Your data is secured

To ensure that we conduct our business safely and securely for our users and customers, we comply with various national and international standards.

Additionally, we guarantee the highest level of trust and therefore certify both the accuracy of our technologies and the security of our systems in accordance with various standards. These certificates involve analysis by accredited third parties and therefore provide added assurance that your data is in safe hands.

Technology evaluations

National Institute of Standards and Technology

United States

Alice is evaluated by the US National Institute of Standards and Technology (NIST). The most relevant institution in biometric technology standards.

SEPBLAC Authorization


Dekra has evaluated Alice’s video identification system based on the requirements established by SEPBLAC (Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses), concluding that Alice’s technology allows the implementation of a procedure in accordance with the requirements, accrediting a level of security equivalent to physical presence.


Information security

ISO 27001


The ISO27001 standard guarantees the highest standard in the implementation, maintenance and improvement of information security management systems. Alice has this certification through UKAS, an accredited third party for this purpose.






Data protection


Data protection regulations (GDPR) are based on the idea that individuals are the owners of their personal data. This implies the power of subjects to control their personal data, its use and its destination.

Alice, complies with the guidelines established by the General Data Protection Regulation (or GDPR) and the Organic Law 3/2018 of December 5, 2018, on the Protection of Personal Data and guarantee of digital rights (hereinafter, LOPDPPDD), guaranteeing this right of privacy of users by default and from the design of our product.

Data protection by design and by default

At Alice we determine which security measures (technical, organizational and legal) will be necessary to establish before carrying out any processing of personal data, to apply them during the design of the processing and that by default they comply with the principles of minimization and limitation.

Proactive responsibility

Certifications and compliance. We carry out data protection impact assessments periodically and whenever necessary. We are also certified with ISO 27001 for Information Security.

Minimization of personal data. Our solution only collects data that is strictly essential to fulfill the service provided to our customers.

Data encryption. End-user data is encrypted during transport and storage with advanced encryption standards approved by the National Cryptologic Center to protect it and make it unusable in the event of a data breach.

Data deletion. Once we verify our clients’ users, we delete this information according to the deadlines established in our Data Retention Policy, depending on each client’s needs.

Specialist Data Protection Officer. We have a DPO and cooperate with the Spanish Data Protection Agency.

Transparent communication with clients. Alice is committed to informing its customers within 36 hours of any security breach that could compromise the data of its users.



The data lifecycle at Alice Biometrics

How does your personal data travel when you sign up for a service that uses Alice Biometrics’ technology?

Let’s say, for example, that you are going to sign up for a digital bank, using your cell phone. This data journey begins with the use of the camera, scanning your ID card and your face. A fast, convenient and secure process.

Who handles your data and what do they use it for?

At Alice Biometrics we capture your ID card and your face and perform data verification on our servers to validate that your ID card is authentic and that the person who has taken the selfie is the same as the one on the card.

Once this is done, we return this information to the digital bank, which will be responsible for safekeeping it. And it will only be able to use this information to validate your identity, which is what you have given your consent for. The regulation makes it clear that you are not allowed to use this information for any other purpose.

Is there any risk in using the face?

No. Alice’s biometric technology converts your face into an undecipherable and irreversible mathematical vector. Once generated, it is not possible to return to the original image, as it is a non-interoperable numerical representation. That is, only the system that created it can read and understand it.

Where is all this information processed?

Alice Biometrics has its services hosted in world-class public cloud data centers, complying with the most demanding security standards and certifications in the industry.