Frequently Asked Questions

Common questions about KYC Passport, partner invitations, user consent, and data access.

General Questions

What is KYC Passport?

KYC Passport is a feature that enables organizations to securely share verified KYC data with partner organizations. It creates a trusted ecosystem where users verify once and partners can securely access the verification results with proper consent.

How does KYC Passport benefit my organization?

KYC Passport enables you to:

• Share verification results with trusted partners
• Reduce verification friction for users in your ecosystem
• Build partner networks without compromising user privacy
• Maintain compliance while enabling data sharing

Inviting Partners

Can I invite multiple partners to the same flow?

Yes, you can invite as many partners as needed to a single flow. There is no technical limit on the number of partners. However, for user experience and compliance reasons, it's recommended to limit the list to partners that are essential for the user's journey.

What happens if a user completes verification before a partner accepts the invite?

The access grant is created when the user completes verification (with consent). When the partner later accepts the invite, they gain immediate access to that data. The grant is created in an inactive state and becomes active once the partner accepts.

Can partners access historical data?

No. Partners can only access data from users who completed verification after the invite was created. This ensures users have visibility into which partners their data will be shared with at the time of verification.

What data do partners receive?

Partners receive the same KYC data that your organization has access to for the specific flow, including:

• Verified identity documents
• Personal information (name, date of birth, address, etc.)
• Verification results and status
• Any additional data collected in the flow

The exact data depends on the flow configuration and document types verified.

Managing Invitations

Can I see which users' data a partner has accessed?

Currently, you can see that a partner has accepted an invitation and has general access to the flow. Detailed per-user access logs are available through your organization's audit logs.

What happens to data a partner already accessed if I revoke their access?

Revoked access prevents the partner from accessing new flow results. However, data they've already accessed and stored remains available until their retention obligations are met. Partners should follow their data retention policies for already accessed information.

Can I temporarily suspend a partner's access?

Access revocation is permanent. If you need temporary suspension, consider creating time-limited flows or coordinating directly with the partner organization.

Will users be notified when I revoke a partner's access?

Users are not automatically notified when partner access is revoked. If you want to inform users, you should communicate this through your own channels.

Can I change a partner's email address after sending an invitation?

You cannot modify an existing invitation. If the email is incorrect, revoke the invitation and send a new one to the correct email address.

How do I resend an invitation?

Find the pending invitation in the partners list, click the action menu (three dots), and select "Resend Invite". A new email with a fresh verification code will be sent. The previous code will no longer work.

Accepting Invitations

What if I didn't receive the invitation email?

• Check your spam/junk folder
• Verify the email address with the inviting organization
• Ask them to resend the invitation
• Check with other admins in your organization in case they received it

Can I accept an invitation if my organization doesn't exist yet?

Yes! If you don't have an account on the Zyphe platform, the invitation will guide you through the organization registration process. Once you complete registration, the invitation is automatically accepted.

What happens if I reject an invitation?

If you reject an invitation:

• The invitation is permanently closed
• No data is shared with your organization
• The partner can send a new invitation if needed in the future

How long are invitations valid?

Invitations have a built-in validity period for security purposes. The exact duration is specified in the invitation email. If an invitation expires, the partner can resend it with a new verification code.

Can multiple people in my organization accept the same invitation?

No. Each invitation can only be accepted once. The first admin to accept it will link the invitation to your organization. Other admins will have access to the shared data once the invitation is accepted.

User Consent

Can users revoke consent after verification?

Users cannot directly revoke consent, but they can request data deletion through your organization's data protection procedures. When a deletion request is received, you should revoke partner access as appropriate.

What if a user wants to share data with some partners but not others?

Currently, consent is all-or-nothing for the partners listed at verification time. Consider creating multiple flows with different partner combinations if you need granular control.

How long does user consent last?

Consent lasts for the duration specified in your privacy policy and data retention policy. Ensure these align with regulatory requirements in your jurisdiction.

Can I add partners to a flow without getting new consent from users?

No. Partners invited after a user completes verification do not receive access to that user's data, specifically to maintain the integrity of the original consent. This ensures users always know which organizations will receive their data at the time of verification.

How does this work with multi-step flows?

Consent is typically shown at the beginning of the flow or before the first step that collects personal information. Once provided, it applies to all data collected in that flow session.

What happens if a user declines consent?

If a user declines consent, they cannot proceed with verification for that flow. Consider creating alternative flows without partner sharing for users who prefer not to share their data.

Troubleshooting

"Invalid Verification Code"

• Double-check the code from your email
• Codes are case-sensitive
• Request a new invitation if the code has expired

"Invitation Already Used"

• This invitation has already been accepted
• Check if someone else in your organization already accepted it
• Contact the partner if you need clarification

"Invitation Expired"

• The invitation validity period has passed
• Contact the partner organization to resend the invitation
• You'll receive a new code with extended validity

"Email Mismatch"

• Make sure you're using the email address the invitation was sent to
• Contact the partner if the wrong email was used
• They can send a new invitation to the correct email

"Invite has been revoked"

• The inviting organization has cancelled this invitation
• Contact them to understand why it was revoked
• They can send a new invitation if appropriate

"Invite not for this organization"

• The invitation is linked to a different organization
• Ensure you're logged into the correct organization
• Contact the inviting organization if there's a mismatch

Data Access & Security

How is shared data secured?

All data is secured using:

• Cryptographic access grants
• End-to-end encryption
• Decentralized storage

Partners never receive raw access to storage—only through properly authorized access grants.

Can partners share the data with others?

Partners should only use the data for the purposes agreed upon in your data sharing agreement. Technical limitations prevent them from creating additional partner invites for your flow data.

What happens to my data if a partner has a security breach?

Partners are responsible for securing any data they access and store. Ensure your data sharing agreements include security requirements and breach notification procedures.

Technical Questions

Does KYC Passport work in sandbox mode?

Yes. All KYC Passport features are available in sandbox mode for testing. We strongly recommend testing the complete flow in sandbox before inviting production partners.

Best Practices

How should I choose which partners to invite?

Consider:

• Business need: Does the partner genuinely need the data?
• Trust level: Do you have a strong relationship with the partner?
• Compliance: Does the partner meet your security and privacy standards?
• User benefit: Does sharing improve the user experience?

How many partners should I invite per flow?

Limit partners to those essential for the user's journey. Too many partners can:

• Overwhelm users during consent
• Increase compliance complexity
• Raise privacy concerns

Generally, 1-5 partners is reasonable for most use cases.

Should I invite partners before or after creating a flow?

Ideally, invite partners after creating the flow but before users start verifying. This ensures:

• Partners appear in user consent
• Users know all recipients at verification time
• Proper access grants are created

How often should I review partner access?

Conduct regular audits:

• Monthly reviews of active partnerships
• Quarterly compliance reviews
• Immediate review if partnerships end
• Annual comprehensive security assessments

Still Have Questions?

If your question isn't answered here:

• Check the technical documentation for detailed information
• Review the individual guides:
  • Inviting Partners
  • Managing Invitations
  • Accepting Invitations
  • User Consent
• Contact our support team