Sovereign Audit: This analysis was last verified in March 2026. Identity verification landscape reviewed against current regulatory and technical standards.
The Database You Never Agreed To
Every time you verify your identity on a new platform, you hand over your passport scan, your selfie, and your biometric data to a company whose security practices you cannot audit. You don’t get a receipt. You don’t get a deletion timeline. You get a green checkmark and access to the platform — and somewhere in a data centre, a copy of your face is now permanently associated with a government-issued document that proves exactly who you are.
In 2019, a security researcher discovered that Biostar 2 — a biometric security platform used by banks, defence contractors, and police forces — had left a database containing the fingerprints and facial recognition templates of over one million people exposed on the open internet. No password required. Just a public URL and an Elasticsearch node with no authentication. The data was there for anyone who knew how to look.
Here is the part that matters: biometrics cannot be changed. If your password is breached, you rotate it. If your credit card number is stolen, your bank issues a new one. Your face does not have a version two. Your fingerprints are the same fingerprints you were born with. Once that data is out, the breach is permanent — not for the company, who will issue a statement and move on, but for you, whose biometric identity now exists in unknown hands forever.
The average person completes somewhere between six and twelve KYC verifications per year. A crypto exchange here, a fintech app there, a regulated marketplace, a foreign banking service. Each one is a new biometric record in a new database. Each one is a new attack surface. The KYC compliance industrial complex has turned identity verification into the most dangerous data you never consciously chose to share — because the choice was never really offered to you.
How Traditional KYC Actually Works
Know Your Customer regulations exist for legitimate reasons. Anti-money-laundering law, counter-terrorism financing requirements, and sanctions enforcement all depend on the ability of financial institutions to verify that the person opening an account is who they claim to be. These are not arbitrary bureaucratic intrusions — they are attempts, however imperfect, to prevent the financial system from being used as infrastructure for serious crime.
The problem is not the regulation. The problem is the architecture that has grown up to comply with it.
Traditional KYC runs like this: you upload a scan of your government ID. You take a selfie, sometimes a video. The platform sends both to a third-party verification provider. That provider runs automated checks — document authenticity, biometric matching between the document photo and your selfie — and returns a pass or fail verdict. The platform stores your verification status. The verification provider stores your document images and biometric data. You have now created two data custodians holding permanent records of your identity, and you have almost certainly signed terms of service that you did not read that allow them to retain that data indefinitely.
GDPR gives users in the European Union the right to request deletion. In practice, enforcement is inconsistent, deletion is rarely complete, and most people never make the request. In the United States, there is no federal biometric privacy law. Illinois has BIPA; a handful of other states have partial protections. For most people, in most jurisdictions, the data retention practices of KYC vendors are effectively unregulated.
You cannot opt out of KYC and retain access to the regulated financial system. The question is not whether you will do KYC. The question is which infrastructure your biometric data travels through when you do.
The Surveillance Architecture vs. The Verification Architecture
There is an important conceptual distinction that most people in the KYC conversation miss, because it requires thinking about data architecture rather than data collection.
A surveillance architecture collects identity data to answer a verification question, and then retains the data after the question has been answered. The data becomes an asset — a database of verified identities that can be queried, sold, subpoenaed, or breached. The verification event becomes a data acquisition event.
A verification architecture collects identity data to answer a verification question, and then returns a cryptographic token that proves the question was answered correctly, without retaining the underlying data. The platform gets the answer — yes, this person is who they say they are — without the infrastructure burden of storing the evidence. The distinction sounds technical. The implications are not.
This is where Passbase enters the conversation. Passbase is a developer SDK and compliance platform — not a consumer app you download, but a verification infrastructure that platforms integrate into their onboarding flows. When a Passbase-integrated platform runs your KYC, the architecture is designed to return a verification result and a reusable verification token to the platform, rather than transferring raw biometric data into the platform’s own database. Passbase holds the verification record with minimal data retention; the platform holds the token.
This is meaningfully better than the traditional model. It is not full sovereignty. But it is a genuine architectural improvement, and the distinction matters.
Passbase: Full Technical Breakdown
What Passbase Does
Passbase provides an end-to-end identity verification platform for businesses that need to comply with KYC and AML regulations. The core verification flow includes document verification, liveness detection, and biometric matching.
Document verification supports over 10,000 document types across 190-plus countries — passports, national identity cards, driver’s licenses, residence permits. The system checks document authenticity by analysing security features, fonts, layout consistency, and signs of digital manipulation. A scanned photocopy of a real document will fail these checks in ways that a genuine document will not.
Liveness detection goes beyond a static selfie comparison. The system uses 3D depth detection to confirm that the person being photographed is a live human being present in front of the camera, not a photograph, printed image, or digital display being held up to the lens. This closes off a significant spoofing attack vector that older verification systems remained vulnerable to.
Biometric matching compares the face in the identity document against the live capture to confirm they belong to the same person. Combined with document authenticity checks, this makes synthetic identity fraud — creating a fictional person with fabricated documents — significantly harder to execute at scale.
AML screening runs in parallel: sanctions lists, politically exposed persons (PEP) databases, and adverse media monitoring. For regulated platforms, this is not optional — it is a legal requirement, and building it into the verification flow rather than treating it as a separate system reduces compliance overhead significantly.
The Reusable Identity Architecture
The feature most relevant to the sovereignty question is Passbase’s reusable identity model. Once you have completed a verification through a Passbase-integrated platform, that verification can be shared — with your explicit consent — to other platforms that also use Passbase. Instead of building a new biometric record at each new platform, your existing verification is referenced.
This is directionally aligned with the Self-Sovereign Identity vision — the idea that you should hold a portable credential that you present selectively, rather than handing the same underlying data to each new party. Passbase’s implementation is not a full SSI system: Passbase itself remains a centralised custodian of the verification record, not a user-controlled credential. But the proliferation of biometric databases is reduced. Six verifications per year at six different vendors becomes one verification, with six consent-gated references.
Certifications and Compliance Posture
Passbase holds SOC 2 Type II certification, which means an independent auditor has reviewed its security controls and found them to be operating effectively over time — not just at a single point. It is GDPR compliant, with documented data processing agreements and data retention policies. For platforms operating in regulated markets, these certifications are prerequisites for vendor approval; for users, they represent a meaningful security baseline that many smaller KYC vendors cannot demonstrate.
The KYC Vendor Landscape
| Vendor | Market Focus | Privacy Posture | SSI/ZK Direction | Pricing Model |
|---|---|---|---|---|
| Passbase | Startup / crypto / fintech | Privacy-forward architecture | Reusable identity (partial) | B2B |
| Jumio | Enterprise | Traditional data retention | None public | B2B (premium) |
| Onfido | Enterprise / mid-market | Traditional | None public | B2B |
| Veriff | Enterprise / mid-market | Traditional | None public | B2B |
| Stripe Identity | SaaS / startup | Standard | None | B2B (per-verification) |
| Civic | Crypto-native | SSI-forward | Strong (blockchain-anchored) | B2B / B2C |
Jumio and Onfido are the incumbents — deep enterprise sales relationships, long compliance track records, and traditional data architectures that prioritise retention over minimisation. Veriff has invested heavily in fraud detection technology and operates similarly. Stripe Identity is the path-of-least-resistance option for SaaS developers already in the Stripe ecosystem, with standard data practices and no particular privacy positioning. Civic represents the furthest point on the SSI spectrum available today, using blockchain-anchored credentials for crypto-native use cases.
Passbase sits between Civic and the traditional vendors — more privacy-conscious than Jumio/Onfido/Stripe, less architecturally radical than Civic, and more practically deployable across mainstream fintech and crypto platforms than the full SSI stack.
The Zero-Knowledge Endgame
The destination of this entire conversation — the architecture that privacy advocates, cryptographers, and digital rights activists have been working toward for two decades — is the zero-knowledge proof applied to identity verification.
A zero-knowledge proof is a cryptographic method by which one party (the prover) can demonstrate to another party (the verifier) that a specific statement is true, without revealing any information beyond the truth of the statement itself. Applied to age verification: instead of uploading your passport and exposing your full name, birthdate, nationality, document number, and facial biometric, you generate a cryptographic proof that satisfies the mathematical statement “this person’s birthdate is more than 18 years before today’s date.” The verifier receives a boolean answer — yes or no — with zero access to the underlying data.
No biometric is transmitted. No document is stored. No database is created. The proof is verified and discarded. The mathematical certainty is equivalent to having seen the document directly — the verifier has the same confidence in the answer — but the information asymmetry is completely different. You proved what needed to be proved. Nothing more was revealed.
Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) — standards developed through the W3C — provide the infrastructure layer for this vision. A DID is a globally unique identifier anchored to a blockchain or distributed ledger, controlled by the user rather than an institution. A Verifiable Credential is a cryptographically signed attestation — “this person is over 18,” issued by a trusted authority — that the user holds in their own wallet and presents selectively. The issuer (a government, a bank, a KYC provider) signs the credential. The user stores it. The verifier checks the signature without contacting the issuer. The issuer never knows which services the user is accessing.
This is Self-Sovereign Identity at its fullest expression: you control what you share, with whom, and when. No central database. No surveillance architecture. No biometric record proliferating across vendor databases.
In 2026, this architecture exists in prototype and in pockets of the crypto ecosystem. It is not yet deployable at the scale required by mainstream regulated financial services. The regulatory frameworks that would recognise ZK-based identity proofs as legally sufficient KYC do not yet exist in most jurisdictions. The tooling for ordinary users remains technically demanding. We are two to five years from a world where most people can complete KYC using verifiable credentials and zero-knowledge proofs instead of passport uploads.
Which is exactly why the conversation about the bridge matters. Passbase is not the destination. It is the most defensible position available within the current system, while the destination is being built.
What You Can Actually Control
Here is the honest limitation of this entire analysis: as a user, you cannot choose your KYC vendor. When you sign up for a regulated platform, you get whatever verification infrastructure that platform has integrated. If they use Jumio, you are in Jumio’s database. If they use Passbase, you are in Passbase’s more privacy-forward architecture. You do not get a dropdown menu.
What you can control is platform selection. You can prioritise platforms that have made public commitments to privacy-forward KYC infrastructure. You can avoid creating accounts on regulated platforms that you are not actively using — every unnecessary verification is an unnecessary data exposure. You can exercise GDPR deletion rights where applicable, even if enforcement is imperfect. You can watch which platforms announce support for DID/VC standards and prioritise them as the technology matures.
For developers and founders building regulated products, the choice is yours entirely. The question is whether you want to build on infrastructure that treats user data as an asset to be retained, or infrastructure designed around the principle of minimal data custody. That choice has regulatory implications — a privacy breach in a Passbase-architecture system leaks tokens and verification results, not raw biometric databases — and it has ethical ones.
Verdict: Passbase and the Privacy Calculus
Overall Score: 78/100
The score reflects a genuine limitation: Passbase’s privacy benefits are only realised when platforms implement it correctly, and users have no visibility into or control over that implementation. The architecture is meaningfully better than the traditional KYC model. The user’s ability to benefit from it is contingent on platform choices they do not make.
| Dimension | Score | Notes |
|---|---|---|
| Privacy Architecture | 85/100 | Token-based model, minimal raw biometric retention, reusable identity — genuinely ahead of the incumbent vendors |
| Verification Quality | 88/100 | 3D liveness detection, 10,000+ document types, integrated AML — technically strong across the board |
| Sovereignty | 68/100 | Still a centralised custodian; not full SSI; user depends on platform implementation |
| Developer Experience | 82/100 | REST API, iOS/Android/web SDKs, compliance dashboard, audit logs — well-built for the developer audience |
| Consumer Control | 55/100 | Users cannot choose their KYC vendor; Passbase’s benefits are invisible to most end users |
The broader takeaway is architectural. Traditional KYC treats every verification event as a data acquisition opportunity. Better KYC treats verification as a question to be answered and then forgotten. The best KYC — the direction the technology is moving — treats verification as a cryptographic proof that the question was answerable, with no data transferred at all.
Passbase is the best available answer to the middle position. For regulated platforms that are not yet able to adopt DID/VC standards, Passbase represents privacy-conscious compliance infrastructure — meaningfully better than Jumio or Onfido for users who care about data minimisation, and technically credible for compliance teams that cannot accept security shortcuts.
For users who want full sovereignty, the destination is zero-knowledge proofs and verifiable credentials. Watch for platforms announcing support for W3C DID standards. Watch for jurisdictions that begin accepting ZK-based age and identity proofs as legally sufficient KYC. The architecture is being built. The regulatory permission to use it is the remaining bottleneck.
Until then: know which infrastructure your identity data is flowing through, favour platforms that have made public commitments to data minimisation, and understand that every unnecessary KYC verification is an unnecessary permanent record of your biometric identity in a database you cannot audit or delete.
The face you hand over today stays in that database indefinitely. Choose accordingly.
Passbase is a B2B identity verification platform. Pricing is enterprise/startup B2B — contact Passbase directly for current rate cards. Compliance certifications: SOC 2 Type II, GDPR compliant. This analysis reflects the platform’s public technical architecture and does not constitute legal compliance advice.
Related reading: CoinGecko Review: The Data Ledger for Global Digital Assets and the Market Unhack, Safe Wallet Review: The Enterprise Multi-Sig Standard and the Capital Sovereignty Unhack, Roam Research Review: The Graph of Networked Sovereign Thought and the Knowledge Unhack, Encrypted Communications: Cryptographic Privacy and the Sovereign Architecture of Speech, Dynamic Frame Control: The Advanced Architecture of Executive Presence and Social Authority.
Join the Inner Circle
Weekly dispatches. No algorithms. No surveillance. Just sovereign intelligence.