards require audit trails.
- Encryption: All sensitive data is encrypted at rest (AES-256) and in transit (TLS 1.3).
We do not sell your data. We may share your information with:
- Relying Parties: The specific merchant, bank, or organization requesting your verification (only with your explicit consent).
- Verification Sources: Government databases (e.g., NADRA) or authoritative registries solely for the purpose of validating the submitted documents.
- Legal Requirements: If required by a court order or Pakistani law enforcement agencies under the Prevention of Electronic Crimes Act (PECA), 2016.
5. Your Rights
Subject to applicable laws, you have the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data (Right to be Forgotten), provided we are not legally required to retain it for audit/AML purposes.
