Skip to content
Athenty Athenty Resources

Security and Compliance

Data Protection Measures

Section titled “Data Protection Measures”

Athenty implements multiple layers of security to protect the sensitive personal information collected during identity verification:

  • Encryption in transit: All data transmitted between the client’s device, the Athenty platform, and your organization is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Identity documents, biometric data, and personal information stored on Athenty’s infrastructure are encrypted using AES-256 encryption.
  • Role-based access controls: Access to verification records within Athenty Secure is restricted by user role. Administrators can configure permissions to ensure that only authorized compliance staff can view sensitive verification data.
  • Audit logging: Every action within the platform — viewing a verification, downloading a report, changing a setting — is logged with a timestamp and user identifier. These logs support internal audits and regulatory examinations.

Regulatory Compliance

Section titled “Regulatory Compliance”

Athenty’s verification services are designed to align with the regulatory requirements that Canadian businesses face:

  • FINTRAC: Smart IDV and Smart KYC meet the acceptable methods for verifying identity as outlined in FINTRAC’s Guidance on Methods to Verify the Identity of an Individual. This includes document authentication using a reliable, independent source and biometric comparison with liveness detection.
  • PIPEDA: Athenty’s data handling practices comply with Canada’s Personal Information Protection and Electronic Documents Act, including consent, purpose limitation, data minimization, and secure retention.
  • Provincial regulators: The platform supports compliance with the identity verification requirements of the Law Society of Ontario, FSRA, and equivalent provincial regulatory bodies.

Best Practices for Platform Users

Section titled “Best Practices for Platform Users”
  1. Apply least-privilege access: Grant each team member only the permissions they need. Review user roles periodically and remove access for departed staff promptly.
  2. Review audit logs: Check the platform’s audit logs regularly to confirm that verification records are being accessed appropriately.
  3. Set data retention policies: Work with your compliance team to establish retention periods that meet your regulatory obligations (FINTRAC requires a minimum of five years) and configure the platform accordingly.
  4. Use secure credentials: Enable strong passwords for all Athenty Secure accounts and do not share login credentials between team members.