What types of documents can Turing Verify check?

Turing Verify supports diplomas, university degrees, transcripts, professional certifications (AWS, CPA, CFA, PMP, CompTIA), government IDs (national IDs, driver licenses, healthcare IDs), insurance cards, employment verification letters, offer letters, and trade-association credentials.

How accurate is Turing Verify at detecting fake documents?

Turing Verify runs a 50-pattern forensic analysis framework called V50-MASTER+ID. It examines visual, typographic, metadata, data-integrity, and AI-generation signals, and returns a confidence score per pattern so reviewers can audit the verdict instead of getting a black-box answer.

How long does document verification take?

Most documents finish in under 30 seconds. The pipeline runs visual forensics, metadata inspection, internal data-logic checks, and registry cross-reference in parallel — far faster than the 3-to-14 days a manual registrar verification typically takes.

Is Turing Verify free to use?

Yes. The free tier includes 3 verifications per month. Paid plans start at EUR 9 per month (Personal, 15 verifications), EUR 29 per month (Pro, 150 verifications), and EUR 99 per month (Business, 500 verifications with API access). Enterprise pricing is custom.

Is Turing Verify GDPR-compliant?

Yes. Inference runs on EU-resident infrastructure. Documents are processed in memory and not retained unless the user explicitly opts in. The DPA and sub-processor register are public on the Trust page.

Who uses Turing Verify?

HR and talent-acquisition teams screening candidate credentials, university admissions and registrar offices verifying transcripts and foreign degrees, banks and fintechs running KYC, insurance teams detecting claims fraud, and licensing boards authenticating professional credentials.

Can Turing Verify detect AI-generated fake documents?

Yes. The pipeline targets diffusion-model and GAN signatures, synthetic-text patterns, and statistical anomalies in pixel distributions — failure modes that purely visual reviewers miss.

Privacy Policy

Turing Verify — Document Verification Platform

Last Updated: April 20, 2026Version 1.3

This Privacy Policy describes how Turing Space Inc. ("Company," "we," "us") collects, uses, and protects your personal data when you use the Turing Verify platform ("Service"). We are committed to safeguarding your privacy and complying with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

Entity: Turing Space Inc. (Taiwan)
Registered Address: 3F, No. 335, Ruiguang Road, Neihu District, Taipei City 114, Taiwan (R.O.C.)
Tax ID (UBN): 83588104
EU Representative (GDPR Art. 27): Turing Europe B.V., Laan van Meerdervoort 51, 2517 AE The Hague, Netherlands
Contact: [email protected]
Data Protection Officer: [email protected]

2. Data We Collect

We collect and process the following categories of personal data:

Account Information: Name, email address, and profile picture obtained through OAuth providers (Google, LinkedIn) or email magic link authentication. We do not store passwords. OAuth sign-in requests only the scopes necessary for authentication:
- Google: openid profile email — retains your Google-provided sub, email, display name, and profile picture URL. We do not request access to Gmail, Drive, Calendar, or Contacts.
- LinkedIn: openid profile email — retains your LinkedIn-provided sub, email, display name, and profile picture URL. We do not request access to your network, messages, or posts.
Uploaded Documents: Documents submitted for verification, including any personal data contained within those documents (e.g., names, dates of birth, photographs, institution names, identification numbers).
Verification Results: Analysis outcomes including verdicts, confidence scores, document metadata, and annotation data generated by our AI systems.
Payment Information: Billing data processed by Stripe, including subscription status and transaction history. We do not store credit card numbers.
Usage Data: IP address (for rate limiting), verification timestamps, and API request logs retained for security monitoring.

3. How We Use Data

Your personal data is processed for the following purposes:

Document Verification: Analyzing uploaded documents to provide AI-powered authenticity assessments and fraud detection.
Fraud Detection: Identifying potential forgeries, tampering, and AI-generated content in submitted documents.
External Cross-Reference: When a QR code is detected in an uploaded document, we may visit trusted external verification portals (e.g., university registrar systems) to cross-reference document data. Only URLs from a pre-approved allowlist of trusted domains are visited.
Service Improvement: Using anonymized and aggregated data to improve the accuracy and reliability of our verification algorithms.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

Consent (Art. 6(1)(a)): You provide explicit consent when creating an account and uploading documents for verification, including consent to cross-border data transfers to our AI processing sub-processors.
Contract Performance (Art. 6(1)(b)): Processing is necessary to provide the verification services you have requested.
Legitimate Interest (Art. 6(1)(f)): Maintaining security, preventing fraud, improving verification accuracy, and ensuring the integrity of the Service.

5. Data Retention

We retain your data according to the following schedule. Document images are treated as the most sensitive category because they can contain identity data, photographs, and other special-category information, and they are subject to the shortest default retention window.

Document images — default 72 hours. Uploaded images are stored for up to 72 hours after verification and then permanently deleted by an automated sweep. This is the default for every user, including paying subscribers, and applies whether or not you have an account. The forensic analysis (verdict, scores, annotations) is retained separately and is unaffected by image deletion.
Document images — opt-in indefinite retention (authenticated users only). If you have an account, you may grant Turing Space Inc. your explicit consent under GDPR Art. 6(1)(a) and Art. 9(2)(a) to store your uploaded images beyond 72 hours and to display them on verification pages you share. Consent is given through a dedicated toggle at /data-rights, is off by default, is separate from our Terms of Service, and can be withdrawn at any time from the same page. Each grant and withdrawal is logged with a consent-copy version for audit purposes. Withdrawal stops future retention and queues existing stored images for deletion in the next sweep; it does not affect the lawfulness of processing carried out before withdrawal. You may also delete individual images at any time from the result page or your dashboard without changing the global setting.
Verification Records: Verification metadata (document type, scores, verdicts, annotations) is retained until you request deletion, subject to plan-specific retention periods. This metadata does not include the document image itself once the image has been deleted.
Account Data: Your account information is retained for the lifetime of your account and deleted upon account deletion request. Account deletion also deletes every associated document image, regardless of the retention setting.
Retention-consent audit log: Each time you grant or withdraw image-retention consent, we record the action, the consent-copy version you saw, and hashed (non-reversible) identifiers for your IP and user agent. We keep these records for 3 years to demonstrate GDPR compliance. They are included in your GDPR data export.
Deletion Audit Logs: Records of data deletion requests are retained for 3 years to demonstrate GDPR compliance.

6. Your Rights Under GDPR

Under the GDPR and applicable data protection laws, you have the following rights:

Right of Access (Art. 15): Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16): Request correction of inaccurate personal data.
Right to Erasure (Art. 17): Request the deletion of your personal data, individual verification records, or your entire account.
Right to Restriction (Art. 18): Request that we restrict the processing of your personal data in certain circumstances.
Right to Portability (Art. 20): Export your data in a structured, machine-readable format (JSON or CSV).
Right to Object (Art. 21): Object to the processing of your personal data based on legitimate interest.
Right Regarding Automated Decisions (Art. 22): Request human review of automated verification decisions (see Section 8 below).
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. For the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

Exercise your data rights through our self-service portal at Data Rights Portal, or contact us at [email protected]. We will respond to all data subject requests within one month of receipt.

7. Data Processing Location & International Transfers

Primary Data Storage — EU

All primary data storage and application infrastructure is hosted within the European Union (Amsterdam, Netherlands) on Railway infrastructure. Your account data, verification records, and uploaded documents are stored exclusively within the EU.

Cross-Border Transfers for AI Processing

To provide document verification, uploaded document content is transmitted to AI model providers (Anthropic and OpenAI) whose processing infrastructure is located in the United States. These transfers are made pursuant to the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) adopted by the European Commission. Document content is processed transiently by these providers and is not retained by them for training or other purposes beyond the immediate API request.

Additional international transfers occur for payment processing (Stripe, US) and email delivery (SendGrid, US). These transfers are covered by the respective providers' Data Processing Agreements and Standard Contractual Clauses. See Section 9 for the complete list of sub-processors.

8. Automated Decision-Making

GDPR Article 22 Disclosure

Turing Verify uses automated AI systems to analyze documents and produce verification verdicts (VERIFIED, REJECTED, SUSPECT, or MANUAL REVIEW). These verdicts are generated solely by artificial intelligence without human intervention at the point of analysis.

How it works: Our AI models analyze visual patterns, typographic features, institutional data, and external verification signals to produce a probabilistic assessment of document authenticity. The system outputs a verdict, confidence score, and detailed annotations explaining its reasoning.

Significance: Verification results may be used by third parties (employers, institutions, licensing bodies) as one factor in their decision-making processes. A negative verdict does not constitute a legal determination that a document is fraudulent.

Your right to human review: Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. You may:

Request human review of any automated verification decision through our Data Rights Portal (dispute function).
Express your point of view and contest the decision by submitting a dispute with supporting information.
Disputes are reviewed by qualified human reviewers within 30 calendar days.

9. Third-Party Data Processors (Sub-Processors)

We share personal data with the following third-party processors, each bound by Data Processing Agreements:

Processor	Purpose	Location
Anthropic	AI document analysis (paid tier)	United States
OpenAI	AI document analysis (free tier)	United States
Stripe	Payment processing and billing	United States
SendGrid	Transactional email delivery	United States
Railway	Application hosting and database	EU (Amsterdam)
Google	OAuth authentication	United States
LinkedIn (Microsoft)	OAuth authentication	United States

Cross-border transfers to US-based processors are safeguarded by Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework. We require all sub-processors to maintain appropriate technical and organizational security measures and to process data only as instructed. A live, versioned register of sub-processors is published on our Trust & Sub-Processors page; material changes are announced there at least 30 days before taking effect.

10. Security Measures

We implement appropriate technical and organizational measures aligned with ISO/IEC 27001 controls to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include:

TLS 1.3 encryption in transit and AES-256 encryption at rest
OAuth-based authentication with no stored passwords
Principle-of-least-privilege access controls and audit logging
Network isolation, secrets management, and dependency scanning
Documented incident response and breach notification procedures

11. Cookies

Turing Verify uses the following cookies:

Session Cookie (strictly necessary): A JWT-based authentication cookie that maintains your logged-in state. This cookie is essential for the Service to function and is set when you sign in. It is marked HttpOnly and Secure.
Locale Preference (strictly necessary): Stores your language preference for the user interface.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. All cookies used are strictly necessary for the operation of the Service.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34.
Document the breach, its effects, and the remedial actions taken in our internal breach register.

To report a suspected data breach, contact our Data Protection Officer at [email protected].

13. Children's Data

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect or process personal data from children under 16 years of age. If we become aware that personal data has been collected from a minor without verifiable parental consent, we will take prompt steps to delete such data from our systems. If you believe a child under 16 has provided us with personal data, please contact us at [email protected].

14. California Privacy Notice (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know what personal information we collect, use, disclose, or retain.
Right to delete personal information we have collected from you.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information.
Right to limit use of sensitive personal information.
Right to non-discrimination for exercising your privacy rights.

Do Not Sell or Share My Personal Information. We do not sell personal information for monetary consideration and we do not "share" personal information for cross-context behavioural advertising. We honour the Global Privacy Control (GPC) signal (Sec-GPC: 1) as a valid opt-out request under CPRA §1798.135. You may also submit an opt-out or any other CCPA request through our Data Rights Portal at /data-rights or by emailing [email protected].

You may designate an authorised agent to submit requests on your behalf. We will respond to verifiable consumer requests within forty-five (45) days as required by CPRA §1798.130.

15. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Entity: Turing Space Inc.
Address: 3F, No. 335, Ruiguang Road, Neihu District, Taipei City 114, Taiwan
EU Representative: Turing Europe B.V., Laan van Meerdervoort 51, 2517 AE The Hague, Netherlands
General Support: [email protected]
Data Protection Officer: [email protected]

← Back to Turing Verify