Article VI — Information Collected, Processing, and Storage
-
1.
Verification shall rely on the full range of information provided by the authorised Verification Provider, which may include:
details extracted from official documents;
captured images or biometric comparisons;
contact, address, and identification metadata;
fraud- and risk-detection insights generated by the provider; and
any operational data required to ensure technical integrity of the verification process.
-
2.
Such data shall be processed in two categories:
Core verification data, comprising the verification reference, provider, result, verification and expiry dates, and linkage to the national record — which shall be retained as part of the permanent verification register; and
Ancillary verification data, comprising document details, images, biometric comparisons, risk or behavioural signals, and session or network metadata — which may be processed temporarily for audit or appeal but shall be purged or irreversibly anonymised after the lawful retention period established by regulation.
-
3.
The Government of Kaharagia shall not obtain or retain raw biometric imagery or full provider payloads beyond the verified report and lawful audit interval.
-
4.
All verification data shall be encrypted in transit and at rest, stored solely within secure servers located in the European Union or in another jurisdiction affording equivalent protection.
-
5.
Access to verification data shall be restricted to duly authorised personnel of the Offices Concerned, subject to individual accountability and record of access.
-
6.
The Government shall maintain a secure audit trail linking each verification to its corresponding nationality record for continuity and accountability.
How to cite
SD-2025-0014 Art. VI — “Information Collected, Processing, and Storage”, Sovereign Decrees of Kaharagia (2025).