User consent for identity verification

Any identity verification session requires obtaining a user consent.

Why is user consent required?

User consent is a fundamental aspect of privacy and data protection laws in many jurisdictions. It ensures that individuals have control over their personal information, especially when sensitive data, such as biometrics, is involved. By obtaining user consent, organizations demonstrate transparency and build trust with their users, reducing the risk of legal repercussions and reputational damage.

When dealing with biometric data, which includes facial recognition patterns, fingerprints, voiceprints, and other unique biological traits, user consent becomes even more critical. Biometric data is considered highly sensitive and requires extra protection to prevent misuse or unauthorized access.

As an identity verification provider, we are required by law to create audit trails for user consent prior to document and selfie capturing flows. Our solution provides built-in consent ONLY through our hosted application.

User consent format

We recommend two different ways for users to give their consent. This largely depends on where you and your customers are:

  • Option 1 (explicit consent): in the United States and most other regions
  • Option 2 (consent checkbox): in the European Union and the United Kingdom

Please reach out to your account manager if you have further questions.

United States

If your end users are in the USA and most other regions (except EU/UK), we suggest implementing the explicit user consent option.

Here's how it appears in our hosted solution (SaaS):

European Union & United Kingdom

If your service follows EU/UK rules (including GDPR), we recommend you to implement the checkbox consent option. Here's how it looks in our hosted solution (SaaS):

Implementation options

Your options depend on the solution you use:

  • Hosted application (SaaS)
  • API- or SDK-based solution

By default, the user consent data is deleted after 90 days, but the data can be deleted sooner via API.

Hosted application

If you use a hosted application, take advantage of the ready-to-use explicit consent and checkbox implementations. Those implementation are available out-of-the-box and are managed by Transmit.

The pictures above are taken off actual hosted app implementations.

API or SDK based solutions

In API and SDK based solutions, you must implement user consent options on your own, as per regional / local requirements.

User consent interfaces must use Transmit’s legal language and you must have it reviewed by our legal team to ensure the right usage and implementation.

Our APIs and SDKs do not provide the consent screens out-of-the-box. However, you can find example screens as part of our demo application (GitHub).

Consent document IDs are generated at the start of verification sessions, and are stored by Transmit. Default retention period is 90 days, but the data can be deleted sooner via API.