How we protect your identity

Plain-English version of CAIRL's privacy and security posture.

What CAIRL doesn't do

  • Your personal data moves only when you authorize it. CAIRL is not built to sell your data.
  • Apps receive verified answers, not your documents. Documents stay in your vault.
  • Your face data is used to confirm a match. Apps receive the match result, not the data.
  • Apps see only what you authorize, scoped to the request you approved.

How CAIRL is built

  • Industry-standard encryption in transit and at rest.
  • Multi-factor authentication with passkeys.
  • Designed to support privacy obligations across the US and Europe.
  • We do not name specific certifications until they are independently issued. When they are, they will appear here.

What you control

  • You see every app connected to your CAIRL identity.
  • You can revoke access at any time.
  • You can export or delete your CAIRL profile.

Report a security issue

security@cairl.app

Looking for compliance details (SOC 2, BIPA, and more)?

See cairl.app/security See cairl.app/trust