DDM

DDM Verify

by Qwanum Technologies

Privacy Policy

This Privacy Policy explains how Qwanum Technologies ("Qwanum", "we", "us" or "our") collects, uses and protects personal information in connection with the DDM Verify platform and related websites, including ddmverify.com and admin.ddmverify.com (together, the "Services").

Last updated: 2026

1. Controller

For the purposes of applicable data protection laws, Qwanum Technologies is the controller of personal information processed in connection with the operation of DDM Verify, except where we act as a processor on behalf of our customers who use the platform to run their own verification workflows.

2. Information we collect

Depending on how you interact with the Services, we may collect:

  • Account and profile data, such as name, email address, role, organisation and authentication credentials for admin users.
  • Verification data, provided by our customers to support their verification processes, which may include identity documents (for example, passports or national IDs), supporting documents, and data fields needed to complete checks.
  • Usage and log data, including activity events within the admin console, audit trails, device information, IP address, browser type and timestamps.
  • Support and communication data, such as the content of enquiries you send to us and related contact details.

Where we process verification data, we generally do so on behalf of our customers and in accordance with their instructions and internal policies.

3. How we use information

We use personal information, as appropriate, to:

  • Provide, operate and maintain the DDM Verify platform and related services.
  • Authenticate and authorise admin and operational users.
  • Enable customers to configure and run verification workflows, queues and decisions in line with their internal policies.
  • Maintain security, prevent fraud and abuse, and generate audit logs of access and actions in the platform.
  • Respond to enquiries, provide customer support and improve our Services.
  • Meet legal, regulatory and contractual obligations.

4. Legal bases

Where required by law (for example under GDPR), we rely on one or more of the following legal bases to process personal information:

  • Performance of a contract with our customers and users of the Services.
  • Compliance with legal obligations, including record‑keeping and reporting duties.
  • Our legitimate interests in operating, securing and improving DDM Verify, provided those interests are not overridden by your rights and interests.
  • Your consent, where we rely on it for specific optional features.

5. Sharing and international transfers

We may share personal information with trusted service providers who help us host, operate and support the Services (for example cloud hosting, logging and email providers). These providers are bound by contractual obligations to protect the information and only process it on our instructions.

Where data is transferred across borders, we take appropriate measures to protect it in line with applicable laws, such as using standard contractual clauses or other recognised safeguards.

6. Retention

We retain personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, including to meet legal, accounting or reporting requirements and to support customer audit needs. Our customers may define their own retention rules for verification records inside DDM Verify; in those cases, we retain data in accordance with their configuration and instructions.

7. Your rights

Depending on your location and applicable law, you may have rights such as access, rectification, erasure, restriction, objection, and data portability in relation to your personal information.

If we process your information on behalf of a customer (for example, as part of a verification workflow), we may direct your request to that customer, as they are typically the primary controller of that data.

8. Security

We implement technical and organisational measures designed to protect personal information, including encrypted transport, access controls, role‑based permissions and audit logging for sensitive operations in the admin console. No system can be guaranteed to be 100% secure, but we strive to maintain a level of security appropriate to the risk.

9. Third‑party links

The Services may contain links to third‑party websites or services. This Privacy Policy does not cover how those third parties process personal data. We encourage you to review the privacy notices of any third‑party services you use.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes may also be communicated through the Services or by other appropriate means.

11. Contact

If you have questions about this Privacy Policy or how we handle personal information, please contact Qwanum Technologies using the contact details provided to you as part of your onboarding, or via the primary contact channel listed on this website.