Skip to content
Authmatech
Legal

Authmatech legal center

Every contract that governs how Authmatech is used, in plain language. Last updated quarterly.

Privacy Policy

Last updated 2026-04-01

1. Who we are

Authmatech ("Authmatech", "we", "us") operates the mobile identity platform available at authmatech.com. We are headquartered in Amman, Jordan, and provide services primarily to organizations operating across the MENA region.

2. Data we process

On behalf of our customers, we process mobile identifiers, encrypted identity tokens, and metadata about verification attempts (latency, result, masked mobile number). On behalf of website visitors and applicants, we process contact details voluntarily submitted via our forms.

3. How we use it

Customer-submitted data is used solely to perform the verification service our customers request, to bill for usage, and to maintain a tamper-evident audit trail. Visitor-submitted data is used solely to respond to enquiries, route them to the right team, and improve outreach.

4. Where it lives

Customer data is stored in the region nearest the customer's contracted residency. Jordan customer data resides in Jordan infrastructure. UAE and additional MENA residency are available on the Enterprise tier. Cross-region replication only occurs with explicit, written customer consent.

5. How long we keep it

Verification audit records are retained for the duration specified in your contract (default 12 months, extendable for regulated workloads). Contact form submissions are retained for 24 months unless deleted earlier on request.

6. Your rights

Under GDPR, PDPL, and equivalent regional frameworks you have rights to access, correct, port, and delete your personal data. Submit requests to [email protected] — we respond within the regulatory SLA, typically faster.

7. How we secure it

Mobile identifiers, customer credentials, and integration secrets are AES-256-encrypted at rest with field-level keys. All transport uses TLS 1.2+. Logs are routed through a masking layer that redacts PII before persistence.

8. Subprocessors

A current list of subprocessors and the data they handle is available on request. Material changes are notified 30 days in advance to customers under contract.

9. Children

Authmatech services are not directed to individuals under 18. We do not knowingly collect personal data from children.

10. Contact

For privacy questions or DPO-style escalation, email [email protected].