Security and Compliance

Security and Compliance with the SmilePass API


The SmilePass Platform has been developed to cater for industry leading security compliancy. All data is encrypted and at the very heart of the SmilePass platform are the backend SmilePass servers and which comply with the latest ISO 27001 (UK) security measures to meet the world’s most stringent security guidelines.

What’s more, our high availability network means our service is always available and allows for instant scalability.

The United Kingdom has a comprehensive legislative regime that implements the EU Data Protection Directive 95/46 EC.

Key Points

Applicable legislation

England and Wales has implemented the EU Data Protection Directive 95/46 EC and the EU Directive on Privacy and Electronic Communications 02/58 EC through the Data Protection Act 1998 (the Data Protection Act) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 respectively.

Scotland and Northern Ireland are separate legal systems to England and Wales but have almost identical legislation to that in place in England and Wales.

The UK Information Commissioner is the regulator for all three jurisdictions. The UK Information Commissioner has powers to issue civil monetary penalties of up to £500,000 for non-compliance with the Data Protection Act.

Protected data

Personal data is any data from which a living individual (the Data Subject) may be identified, either alone from that data or in conjunction with other information already in the possession of, or which is likely to come into the possession of, the person who determines the purposes for which personal data will be processed (the Data Controller) provided that, under current case law, such data is biographical of the Data Subject or focuses on the Data Subject.

Personal data primarily covers digital information but extends to some structured paper based records only, under current case law, where the organisation in control of the information also allows the searcher to find different categories of information about the individual without further analysis.

Restrictions on transfer of data offshore

EU Data Protection Directive 95/46 EC grounds allowing transfer outside of the EEA or EU White Listed countries have been implemented, where the Data Subject has consented or where the processing is necessary to perform a contract with the Data Subject or another person and which is in the interests of the Data Subject. Otherwise, EU Model Clauses are the most straightforward route to achieve compliant export.



Facial Detection Points



Emotional Detections



Facial Characteristics