Privacy & Compliance
Daon technology is built on a foundation of privacy and compliance that demonstrates a structured, globally recognized approach to data protection, cloud security, regulatory compliance, and privacy governance. From product functionality to data transfer and storage, each solution is implemented with a focus on protecting the personally identifiable information (PII) of every user. Our information security and privacy information management systems are independently audited and certified, we offer flexible hosting options to meet regional regulations, and our principle of Identity Continuity minimizes risk by eliminating data silos.
To view detailed compliance documentation, please visit our trust portal.
Access the Trust Portal
Access the Trust Portal
Accessibility
WCAG (Web Content Accessibility Guidelines)
Daon systems incorporate WCAG 2.2-aligned design to ensure that all user interfaces and verification workflows provide equitable access for users across diverse cognitive and physical ability ranges.
Daon systems incorporate WCAG 2.2-aligned design to ensure that all user interfaces and verification workflows provide equitable access for users across diverse cognitive and physical ability ranges.
Technology Performance
iBeta PAD testing
Daon’s biometric liveness detection passed iBeta PAD testing, confirming resilience against spoofing and ensuring robust biometric security compliance with ISO/IEC 30107-3 Level 2.
Daon’s biometric liveness detection passed iBeta PAD testing, confirming resilience against spoofing and ensuring robust biometric security compliance with ISO/IEC 30107-3 Level 2.
NIST FATE testing
Daon’s image quality (QAA) and age estimation algorithms were evaluated under NIST FATE, confirming high performance.
Daon’s image quality (QAA) and age estimation algorithms were evaluated under NIST FATE, confirming high performance.
NIST FRVT testing
Daon’s facial recognition algorithms were evaluated under NIST FRVT, confirming high accuracy and performance.
Daon’s facial recognition algorithms were evaluated under NIST FRVT, confirming high accuracy and performance.
Technology Standards
eIDAS & ETSI TS 119 461 | EU Electronic Identity & Identity Proofing requirements
xProof on TrustX has been audited for compliance with the EU’s Electronic Identity framework (eIDAS) and the European identity verification specification (ETSI TS 119 461) at level Extended (High).
Certificate
Practice & Policy Statement.
xProof on TrustX has been audited for compliance with the EU’s Electronic Identity framework (eIDAS) and the European identity verification specification (ETSI TS 119 461) at level Extended (High).
Certificate
Practice & Policy Statement.
FIDO UAF and FIDO2 Certification
Daon solutions meet all standards for privacy, data protection, and security set forth by the FIDO Alliance and backed by independent evaluation to ensure user data is protected through encryption, consent-based processing, and prevention of cross-service tracking.
Daon solutions meet all standards for privacy, data protection, and security set forth by the FIDO Alliance and backed by independent evaluation to ensure user data is protected through encryption, consent-based processing, and prevention of cross-service tracking.
Spain CCN | Spanish Video Identification standard
Daon is listed in the Spanish Government’s catalogue of approved solutions for identity verification (“Video Identification”), audited by an approved lab on behalf of the national cryptographic body (CCN).
Daon is listed in the Spanish Government’s catalogue of approved solutions for identity verification (“Video Identification”), audited by an approved lab on behalf of the national cryptographic body (CCN).
UK DIATF (Digital Identity and Attributes Trust Framework)
Daon’s identity verification service is certified against the UK Digital Identity and Attributes Trust Framework (DIATF) by an approved Conformity Assessment Body (CAB) and is listed on the GOV.UK register of digital identity and attribute services with options for verification up to level High.
Daon’s identity verification service is certified against the UK Digital Identity and Attributes Trust Framework (DIATF) by an approved Conformity Assessment Body (CAB) and is listed on the GOV.UK register of digital identity and attribute services with options for verification up to level High.
Security
CSA (Cloud Security Alliance) AI Trustworthy Pledge
Daon signed the CSA AI Trustworthy Pledge, committing to ethical and secure AI practices, including explainable AI models and continuous monitoring.
Daon signed the CSA AI Trustworthy Pledge, committing to ethical and secure AI practices, including explainable AI models and continuous monitoring.
CSA STAR (Security Trust Assurance and Risk)
Daon is listed in CSA STAR, demonstrating adherence to CIS benchmarks and OWASP standards, along with other cloud security best practices.
Daon is listed in CSA STAR, demonstrating adherence to CIS benchmarks and OWASP standards, along with other cloud security best practices.
DORA (Digital Operational Resilience Act)
Daon aligns with the EU DORA, ensuring ICT risk management and operational resilience.
Daon aligns with the EU DORA, ensuring ICT risk management and operational resilience.
DESC (Dubai Electronic Security Center)
Daon is currently pursuing DESC certification to meet Dubai’s cybersecurity standards.
Daon is currently pursuing DESC certification to meet Dubai’s cybersecurity standards.
FSQS (Financial Supplier Qualification System)
Daon is registered with FSQS, demonstrating compliance with financial sector standards.
Daon is registered with FSQS, demonstrating compliance with financial sector standards.
G-Cloud Framework
Daon is listed on the UK G-Cloud framework for secure cloud services with government-grade encryption and compliance.
Daon is listed on the UK G-Cloud framework for secure cloud services with government-grade encryption and compliance.
ISO/IEC 27001:2022
Daon is third-party certified to ISO 27001, demonstrating the effective adoption of information security best practice.
Daon is third-party certified to ISO 27001, demonstrating the effective adoption of information security best practice.
ISO/IEC 27017:2015
Daon is third-party certified to ISO 27017 for cloud security.
Daon is third-party certified to ISO 27017 for cloud security.
ISO/IEC 27018:2019
Daon is third-party certified to ISO 27018 for the protection of personal data in the public cloud.
Daon is third-party certified to ISO 27018 for the protection of personal data in the public cloud.
ISO/IEC 27701:2019
Daon is third-party certified to ISO 27701 for extended privacy management.
Daon is third-party certified to ISO 27701 for extended privacy management.
ISO/IEC 42001:2023
Daon is currently pursuing ISO 42001:2023 certification for AI management.
Daon is currently pursuing ISO 42001:2023 certification for AI management.
NIS2 Directive
Daon aligns with all requirements of the EU’s NIS2 cybersecurity directive.
Daon aligns with all requirements of the EU’s NIS2 cybersecurity directive.
ProcessUnity Platform
Daon uses ProcessUnity for third-party risk management.
Daon uses ProcessUnity for third-party risk management.
SOC 2 Type 2
Both Daon platforms are SOC 2 compliant, demonstrating secure data handling operating effectiveness.
Both Daon platforms are SOC 2 compliant, demonstrating secure data handling operating effectiveness.
Privacy
APPI (Act on the Protection of Personal Information)
Daon enforces encryption and access controls in compliance with Japan’s APPI, ensuring secure handling of personal data.
Daon enforces encryption and access controls in compliance with Japan’s APPI, ensuring secure handling of personal data.
BIPA (Biometric Information Privacy Act)
Daon supports the consent, storage, and deletion requirements in compliance with BIPA requirements set forth by the state of Illinois.
Daon supports the consent, storage, and deletion requirements in compliance with BIPA requirements set forth by the state of Illinois.
CCPA (California Consumer Privacy Act)
Daon supports data subject access requests and secure data deletion in compliance with CCPA requirements, providing transparency and security for California residents.
Daon supports data subject access requests and secure data deletion in compliance with CCPA requirements, providing transparency and security for California residents.
CPRA (California Privacy Rights Act)
Daon integrates privacy controls and audit logging in compliance with CPRA, enhancing consumer rights and data governance.
Daon integrates privacy controls and audit logging in compliance with CPRA, enhancing consumer rights and data governance.
EU-US DPF
Daon participates in the EU-U.S. Data Privacy Framework, including the UK extension, ensuring lawful data transfers.
Daon participates in the EU-U.S. Data Privacy Framework, including the UK extension, ensuring lawful data transfers.
GDPR (General Data Protection Regulation)
Daon complies with all GDPR data protection and privacy guidelines.
Daon complies with all GDPR data protection and privacy guidelines.
PIPEDA (Personal Information Protection and Electronic Documents Act)
Daon adheres to the data management requirements of Canada’s PIPEDA
Daon adheres to the data management requirements of Canada’s PIPEDA
The Privacy Act 1988
Daon complies with all aspects of Australia’s Privacy Act.
Daon complies with all aspects of Australia’s Privacy Act.
Swiss-US DPF
Daon participates in the Swiss-U.S. Data Privacy Framework.
Daon participates in the Swiss-U.S. Data Privacy Framework.