top of page

877-241-2100

Privacy Policy

OpSec Intel does not voluntarily collect or save information from individuals through this Website. Any minimal information collected via this Website is done so through Wix.com, and cannot be disabled - or else we would.

Any submissions received via this Website are used by OpSec Intel only for the purpose of (a) responding to submitted inquiries or comments and/or (b) general database information which is maintained by OpSec Intel as confidential information.

OpSec Intel does, from time to time, enter into agreements with its clients to supply background information for existing or prospective employees. All such intelligence gathering is conducted in strict compliance with the FCRA and state, local, or international laws as may be applicable. All information obtained by OpSec Intel is used for the sole purpose of providing background and intelligence information to its contracted clients.

All information obtained is obtained pursuant to existing and applicable laws and limitations and within the parameters of all applicable legal limits. Information supplied to or obtained by OpSec Intel in the course of its background intelligence services for contracted clients, is held by OpSec Intel in strict confidence.

Personal Information Disclosure United States or Overseas: OpSec Intel does not supply any information to any person or entity outside the United States or its Territories except when specifically contracted to do so as set forth below, in which instance such information is supplied on a confidential basis and in accordance with all applicable laws and regulations.

OpSec Intel does not sell information to any third party except for purposes of providing legally permissible background intelligence services to its contracted clients on an individual and case by case basis. OpSec Intel does not vend, sell or give any such information to any other person, entity or organization for any purpose whatsoever. All such information is retained by OpSec Intel for archival purposes and for compliance with applicable retention legislation in various states and under Federal Law. Such information is retained solely to permit OpSec Intel to comply with statutory disclosure obligations in the event such information is legally required to be provided to the subject thereof.

OpSec Intel does not publish, distribute, disseminate or in any other manner make available to any third party or the general public, any information obtained by it either through this website or via any intelligence activities. For further information respecting any specific policies or procedures of OpSec Intel, please contact our office https://opsecintel.com/contact-us.

Fraud Verification Policy

1. What this Service does

We operate an identity-verification and fraud-prevention tool (the "Service") used by our staff to confirm the identity of commercial drivers and other individuals who present a US driver's license or state ID — for example, before releasing freight to a driver. The Service reads the document, compares it to the person presenting it, verifies a mobile phone number, and runs a set of automated fraud-detection checks.

If you are going through a verification, you are the person this Policy is about. Participation is voluntary, but if you decline we may be unable to complete your check (and, for example, may be unable to release freight to you).

2. Information we collect

During a verification we may process:

a) Identity-document data — from the front and back of your license/ID: full name, address, date of birth, document (license) number, expiration and issue dates, issuing state, license class and endorsements, restrictions, any legal-presence markings, and the data encoded in the card's barcode (the AAMVA data, including the document discriminator).

b) Photographs — images of the front of your ID, the back of your ID, and a selfie taken at the time of verification.

c) Facial comparison (biometric operation) — we compare your selfie to the photo on your ID to confirm they are the same person, and we run liveness checks to confirm a live person is present (not a photo or screen). This comparison involves analyzing facial geometry, which several state laws (including Illinois BIPA) treat as a biometric identifier. See Section 5.

d) Mobile phone number and carrier signals — your phone number, and signals obtained from your mobile carrier through our telecom provider (Twilio): line type (mobile vs. VoIP/landline), carrier name, a SIM-change ("SIM swap") indicator, a carrier-account-holder name/address match to your ID ("identity match"), and, where available over cellular data, a silent carrier confirmation that the SIM is live ("Silent Network Authentication"). We also send a one-time SMS code to confirm you control the number.

e) Device, network, and location data — IP address and the approximate location, network operator (ISP/ASN), and connection type derived from it; whether the connection appears to be a VPN/proxy/datacenter; device and browser characteristics (including a device fingerprint, screen, GPU, and timezone); and, with your permission, your device's precise GPS location.

f) Sanctions screening — we screen the name on the ID against the U.S. Treasury OFAC sanctions list (a publicly published government list checked locally).

3. Why we process it

We process this information only to:

  • verify the authenticity of the identity document and the identity of the person presenting it;

  • confirm eligibility (e.g., that the document is a valid commercial license and is not expired);

  • detect and prevent fraud, identity theft, document forgery, and account takeover;

  • meet sanctions-screening and other legal obligations; and

  • create a tamper-resistant audit record of the verification.

We do not sell your information, and we do not use it for advertising or any purpose unrelated to verification and fraud prevention.

4. Consent

Before we scan your ID, capture your selfie, send an SMS code, or query your mobile carrier, we ask for your affirmative consent on screen. Where state law (e.g., Illinois BIPA) requires it, that consent specifically covers the collection and use of biometric identifiers, and this Policy's biometric retention/destruction schedule (Section 5) is made available to you before collection.

5. Biometric data — collection, use, and retention

The facial comparison described in Section 2(c) is a biometric operation.

  • We use facial data only to perform the one-time comparison of your selfie to your ID photo and the liveness check, at the moment of verification.

  • We do not sell, lease, trade, or otherwise profit from biometric identifiers, and we do not disclose them except to the service providers that help perform the comparison (Section 8) or as required by law.

  • We do not store a stand-alone facial-recognition template ("faceprint"). The mathematical face descriptors used for the comparison are generated, used for the match, and discarded — only the result of the comparison (e.g., match / no match and a confidence score) is recorded.

  • The selfie photograph itself is retained as part of the encrypted verification record (Section 6) and is automatically deleted within 30 days.

  • In all cases, any biometric identifier or biometric information is permanently destroyed no later than the earlier of (i) the date the purpose for collecting it has been satisfied, or (ii) 3 years after your last interaction with us — and, per our schedule, in practice within 30 days.

6. Other data — retention and storage

  • A verification record — the ID data fields, the captured images (front, back, selfie), the pass/review/fail outcome, the individual fraud-check results, phone and carrier check results, device/connection data, and GPS (if provided) — is stored encrypted and is automatically deleted 30 days after the verification, for fraud-prevention and audit purposes.

  • Records are encrypted at rest using AES-256-GCM and transmitted only over encrypted connections (HTTPS/TLS).

  • Carrier and IP signals are evaluated at the time of verification and are not used for marketing.

7. How we protect it

Access to the Service and to stored records is restricted to authorized personnel and is gated behind Cloudflare Access (login required). Data is encrypted in transit (TLS) and at rest (AES-256-GCM). We will notify affected individuals and authorities of a data breach as and when required by applicable law.

8. Who we share it with (service providers)

We share limited information only with vendors that help us perform verification, each contractually limited to using it solely to provide their service to us:

  • Twilio — sends the SMS code and provides the mobile-carrier checks (line type, SIM-swap, identity match, silent network auth). Receives your phone number and, for the identity-match check, the name/address/DOB from your ID.

  • Amazon Web Services — hosts the Service.

  • Cloudflare — provides the secure network edge, login gating (Access), and encrypted record storage (R2).

We also screen the ID name against the U.S. Treasury OFAC sanctions list, which is downloaded and checked locally (no data is sent to a third party for this).

We do not sell your personal information. We may disclose information when required by law or to law enforcement as permitted by law (for example, if a fraudulent document is presented).

9. Your privacy rights

Depending on your state of residence, you may have rights to access, correct, delete, or restrict the use of your personal information, to opt out of certain processing, and not to be discriminated against for exercising these rights (including under the California CCPA/CPRA, and biometric laws such as Illinois BIPA). To exercise these rights, contact us at contact@opsecintel.com. We do not sell personal information.

10. Children

The Service verifies adults and is not directed to children under 13. We do not knowingly collect information from children under 13.

11. Changes

We may update this Policy; the effective date above reflects the current version.

12. Contact

contact@opsecintel.com

bottom of page