Is Jumio Safe?

If you use or plan to use Jumio, you need to know: Is Jumio safe? 

Below, we explain whether Jumio is: 

• Safe to use. 
• Good for privacy. 

We also look at some steps you can take to improve both your safety and privacy when using this online service. 

What Is Jumio?

Jumio is a digital identity verification and authentication platform that helps businesses verify the identities of their customers in real time. 

It uses advanced technologies, such as artificial intelligence (AI), biometrics, machine learning, and computer vision, to verify government-issued IDs, passports, and other forms of identification. 

Jumio’s identity verification services include face-based biometric authentication, document verification, and liveness detection to ensure the user is physically present. 

Its verification solutions are used in sectors such as finance, online gaming, and healthcare.

Is Jumio Safe?

Depends on your definition of “safe.” 

Jumio employs advanced technologies such as artificial intelligence, biometrics, and machine learning to provide secure and accurate verification processes. 

It uses encryption and follows industry best practices for data protection to safeguard sensitive personal information, such as government IDs and biometric data, during the verification process.

In the past (i.e., 8+ years ago), some users reported that Jumio’s technology could be bypassed with publicly available photos off the web. 

However, there doesn’t appear to have been any negative reviews related to Jumio’s security since. And even then, negative reviews were balanced out by positive ones.

Jumio’s safety is bolstered by its use of liveness detection and facial recognition technology. 

Liveness detection helps ensure that the person undergoing verification is physically present, reducing the risk of fraud through the use of static images or pre-recorded videos. 

Jumio has several external certifications, including ISO/IEC 27001:2013, PCI DSS and SOC2 Type 2. The company explains what each certification means in terms of security on its website. 

For example, Jumio says that having ISO/IEC 27001:2013 certification shows that it “successfully operates a systematic approach to securing the data of our customers as well as our corporate information, and our commitment to continuous risk management.”

There have been no data breaches associated with Jumio at the time of writing.

Is Jumio Private?

Depends on your definition of “private.”

Jumio’s privacy policy outlines what personal data it collects, how it uses it, and whom it shares it with. 

The company may use your personal information to comply with a valid legal request, subpoena, or other lawful process. 

However, Jumio will notify customers of legal requests unless law enforcement or government agencies provide a court order or reference to other legal authority that prevents Jumio from doing so. 

The company may also aggregate and/or de-identify information related to a person’s use of Jumio and use it for “any purpose,” including research and marketing. It may also share this data with “any third parties.” 

Jumio says it will typically destroy biometric data derived from recordings and images within three years after you provide them. 

Over the years, Jumio has been hit with a few privacy lawsuits. 

For example, in 2020, it agreed to a $7 million settlement to resolve a class-action lawsuit filed under Illinois’ Biometric Information Privacy Act (BIPA). The lawsuit alleged that the company used facial biometric processes through its NetVerify service without obtaining the informed consent required by state law. 

In 2021, a lawsuit filed under Illinois’ Biometric Information Privacy Act (BIPA) against the leading cryptocurrency exchange Binance also named Jumio. The lawsuit alleged that the plaintiff did not receive the required notice that his biometric data would be collected during the onboarding process.

In 2022, another lawsuit claimed that Jumio violated Illinois’ Biometric Information Privacy Act by failing to obtain his informed consent before capturing his biometrics. 

And in 2024, Jumio was named in a BIPA class-action lawsuit that claimed Jumio collected, stored, and used the plaintiff’s biometric data without his consent during a Know Your Customer (KYC) process in a finance app that utilized Jumio’s identity verification services. 

Jumio’s privacy policy has not yet been reviewed by external review sites such as Terms of Service; Didn’t Read. 

How to Improve Your Safety and Privacy On Jumio

Follow the steps below for a more private and secure experience while using Jumio.

As an organization, consider doing the following: 

• Limit data collection. Only collect the minimum amount of personal data required for verification. Jumio allows businesses to customize their verification process, so you can opt to request only the most essential information (such as a photo ID or biometric scan). Avoid collecting unnecessary data like additional personal details that aren’t relevant to your verification needs.
• Set data retention policies. Define and enforce strict data retention policies to minimize how long personal data is stored. Jumio allows businesses to control how long they retain verified data, so ensure that information is deleted once it has served its purpose. 
• Implement user consent and transparency. Ensure that users are fully informed about the data you’re collecting and why. Use clear consent mechanisms to allow individuals to opt in and explain how their data will be used and stored. Give users the ability to withdraw consent if they choose.
• Use privacy-enhancing technologies. To reduce data exposure further, consider integrating additional privacy-enhancing technologies (PETs), such as anonymization or privacy-preserving tools. These can help maintain privacy while still ensuring accurate identity verification.
• Regularly review privacy policies. Periodically audit and update your privacy practices and Jumio settings to stay aligned with the latest regulations and best practices. Ensure your privacy policies reflect current data protection standards and evolving privacy laws.

As a user, consider doing the following:

• Understand the service. Take the time to understand Jumio’s identity verification process, including what biometric data is collected. 
• Read the privacy policy. Review Jumio’s privacy policy to learn how your data is collected, used, stored, and shared. Pay attention to data retention periods and security measures.
• Use trusted platforms. Only use Jumio through reputable websites or apps that you trust and that have implemented Jumio’s services securely.
• Know your rights. Familiarize yourself with local laws regarding biometric data, such as the Illinois Biometric Information Privacy Act (BIPA), which outlines your rights and the obligations of companies collecting biometric information.
• Stay informed. Keep up-to-date with any news or updates related to Jumio’s services and security and privacy practices.