Privacy Policy
Last Updated: 01.01.2026
This Privacy Policy explains how the International Autograph Authentication Board (“IAAB”, “we”, “us”, or “our”) collects, uses, processes, stores, protects, and shares personal data when individuals access our website or use our services.
IAAB is committed to protecting personal data and respecting applicable privacy and data protection laws, including international privacy standards and, where applicable, the General Data Protection Regulation (GDPR).
1. ORGANIZATION AND DATA CONTROLLER
The International Autograph Authentication Board (IAAB) operates internationally and is legally based in Ontario, Canada.
For the purposes of data protection laws, IAAB acts as the data controller for personal information collected through its website and services.
Contact Email:
authentication@iaaboard.com
​
2. SCOPE OF THIS POLICY
This Privacy Policy applies to:
• Visitors to the IAAB website
• Clients submitting authentication or examination requests
• Individuals communicating with IAAB
• Individuals whose materials or personal data are submitted for examination
​
3. PERSONAL DATA COLLECTED
IAAB may collect and process the following categories of personal data:
A. Identification Information
• Full name
• Email address
• Mailing or shipping address (if applicable)
• Country or region of residence
B. Transaction and Service Information
• Payment transaction references
• Order or service history
• Certificate or report identification numbers
• Communication records related to service requests
C. Submitted Materials
• Digital images
• Scanned documents
• Photographs
• Handwriting samples
• Autograph materials
• Supporting documentation submitted for examination
D. Technical Data
• IP address
• Browser type and version
• Device type
• Website usage data
• Cookies and session data
IAAB does not collect or store credit card numbers, banking credentials, or financial account information.
​
4. LAWFUL BASIS FOR PROCESSING
IAAB processes personal data based on one or more of the following legal bases:
• Performance of a service contract
• Compliance with legal obligations
• Legitimate business interests related to authentication and verification services
• User consent where required
​
5. PURPOSES OF DATA PROCESSING
IAAB uses personal data strictly for legitimate operational purposes, including:
• Processing authentication and examination requests
• Assigning experts and conducting professional analyses
• Issuing reports and certificates
• Maintaining certificate verification and traceability systems
• Communicating with clients regarding services
• Managing customer support inquiries
• Maintaining internal records and audit trails
• Preventing fraud, abuse, or unlawful activity
• Complying with legal or regulatory obligations
IAAB does not use personal data for marketing or promotional purposes without explicit consent.
​
6. PAYMENT PROCESSING
All payments for IAAB services are processed through third-party payment providers such as PayPal.
IAAB does not have access to or store payment card numbers or banking information. Payment data is processed in accordance with the privacy and security policies of the payment provider.
​
7. SHARING OF PERSONAL DATA
IAAB does not sell, rent, or commercially distribute personal data.
Personal data may be shared only under the following circumstances:
A. Assigned Experts
Submitted materials and necessary personal information may be securely shared with independent handwriting and forensic document examination experts located in Canada, the United Kingdom, France, Switzerland, or other jurisdictions as required.
All experts operate under confidentiality and professional obligations.
B. Legal and Regulatory Authorities
IAAB may disclose personal data when required by law, court order, or lawful governmental request.
C. Service Providers
IAAB may use trusted third-party service providers including hosting providers, cloud storage providers, communication platforms, and payment processors.
Such providers are contractually required to maintain confidentiality and security standards.
​
8. INTERNATIONAL DATA TRANSFERS
Due to IAAB’s international expert network, personal data may be transferred and processed in multiple jurisdictions.
IAAB implements reasonable safeguards to ensure personal data remains protected regardless of processing location.
By using IAAB services, clients acknowledge and consent to international data transfers necessary to provide services.
​
9. DATA RETENTION
IAAB retains personal data and submitted materials only for as long as necessary to:
• Fulfill requested services
• Maintain certificate verification records
• Preserve examination documentation and audit trails
• Comply with legal, regulatory, or professional obligations
Clients may request deletion of personal data. However, deletion may result in the inability to verify certificates, reports, or authentication records in the future.
IAAB reserves the right to retain data where required for legal compliance or dispute resolution.
​
10. DATA SECURITY
IAAB implements reasonable technical and organizational safeguards to protect personal data against unauthorized access, misuse, loss, or disclosure.
Security measures include:
• Controlled access to examination materials
• Secure digital storage systems
• Encryption and password protection measures
• Confidentiality obligations for experts and personnel
Despite these safeguards, no electronic system can guarantee absolute security. Clients acknowledge inherent risks associated with electronic data transmission.
​
11. EMAIL AND DIGITAL COMMUNICATION RISKS
IAAB frequently communicates with clients through email and digital messaging systems.
Clients acknowledge that electronic communication may involve risks of interception, data leakage, or loss. IAAB shall not be liable for unauthorized access or data breaches occurring through third-party communication systems beyond IAAB’s reasonable control.
​
12. COOKIES AND WEBSITE ANALYTICS
IAAB uses limited cookies necessary for:
• Website functionality
• Security purposes
• Basic performance monitoring
IAAB does not knowingly use intrusive tracking technologies or behavioral advertising cookies.
Users may adjust browser settings to manage cookie preferences, though this may affect website functionality.
​
13. THIRD-PARTY LINKS
The IAAB website may contain links to third-party websites, including payment processors and partner services.
IAAB does not control and is not responsible for the privacy practices or content of external websites. Users are encouraged to review third-party privacy policies.
​
14. CLIENT RIGHTS
Depending on applicable data protection laws, clients may have rights including:
• Access to personal data
• Correction of inaccurate data
• Deletion of personal data
• Restriction of processing
• Objection to processing
• Data portability
Requests may be submitted by contacting IAAB at:
IAAB reserves the right to verify identity prior to fulfilling data access or deletion requests.
​
15. DATA SUBMITTED ABOUT THIRD PARTIES
If clients submit materials containing personal data relating to third parties, clients confirm they are legally authorized to submit such data and have obtained necessary permissions where required.
IAAB shall not be liable for unauthorized submission of third-party personal data by clients.
​
16. MINORS
IAAB services are not intended for individuals under 18 years of age. IAAB does not knowingly collect personal data from minors.
If IAAB becomes aware that personal data has been collected from a minor, IAAB will take reasonable steps to delete such data.
​
17. FRAUD PREVENTION AND LEGAL COMPLIANCE
IAAB may retain and process personal data to prevent fraud, verify authenticity of submissions, investigate unlawful activities, and comply with legal or regulatory obligations.
​
18. DATA BREACH RESPONSE
In the event of a data breach affecting personal data, IAAB will take reasonable steps to investigate the breach, mitigate risks, and notify affected individuals where required by applicable law.
​
19. POLICY UPDATES
IAAB reserves the right to modify this Privacy Policy at any time. Updated versions become effective upon publication on the IAAB website.
Users are encouraged to periodically review this Privacy Policy.
​
20. GOVERNING LAW
This Privacy Policy shall be governed by the laws of the Province of Ontario, Canada, and applicable federal privacy legislation.
​
21. CONTACT INFORMATION
International Autograph Authentication Board (IAAB)
Email: authentication@iaaboard.com