Security · Payments · Compliance
Security & Payments — what we hold, for how long, and why
We built IDP Companion the way we'd want a service handling our own driver's licence to work. The licence photo and selfie are used only for verification and get deleted within an hour. We never see or store your card details. Servers are in the European Union, traffic is encrypted with TLS 1.3 on the way in, files are encrypted with AES-256 at rest. Every step is laid out below.
Data lifecycle — what each input becomes and when it's gone
Five things reach our servers when you order an IDP Companion: your licence photo, your selfie, the generated PDF, your payment data and your application profile. Each follows a distinct lifecycle.
- 01
Licence photo
Deleted within 1 hourUploaded to a temporary storage area. A text-recognition engine (Tesseract OCR) reads the licence number, full name, expiry date and class from the image. Up to 5 retries if the first read fails. The image is automatically deleted within 60 minutes whether verification passed or not — no review queue, no manual archive, no backup.
- 02
Selfie / headshot
Deleted within 1 hourCompared with the photo on your licence using AWS Rekognition (85% similarity threshold). We do not store face templates, biometric profiles or a searchable face database. The selfie file is deleted within 60 minutes — only the pass / fail result and similarity score stay attached to your application.
- 03
Generated PDF
Generated on demandBuilt in server memory the moment you click download — never written to disk. Each download regenerates the PDF from your stored application fields, so there is no cache, no CDN copy and no backup of the rendered file.
- 04
Application profile
Kept until expiry + 12 monthsName, date of birth, licence class and country, plan length, payment status and order ID. We need this to re-issue the PDF for the duration of your plan and to handle refunds or chargebacks. Retained until your plan expires plus twelve months (tax and audit law require it) and then removed at the next quarterly cleanup.
Encryption & infrastructure
Anything that reaches our service travels over an encrypted connection (TLS 1.3), is stored on servers inside the European Union and sits on encrypted disks. Access to the live database is limited to a couple of people, every action is logged and the access list is reviewed regularly.
Protection in transit
All traffic between your browser and our server uses TLS 1.3 — the modern encryption standard. Any attempt to connect over plain HTTP is immediately redirected to HTTPS.
- TLS 1.3 only — older versions are turned off
- HSTS enabled (1 year + preload) — the browser refuses insecure connections
- No mixed HTTP/HTTPS resources on any page
Protection at rest
Database fields holding personal data sit on AES-256 encrypted disks. Uploaded images stay in encrypted storage for exactly the hour they wait to be deleted.
- AES-256 disk encryption for PostgreSQL volumes
- Encrypted file storage for uploads (one hour, then gone)
- Encryption keys live in the provider's key-management service, not in the app's code
EU hosting + Cloudflare
Application servers run inside the European Union (Frankfurt region). The static landing site is served through Cloudflare for speed, but only public images and scripts sit in that cache — no personal data ever ends up in the global distribution network.
- Backend servers in the EU (Frankfurt)
- Cloudflare only for the landing site's static assets
- No personal data cached outside our own servers
Access control
Two engineers can reach the live database, and only through short-lived credentials that rotate regularly. Every connection is written to the log. No third-party tools have direct read access to the database.
- Access — limited to two people
- Short-lived credentials that rotate often
- Access list reviewed every quarter
Payment security — what reaches us and what never does
Card payments and crypto payments are handled end-to-end by certified payment providers (Gumroad is PCI-DSS compliant). Card numbers, CVVs and crypto wallet keys never reach our infrastructure — not even briefly in memory.
Gumroad
Cards · PayPal · Apple Pay · Google Pay
Gumroad is a large PCI-DSS certified payment provider that runs the whole checkout. We hand the user off with a plan reference; Gumroad collects the payment and sends us back a digitally-signed confirmation once it's done. The card details never reach us.
What we receive after payment
- Order ID and plan reference
- Customer email (for the receipt and PDF delivery)
- Country code (for VAT)
NOWPayments
USDT · USDC · BTC · ETH
Crypto payments go through a hosted NOWPayments invoice page. They generate the temporary wallet, watch for the blockchain confirmation and handle the conversion. We get a digitally-signed confirmation when the transaction is verified — we never hold the wallet keys ourselves.
What we receive after payment
- Invoice ID and plan reference
- Confirmed transaction hash on the blockchain
- Settled amount in USD equivalent
Both providers send back digitally-signed confirmations — we can verify each message really came from them. Any notification that fails the signature check is rejected before it ever reaches our application code.
Privacy & GDPR rights
IDP Companion processes personal data under GDPR. Three rights from that law matter most for what we do — and we've made each of them easy to exercise: a single email is enough.
Right to know what we hold
Ask for a copy of every personal-data record we hold about you. Within 30 days we'll send a JSON or PDF export of your application profile, payment receipts and system event history.
Right to erasure
Ask for permanent deletion of your application data. We action it within 30 days. The exception: financial records that tax and audit law oblige us to keep (typically 7 years in the EU).
Right to take your data with you
Receive your data in a machine-readable format (JSON) so you can move it elsewhere or simply archive it. Useful if you're switching to a different translation service or keeping a personal record of your applications.
How to exercise these rights
Email us with the subject line below. Include the email you used at checkout. We reply within 30 days — that's the deadline GDPR Article 12(3) sets.
Report a security issue
Spotted a vulnerability, a potential data exposure or something on the site that looks wrong? We want to hear about it. We don't run a public bug-bounty program yet, but we read every report and confirm receipt within 24 hours.
- 01Email the details to the address below. Describe the issue, the steps to reproduce it and what you think the real-world impact could be.
- 02We confirm receipt within 24 hours and look into it within 72 hours. We won't threaten legal action against good-faith research.
- 03Critical findings get a same-day patch where it's possible. If you want public credit, we'll thank you in our changelog.
Trust checklist — six things we never do
If any of these stopped being true tomorrow, our whole security model would fall apart. That's why they are written into the code itself and verified by automated tests.
We never store card details
Card numbers, CVVs and full card details don't reach our servers at all — Gumroad handles them end-to-end.
We never build a face database
AWS Rekognition compares two images at the moment of the request and that's it. We don't store face templates, biometric profiles or a searchable face database.
Licence photo deleted within 1 hour
Automated cleanup runs every 10 minutes. No licence photo survives the 60-minute deadline.
Selfie deleted within 1 hour
Same cleanup schedule. Only the pass / fail result stays attached to your application.
Servers stay in the EU
The database and application servers are hosted inside the European Union (Frankfurt region).
Encrypted everywhere, no shortcuts
Plain HTTP redirects to HTTPS immediately. Older encryption versions are turned off. HSTS preload stops browsers from connecting insecurely in the first place.