Legal

Privacy Policy

Last updated: May 6, 2026 · Effective immediately

Burline operates a KYC decisioning platform used by banks, credit unions, and fintechs to verify the identity of their applicants and customers. This policy explains what information we collect, how we use it, and the choices you have.

01Overview

This Privacy Policy describes how Burline, Inc. ("Burline," "we," "us," or "our") collects, uses, and shares information when you visit our website, communicate with us, or when our platform processes data on behalf of one of our customers.

Burline plays two distinct roles depending on the context:

  • Controller. When you visit burline.com, contact us, or apply for a job, we determine how your information is used.
  • Processor. When our customers (banks, credit unions, fintechs) use our platform to verify their applicants, we process applicant data under their instructions and on their behalf.

If you are an applicant whose data was processed by a financial institution using Burline, please refer to that institution's privacy policy first. We process your information at their direction.

02Information we collect

Information you provide

  • Contact information when you request a demo, sign up for updates, or reach out to us (name, email, company, role, phone number).
  • Account credentials and profile information when you become a customer.
  • Payment and billing information processed through our payment providers.
  • Communications you send to us, including support requests and feedback.

Information we collect automatically

  • Device, browser, and connection information (IP address, user agent, referrer).
  • Usage data about how you interact with our website and platform.
  • Cookies and similar technologies as described in our cookie policy.

Information processed on behalf of customers

When our customers use Burline to verify their applicants, we process the personal data they submit, which may include:

  • Identity attributes (name, date of birth, address, government identifier).
  • Identity document images and extracted data.
  • Biometric data including selfie images and liveness signals.
  • Device, network, and behavioral signals collected during the verification flow.
  • Results of sanctions, PEP, adverse media, and watchlist screening.
  • Outcomes of decisioning rules and risk models applied to the applicant.

03How we use information

We use information to:

  • Provide, maintain, and improve the Burline platform and our website.
  • Process customer transactions and deliver decisioning outputs.
  • Communicate with you about products, updates, and support.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations including AML, sanctions, and audit requirements.
  • Train and improve risk models in aggregated and de-identified form, where permitted by our customer agreements and applicable law.

04Sharing & disclosure

We share information only as described below:

  • With our customers. Decisioning outputs and applicant data are returned to the customer who initiated the verification.
  • With service providers. Cloud hosting, identity data sources, sanctions list providers, and infrastructure vendors that operate under contractual confidentiality and data-protection obligations.
  • For legal reasons. When required by law, regulation, legal process, or to protect rights, safety, or property.
  • In a business transaction. In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

We do not sell personal information.

05Data retention

We retain personal information for as long as needed to provide our services, comply with legal and regulatory obligations (including financial recordkeeping requirements), resolve disputes, and enforce agreements. Customer-controlled data is retained according to the retention period configured by the customer in their Burline account.

06Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, audit logging, and regular security testing. Burline's security program is aligned to SOC 2 and applicable financial-services standards. No system can be guaranteed to be completely secure, but we work continuously to improve our defenses.

07Your rights

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete information, subject to legal retention requirements.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection authority.

If you are an applicant whose data was processed through Burline by a financial institution, please direct your request to that institution. We will support our customers in responding to such requests as required by applicable law.

08International transfers

Burline operates globally. Personal information may be transferred to and processed in jurisdictions other than your own, including the United States. Where required, we use appropriate safeguards such as Standard Contractual Clauses to protect cross-border transfers.

09Children's privacy

Burline's services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps.

10Changes

We may update this policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be communicated through our website or directly to customers as appropriate.

11Contact

For privacy questions or to exercise your rights, contact us using the details below.

Burline, Inc.

251 Little Falls Drive
Wilmington, DE 19808

Email: privacy@burline.com