Data flows, data deletion and tips on passing KYC
Download FileThis is a marketing communication. White Paper here. Not reviewed or approved by any EU authority. Issuer solely responsible. Terms apply to community incentives.
We want to make it as easy as possible for you to pass KYC. Please read these tips carefully to make it easy:
Yes, KYC is not great, but we will get there. To see our approach to KYC, please read “We’re Not Here to Defend KYC, We’re Here to Fix It”
Let’s jump right in.
Here are the top recommendations to pass KYC
- Address Document: Here are the biggest mistakes and tips of to pass the address check:
- Don’t use nicknames. Your name must be your exact name as in your ID document
❌ Yelyzaveta Melnyk → Liza Melnyk
❌ Kim Lee → Kim L.
✅ Michael Ayodele Johnson → Michael Johnson
- The document can’t be older than 6 months
❌ There is no visible date on the document
✅ Your document has a date that is not older than 6 months
- You uploaded the wrong type of document
✅ Utility bills (e.g. electricity or water company)
✅ Bank statements, credit (card) statements, insurances
✅ Lease agreements (the renting contract of your flat or house)
❌ Bank App screenshot
❌ National ID documents that show the address, birth certificates
❌ University letters
❌ Confirmation of address via employment declarations
❌ Delivery slips
❌ Bank App screenshots
What won’t work for any document type:
❌ Screenshots
❌ Paper printouts
- Good to know:
✅ Having your spouse on the letterhead too, e.g. “Sarah and Mike Gonzales
✅ Your city’s postal should be visible; while it’s not strictly necessary, it is advisable
- Don’t use nicknames. Your name must be your exact name as in your ID document
- Liveness Check: Always use your mobile phone, the camera is much better and you can move it to where the lighting is good.
❌ Don’t use headphones
❌ Ideally, don’t wear glasses
- ID Document: Passport always works best. Check if your country is on any restricted lists 👇
These actions will get you banned for the idOS app and idOS NotABank:
❌ Presenting forged documents, e.g. ID document
❌ Impersonation
Please don’t do it. When we get this feedback, we won’t be able to help you. This is for the idOS app and idOS NotABank, you can still use the idOS network.
List of eligible and restricted countries:
As a citizen or resident of the following countries, you can use all services without any problem, given you pass the KYC heck:
Andorra, Antigua and Barbuda, Argentina, Australia, Austria, Bahamas, Bahrain, Belgium, Belize, Benin, Botswana, Brazil, Brunei, Cabo Verde, Cambodia, Canada, Chad, Chile, Colombia, Comoros, Congo (Republic of the), Costa Rica, Cyprus, Czechia, Denmark, Djibouti, Dominica, Dominican Republic, Ecuador, El Salvador, Equatorial Guinea, Estonia, Eswatini, Fiji, Finland, France, Gabon, Gambia, Georgia, Germany, Ghana, Greece, Grenada, Guyana, Honduras, Hungary, Iceland, India, Indonesia, Ireland, Israel, Italy, Jamaica, Kazakhstan, Kiribati, Korea (South), Kuwait, Kyrgyzstan, Latvia, Lesotho, Liberia, Liechtenstein, Lithuania, Luxembourg, Madagascar, Malawi, Malaysia, Maldives, Malta, Marshall Islands, Mauritania, Mauritius, Mexico, Micronesia, Mongolia, Montenegro, Nauru, Netherlands, New Zealand, Norway, Oman, Palau, Panama, Papua New Guinea, Paraguay, Peru, Philippines, Poland, Portugal, Romania, Rwanda, Saint Kitts and Nevis, Saint Lucia, Saint Vincent and the Grenadines, Samoa, San Marino, Sao Tome and Principe, Senegal, Serbia, Seychelles, Sierra Leone, Slovakia, Slovenia, Solomon Islands, Spain, Sri Lanka, Suriname, Sweden, Switzerland, Taiwan, Tajikistan, Timor-Leste, Togo, Tonga, Turkmenistan, Tuvalu, Uganda, United Arab Emirates, United States of America, Uruguay, Vatican City, Zambia.
I am a citizen of a restricted country, why am I blocked from using some or all features of idOS NotABank?
First of all, this sucks. To read our approach to KYC, read “We’re Not Here to Defend KYC, We’re Here to Fix It” . Some of our own team members can’t use the product that they helped build. The reason is that financial providers are asked to comply with the FATF or EU list of high-risk countries. You find the list of countries that are restricted for each company/service below:
idOS contribution events:
Afghanistan, Algeria, Angola, Bolivia, Bulgaria, Burkina Faso, Cameroon, Congo (Democratic Republic of the), Haiti, Iran, Kenya, Korea (North), Laos, Lebanon, Mali, Monaco, Mozambique, Myanmar, Namibia, Nepal, South Sudan, Sudan, Syria, Tanzania, Trinidad and Tobago, United Kingdom, Vanuatu, Venezuela, Yemen.
Noah features in idOS NotABank:
Afghanistan, Algeria, Bangladesh, Belarus, Bhutan, Burundi, Central African Republic, China, Congo (Democratic Republic of the), Cuba, Guinea-Bissau, Haiti, Iran, Iraq, Japan, Kenya, Korea (North), Kosovo, Lebanon, Libya, Mali, Moldova, Morocco, Mozambique, Myanmar, Nepal, Nicaragua, Niger, North Macedonia, Pakistan, Palestine, Qatar, Russia, Saudi Arabia, Singapore, Somalia, South Sudan, Sudan, Syria, Ukraine, United Kingdom, Uzbekistan, Vanuatu, Venezuela, Yemen, Zimbabwe.
Transak features in NotaBank
Afghanistan, Albania, Algeria, Angola, Armenia, Azerbaijan, Bangladesh, Barbados, Belarus, Bolivia, Bosnia and Herzegovina, Bulgaria, Burkina Faso, Burundi, Cameroon, Central African Republic, China, Croatia, Cuba, Egypt, Eritrea, Ethiopia, Guatemala, Guinea, Guinea-Bissau, Haiti, Iran, Iraq, Jordan, Kenya, Korea (North), Kosovo, Laos, Lebanon, Libya, Mali, Monaco, Morocco, Mozambique, Myanmar, Namibia, Nepal, Nicaragua, Niger, Nigeria, Pakistan, Palestine, Qatar, Russia, Saudi Arabia, Somalia, South Africa, South Sudan, Sudan, Syria, Tanzania, Thailand, Tunisia, Turkey, Ukraine, United Kingdom, Venezuela, Vietnam, Yemen, Zimbabwe
Who are you sharing your data with?
- idOS Association: Yours truly. Launched the idOS App, which includes idOS NotABank. You may give us an Access Grant to your data to participate in community events where KYC is required.
- Noah: Onramp and crypto-to-fiat stablecoin payments provider. Allows users to send and convert crypto directly to bank accounts across the world.
Uses idOS verifiable credentials to allow users to onboard without having to go through KYC again. - Transak: Global fiat on-ramp/off-ramp provider. Uses idOS verifiable credentials to streamline user onboarding and regulatory checks.
- Fractal ID: No-data KYC orchestration provider. Implements KYC providers in a single flow, helps users encrypt and issue data against idOS. Assures that data is deleted from their central databases after 14 days and on the KYC providers’ side immediately.
- Sumsub: Enterprise-grade verification provider. Supports identity, AML, and proof-of-personhood services for idOS node operators and integrators.
- Persona: Compliance and identity platform. Integrates with idOS for reusable verification credentials and selective disclosure flows, enabling privacy-preserving onboarding for web3 and fintech partners.
What are the user data flows?
- You created your idOS account. Congratulations! You likely don’t have an existing KYC credential, so to get you set up, we load the Fractal ID journey that either loads Persona’s or Sumsub’s KYC process.
- You proceed to go through the KYC process (or may not be able to proceed if you are a citizen of one of the blocked countries – see list above)
- Fractal ID has implemented idOS and will help
- Fetch the data from the KYC provider
- Turn it into a verifiable credential (the standardized data format)
- Help you fetch your encryption key (Fractal ID will not see your key), help you encrypt the data and send that encrypted data package to your idOS storage.
- Prompt you to give an Access Grant to idOS Association. This Access Grant is needed for you to participate in idOS contribution events, and has a timelock of 3 months. This means that during 3 months you will not be able to revoke access. This is needed for compliance reasons, and after 3 months idOS Association will automatically revoke all access grants it has been given as part of this flow.
- Fractal ID initiates the deletion process with the KYC provider. Fractal ID deletes data after 14 days automatically. It retains the data for 14 days to be able to support users with the onboarding process.
- Fractal ID asks for an Access Grant, idOS’ mechanic that enables you to share access to credentials in your profile. It needs it to seamlessly orchestrate data with other providers. Fractal ID will immediately revoke its own access grant right after processing the data.
- You then go to either Noah or Transak to onramp, or offramp, or because you are curious to onboard. Fractal ID will facilitate the data exchange to either Noah or Transak with your permission. It will process the data centrally to send it to Noah or Transak and will delete it right afterward.
- Success! You are now onboarded to Noah/Transak with no need to go through a full KYC verification again.
This sounds quite complex – because it is! We worked hard to make it feel easy on your side. We hope that worked, we’d love your feedback!
If you want to dive deeper, you can find our documentation here. And if you prefer to watch a video of our Co-Founder explaining some of these concepts, you can check here.
When and how is data deleted?
Who keeps your data?
Your data is encrypted in the idOS Storage network. It is encrypted with your very own encryption key – no one can access it. Once you give an Access Grant, the data is encrypted to the recipient's key – they can now also access idOS to retrieve and extract your data - but only if they have to. We highly encourage a data minimization effort, only using idOS for storage. But data providers like Noah and Transak may choose to also store data themselves or with their KYC providers. Fractal ID keeps your data for 14 days to support the onboarding process, but auto-deletes any data afterwards.
Does idOS have access to my data?
No. Only if you grant an access grant to idOS e.g. for a community sale.
Read here more details on how idOS keeps your data secure.