The most advanced technologies to keep you compliant with GDPR and KYC/AML requirements

We are leaders in providing compliant KYC/AML compliance for the art market with a set of cutting-edge technologies and a team of experienced and renowned professionals. These are our compliance and security features.

Global KYC compliance

artpass ID’s identity verification platform is globally applicable, as our approach and methodology are carefully designed according to the FATF recommendations regarding AML and CTF requirements, which serves as the international basis for local AML laws.

Risk-based approach

Our system is based on a risk-based approach and follows global and local regulatory norms (FATF, HMRC). Our expertise in compliance and our provision of a range of technologies help us and financial authorities to speak in a common language for our customers.

KYC verification

The artpass ID platform is created with tools that enable completely automatic KYC verification as well as checks based upon human review in line with the current European legislation on non-face-to-face customer identification in the banking industry.

Ongoing monitoring

We constantly monitor all the existing user profiles to manage the risks. The system will indicate if a user has been put on a Sanctions list or his document has expired. You can react immediately in case of any changes.

GDPR Compliant

At artpass ID, we have established a comprehensive ongoing GDPR compliance program while providing training to our staff and conducting meetings on how important data protection is for the entire core team.

Customer consent

We receive customer consent before processing personal data. The request for consent is placed in a separate checkbox before verification, so a user clearly understands what they are agreeing with.

Clear privacy policy

In our policy it is clearly stated how the user’s data is going to be used and for how long. It gives users transparency and information about the purposes and methods of processing.

EU data centers & DPO

All data is stored in secure Microsoft Azure Cloud servers. Overall responsibility for all data security lies on the DPO (Data Protection Officer) registered at the UK Information Commissioner’s Office as ZA633666.

Right to revoke consent

Our users have the right to withdraw consent within a reasonable timeframe. To revoke an approval, all they have to do is delete their account in their profile screen or send a message to

Secure data storage

User data is stored in encrypted format on our servers, which are kept at Uptime Institute classified Tier III data centers compliant with TIA-942 and PCI DSS standards, protected by specially audited security personnel.

Encryption technologies

Data is encrypted based on the TLS 1.2 protocol. Decryption keys are stored separately from the actual data, so people with criminal intent won’t get access to your sensitive data.

Server monitoring

Our applications are constantly monitored and in the event of an issue we are notified with a screenshot of the error, and a second-by-second timeline with the fastest 30-second checks.