Personally identifiable information (PII) handling

Personally identifiable information (PII) refers to any data that can identify an individual. In the context of Identity Verification and Fraud Prevention, Mosaic processes biometric and metadata information in strict compliance with privacy regulations. To balance user privacy with fraud detection, Mosaic applies structured policies for data minimization, unlinking, encryption, and retention.

What PII is collected?

To support Identity Verification and Fraud Prevention, Mosaic temporarily processes the following data during a verification session:

  • Images of government-issued ID documents (e.g., passport, driver’s license)
  • Personally identifiable information (PII) extracted from those documents (e.g., name, birth date, ID number)
  • Selfie images , captured during the identity verification process

The data processed during a verification flow depends on the type of flow—either a full identity verification flow, which includes face authentication and document verification, or a document-only verification flow.

How PII is managed and stored

Mosaic applies a structured approach to how Identity Verification data is stored, encrypted, and deleted:

  • All Identity Verification data is stored in isolated Google Cloud Platform buckets , with each tenant assigned a separate, secure storage environment to ensure strict data separation and privacy.
  • Data is encrypted prior to upload using tenant-specific encryption keys.
  • Each piece of data is assigned a time-to-live (TTL) , which defines how long it is retained before being automatically deleted (default is 90 days, but this period can be shortened or extended on tenant request).

Data privacy protection

Mosaic uses sectorized storage strategies within each customer-dedicated Google Cloud Platform (GCP) bucket to securely store biometric data and Identity Verification metadata. This architecture ensures logical separation between data types, preventing direct associations and supporting privacy-by-design principles.

  • Selfies are hashed before storage and are not retained in original form.
  • Biometric vectors are never stored in raw form and are non-reversible, meaning they cannot be reconstructed into original images.
  • Verification metadata—such as session ID, person ID, face ID, and the number of blocked sessions—is retained to support fraud analysis but remains logically unlinked from biometric data once deletion policies are applied.
  • Blocked session data is stored in isolation and is not associated with PII.
  • All links between PII and fraud-related session data are permanently removed when the configured TTL period expires.

Data deletion and auditability

Once the TTL expires, the corresponding data is automatically and permanently deleted from the GCP storage bucket, including backups. This deletion is logged and tracked by GCP Cloud Monitoring, ensuring full auditability.

Upon request, Transmit Security can provide written confirmation that the data associated with specific sessions has been deleted in accordance with the policy.

Policy updates

Transmit Security may update this policy in accordance with changes to its services, privacy requirements, or applicable regulations. You will be notified in advance of any material changes.