Information Security

Reliable and secure technology you can trust.

At Jumio, we strive to ensure that information security and data protection underpin everything we do. We are able to achieve this through the effort of our people working together across our business. Our mature security controls have been validated through multiple external certifications that we achieved as a result of Jumio’s constant effort and focus on our information security and data protection programs.


Jumio operates in multiple jurisdictions, and compliance with local laws and regulations is paramount for us to lead a successful business. Our legal team has identified the legal requirements and regulations that are applicable to our operations, and we have implemented controls that help to achieve the required level of compliance.

At Jumio, we respect the privacy rights of users and recognize the importance of protecting the information of our customers. Jumio is committed to protecting the privacy and security of the digital identities which we verify and authenticate. Our privacy policy explains how information (including personal data as defined under GDPR) is collected, retained, used, disclosed and transferred by Jumio and the available choices you have with regard to your personal information.


Our customers are increasingly interested in our level of compliance with security standards and frameworks. We are proud to have achieved ISO/IEC 27001:2013, PCI DSS and SOC2 Type 2 certifications, and our security is in a continuous process of improvement regardless of certifications that we hold or strive to achieve.

ISO/IEC 27001:2013

ISO/IEC 27001:2013 certification demonstrates that Jumio successfully operates a systematic approach to securing the data of our customers as well as our corporate information, and our commitment to continuous risk management.

We regularly review our security objectives, security risks and the performance of our controls, which helps us design new processes and improve the existing ones.

Our people, processes and technology are independently assessed as meeting the standards set forth by the International Organization for Standardization.


PCI DSS Level 1 certification demonstrates that Jumio has a robust PCI DSS compliant operating model. Our ongoing PCI DSS Level 1 certification is validated on an annual basis by a skilled external audit team against the requirements of the standard.

We also believe that personal information is as important as credit card and payment data, and this is why we treat it with the same care and apply the same security safeguards to all data of our customers.


SOC2 Type 2

The Jumio KYX Platform is SOC2 Type 2 certified against organizational controls in the following trust principles:

  • Security
  • Confidentiality
  • Availability

The SOC2 Type 2 certification and report provide a validation of security controls in operation across Jumio’s people, processes and technology. This accreditation demonstrates Jumio’s commitment to securely handling customer data and the effectiveness of the organizational security controls that secure Jumio’s KYX Platform.

The latest SOC2 Type 2 report is available upon request. To obtain a copy, please contact your Jumio account representative.