Security is the architecture. Not a feature.

No data at rest. No central database to target. Nothing worth stealing.

Nothing to store. Nothing to breach.

Personal data is never collected, stored, or exposed. On either side.

No data at rest

Credentials are verified from the holder’s wallet. No personal data stored on our servers or yours.

No central honeypot

No centralized database of personal information to breach. The attack surface for data theft is gone.

Compliance built in

GDPR, eIDAS 2.0, and industry-specific regulations are embedded in the architecture from the start.

Trusted by

BoschTOPPAN EdgeRigshospitaletTrust StampDanmarks StatistikUdenrigsministeriet

The deadlines are fixed. The penalties are real.

The EU Digital Identity regulation has defined deadlines. Partisia is already aligned.

2023 – 2025: EU Large-Scale Pilots

550+ organizations across 26 member states tested EUDI Wallet interoperability. Partisia participated in pilot evaluation.

December 2026: Government Deadline

12 sectors must comply: government, banking, telecoms, healthcare, transport, energy, postal services, water, digital infrastructure, social security, education, and health.

December 2027: Business Deadline

Any business requiring customer authentication must accept EU Digital Identity Wallets. Partisia is ready today.

Compliance & Certifications

Current compliance status across all Partisia services.

Standard Status Scope
GDPR Compliant All services. DPA available on request.
eIDAS 2.0 Ready Platform, VisitorPass, AgeVerify
SOC 2 Type II In progress Identity platform. Contact for timeline.
ISO 27001 Planned Contact for roadmap
W3C / OpenID Compliant Verifiable Credentials, OpenID4VP, OpenID4VCI, SD-JWT

Where your data is processed matters.

Two deployment models. Full control either way.

SaaS Deployment

  • EU-hosted infrastructure
  • Data processed within EU/EEA only
  • Encryption at rest and in transit (TLS 1.3)
  • Regular penetration testing

Self-Deployed

  • Runs in your own cloud or on-premise
  • Full data sovereignty. You control everything.
  • No data sent to Partisia infrastructure
  • Source-available for security audit

Security FAQ

For SaaS: verification results (pass/fail), timestamps, and schema types. No personal identity attributes (names, dates of birth, ID numbers) are stored. For self-deployed: you control all data. Nothing is sent to Partisia.

EU-based cloud infrastructure. All data processing occurs within the EU/EEA. Contact us for specific region and provider details.

Yes. For enterprise customers, we support customer-initiated penetration testing and security assessments. For self-deployed customers, the source is available for audit.

Formal incident response plan with defined detection, classification, and notification procedures. Security incidents are communicated within 72 hours per GDPR Article 33.

Yes. A GDPR Article 28-compliant DPA is available on request. Contact us to initiate the process.

Multi-Party Computation keeps data encrypted even during processing. No single party (including Partisia) can access the cleartext. MPC is optional, for organizations that need computation on encrypted data.

Need more detail?

Request our security documentation, DPA, or schedule a technical architecture review.

Book a Demo