Data Processing Agreement
Between VerifiedKnock, Inc. (Processor) and the subscribing Agency (Controller)
Data Ownership
Agency retains full ownership
Processing Scope
Identity verification only
Retention Limit
Term + 90 days
Breach Notice
72 hours
Preamble
This Data Processing Agreement ("DPA") is entered into between VerifiedKnock, Inc. ("Processor," "VerifiedKnock," "we," or "us") and the agency, department, or organization that has executed a Master Services Agreement or Subscription Agreement with VerifiedKnock ("Controller," "Agency," or "you"). This DPA forms part of, and is incorporated into, the Master Services Agreement or Subscription Agreement between the parties (collectively, the "Agreement").
This DPA governs the processing of personal data that the Agency provides to VerifiedKnock in connection with the VerifiedKnock pre-arrival officer authentication platform (the "Service"). The parties agree that this DPA reflects their mutual obligations with respect to applicable data protection laws, including but not limited to the Illinois Biometric Information Privacy Act (740 ILCS 14/1 et seq.), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), and Washington's Biometric Privacy Law (RCW 19.375).
1. Definitions
"Personal Data"
Any information relating to an identified or identifiable natural person, including officer names, badge numbers, email addresses, and scan event metadata.
"Biometric Identifier"
A fingerprint template or other biometric data stored on a VerifiedKnock NFC credential card. Biometric identifiers are stored exclusively on the physical card hardware and are never transmitted to or stored on VerifiedKnock servers.
"Processing"
Any operation performed on Personal Data, including collection, recording, storage, retrieval, use, disclosure, or deletion.
"Controller"
The Agency, which determines the purposes and means of processing Personal Data in connection with the Service.
"Processor"
VerifiedKnock, which processes Personal Data on behalf of the Controller in accordance with this DPA.
"Sub-processor"
Any third party engaged by VerifiedKnock to process Personal Data on the Controller's behalf, including cloud infrastructure providers and payment processors.
"Scan Event"
A logged record of an officer verification attempt, consisting of a timestamp, geographic coordinates (city/zip level), officer identifier, and a pass/fail result. Scan Events do not contain biometric data.
2. Roles and Responsibilities
The Agency acts as the Controller with respect to all Personal Data submitted to the Service. VerifiedKnock acts as the Processor, processing Personal Data solely on documented instructions from the Agency as set forth in this DPA and the Agreement. VerifiedKnock shall not process Personal Data for any purpose other than providing the Service, unless required to do so by applicable law, in which case VerifiedKnock shall inform the Agency of that legal requirement before processing unless prohibited by law.
The Agency represents and warrants that it has the legal authority to submit the Personal Data to the Service and that all officers whose data is entered into the platform have been informed of such processing in accordance with applicable law and the Agency's own internal policies.
3. Scope and Nature of Processing
VerifiedKnock processes the following categories of Personal Data on behalf of the Agency:
| Data Category | Examples | Purpose |
|---|---|---|
| Officer Identity Data | Full name, badge number, email address | Roster management and card provisioning |
| Organizational Data | Agency name, ORI/PUC number, contact email, EIN | Account verification and billing |
| Scan Event Metadata | Timestamp, city/zip, officer ID, pass/fail result | Analytics and audit logging |
| Authentication Tokens | Magic-link tokens, session cookies (hashed) | Secure dashboard access |
Important: Biometric identifiers (fingerprint templates) are stored exclusively on the physical NFC credential card hardware. They are never transmitted to, processed by, or stored on VerifiedKnock servers. The Service receives only a cryptographic verification result (pass/fail) from the card's onboard secure element.
4. Data Retention and Deletion
VerifiedKnock retains Personal Data for the duration of the Agreement plus a period of ninety (90) days following termination or expiration, during which time the Agency may request an export of its data. Following this period, VerifiedKnock will securely delete or anonymize all Personal Data associated with the Agency's account, except where retention is required by applicable law.
The Agency may request deletion of specific officer records at any time through the Agency Dashboard. Such deletions are processed within seventy-two (72) hours and are permanent. Scan Event metadata associated with deleted officers is anonymized rather than deleted to preserve audit integrity.
Upon termination of the Agreement for any reason, VerifiedKnock will, at the Agency's election, either return all Personal Data in a machine-readable format or certify its secure deletion within thirty (30) days of the termination date.
5. Security Measures
VerifiedKnock implements and maintains technical and organizational measures appropriate to the risk presented by the processing, including the following:
Encryption in Transit
All data transmitted between the Agency Dashboard, mobile applications, and VerifiedKnock servers is encrypted using TLS 1.2 or higher.
Encryption at Rest
Personal Data stored in the VerifiedKnock database is encrypted at rest using AES-256 encryption provided by the underlying cloud infrastructure.
Access Controls
Access to Personal Data is restricted to VerifiedKnock personnel who require it to perform their job functions. All access is logged and audited.
Authentication
Agency Dashboard access requires magic-link authentication with time-limited tokens. Administrative access requires multi-factor authentication.
Incident Response
VerifiedKnock maintains a written incident response plan and conducts annual tabletop exercises to test its effectiveness.
Sub-processor Security
VerifiedKnock contractually requires all sub-processors to implement security measures no less protective than those described in this DPA.
6. Data Breach Notification
In the event that VerifiedKnock becomes aware of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise processed by VerifiedKnock, VerifiedKnock will notify the Agency without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach.
Such notification will include, to the extent then known: a description of the nature of the breach; the categories and approximate number of individuals and records affected; the likely consequences of the breach; and the measures taken or proposed to address the breach and mitigate its effects. VerifiedKnock will cooperate with the Agency in any investigation of the breach and in any required notifications to affected individuals or regulatory authorities.
7. Sub-processors
The Agency authorizes VerifiedKnock to engage the following categories of sub-processors to assist in providing the Service. VerifiedKnock will ensure that each sub-processor is bound by data protection obligations no less protective than those set forth in this DPA.
| Sub-processor Category | Purpose | Data Processed |
|---|---|---|
| Cloud Infrastructure Provider | Database hosting and server infrastructure | All Personal Data categories |
| Stripe, Inc. | Payment processing and subscription management | Billing contact information only |
| Resend, Inc. | Transactional email delivery | Email addresses and magic-link tokens |
VerifiedKnock will notify the Agency at least thirty (30) days in advance of any intended changes to the list of sub-processors. The Agency may object to such changes within fourteen (14) days of notification. If the Agency objects and the parties cannot resolve the objection, either party may terminate the Agreement upon written notice.
8. Data Subject Rights
To the extent that applicable law grants officers or other individuals rights with respect to their Personal Data (such as rights of access, correction, deletion, or portability), the Agency is responsible for responding to such requests. VerifiedKnock will provide reasonable assistance to the Agency in fulfilling such requests, including by providing tools within the Agency Dashboard to access, correct, export, or delete officer records.
9. Biometric-Specific Obligations
With respect to any biometric identifiers processed in connection with the Service, the parties acknowledge and agree as follows. The Agency, as the entity that provisions officer NFC credential cards, is responsible for obtaining written informed consent from each officer prior to the enrollment of that officer's biometric identifier on a credential card, in compliance with applicable biometric privacy laws including BIPA, CUBI, and Washington HB 1493.
VerifiedKnock's servers do not receive, store, or process raw biometric identifiers at any time. The biometric matching process occurs entirely on the NFC card's onboard secure element. VerifiedKnock's platform receives only a binary verification result (authenticated / not authenticated) and does not have access to the underlying biometric template. The Agency acknowledges this architecture and agrees that it, not VerifiedKnock, bears primary responsibility for biometric data collection compliance.
10. Term and Termination
This DPA is effective as of the date the Agency first activates its VerifiedKnock account and remains in effect for the duration of the Agreement. Upon termination or expiration of the Agreement, this DPA terminates automatically, subject to the survival of provisions relating to data retention, deletion, and breach notification obligations that arose prior to termination.
11. Governing Law
This DPA is governed by the laws of the United States and the state in which the Agency's principal place of business is located, without regard to conflict of law principles. Any disputes arising under this DPA shall be resolved in accordance with the dispute resolution provisions of the Agreement.
Execution
By activating an Agency account on the VerifiedKnock platform and submitting the credential verification form, the Agency acknowledges that it has read, understood, and agrees to be bound by this Data Processing Agreement. This electronic acceptance constitutes a legally binding signature under the Electronic Signatures in Global and National Commerce Act (E-SIGN Act), 15 U.S.C. § 7001 et seq.
Controller
Subscribing Agency
As identified in the Agency account registration
Accepted electronically upon account activation
Questions about this DPA?
Contact our legal team at [email protected]. For urgent data breach notifications, use the same address with the subject line "DATA BREACH NOTICE."