Classify all data collected during IDV flows: biometric data (face images, liveness captures), document images, extracted PII fields, and decision records each may have different retention requirements
Define retention periods per data category based on applicable law, your privacy policy, and contractual obligations; biometric data often has shorter mandated retention windows than transactional records
Implement a scheduled deletion job that identifies records whose retention period has expired and deletes the raw biometric and document image data while preserving non-sensitive audit metadata
For GDPR right-to-erasure and CCPA deletion requests, build a deletion workflow that removes all personal data from your systems and sends deletion requests to your IDV vendors via their data deletion APIs
Document the data flows in your Record of Processing Activities (RoPA) including all IDV vendors as data processors and the legal basis for each processing activity
Test the deletion workflow regularly to verify that data is actually removed and that no orphaned copies exist in backups, logs, or analytics systems
Known gotchas
IDV vendors retain copies of document images and biometric data on their own infrastructure; deletion from your systems does not automatically delete data from the vendor — you must invoke the vendor's deletion API or rely on their data retention policy
Some jurisdictions require biometric data to be deleted immediately after the purpose is fulfilled (for example, BIPA in Illinois); a global maximum retention period policy may not satisfy all local requirements
Legal holds may override standard retention schedules for users involved in fraud investigations or legal proceedings; your deletion job must check for active holds before deleting
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp