Compliance & Data Sources
Data sources
PolicyNumbers sources registry data directly from official financial regulators:
| Country | Sources |
|---|---|
| 🇬🇧 United Kingdom | FCA Financial Services Register, Motor Insurers' Bureau (MID) |
| 🇩🇪 Germany | BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht), German Insurance Association (GDR) |
| 🇫🇷 France | ACPR (Autorité de contrôle prudentiel et de résolution), ORIAS intermediary register |
Data is fetched directly from these authoritative sources — we do not re-sell or repackage third-party aggregator data.
GDPR
- No personal data stored. Policy numbers are treated as non-personally identifiable reference codes. No name, address, date of birth, or other personal data is transmitted to or stored by PolicyNumbers.
- EU data residency. All data is processed and stored in AWS
eu-west-2(London). No data leaves the European Economic Area. - Processor role. When your platform sends a policy number to our API, PolicyNumbers acts as a data processor under your data controller agreement. Our DPA is available on request.
Audit trail
Every API call is logged with:
| Field | Description |
|---|---|
| Timestamp | UTC timestamp of the request |
| API key hash | SHA-256 hash of your API key (key itself never logged) |
| Country | Country code from the request |
| Insurance type | motor, travel, or health |
| Result | valid, invalid, or not_found |
| Confidence score | Returned confidence value |
Your audit logs are visible in the API usage dashboard and retained for 90 days.
Data retention
| Data type | Retention |
|---|---|
| API request logs | 90 days |
| Policy number inputs | Not stored (discarded after registry lookup) |
| Registry snapshots | 24 hours (refreshed daily) |
| API keys (hashed) | Until revoked |
Reporting a compliance issue
Email compliance@policynumbers.com for data protection enquiries or to request a Data Processing Agreement.