Request for information (RFI) FAQ

This page contains data security and compliance information for Experian Address Validation to answer the most frequently asked questions during the RFI process. Find information for other products on our RFI FAQ page.

Data journey

Certifications

ISO 27001 Certificates available upon request

Data retention

The following data elements are encrypted and stored for 3 months in an Experian data center and for 1 year in Microsoft Azure for troubleshooting, internal testing, caching and product quality improvement purposes:

• Input country
• Input address
• Transaction start/end time
• IP address of caller

For data quality insights reporting purposes: we store 100% anonymized metadata related to searches across all services, indefinitely.

Regional data transfer

• The API Gateway, Experian Address Validation and Experian Enrichment products are deployed to the US, UK and Australia.
• Depending on the origin, requests are routed to the nearest data center and data remains there.
• In the event of a data center failure, requests will be routed to the nearest healthy data center.

Disaster recovery

Our services are deployed into multiple data centers that use an active-active architecture. For you that means that we have multiple data centers operating simultaneously that share the load and provide redundancy. Additionally, our services employ geographic routing which means your traffic gets routed to the nearest healthy data center. Should a data center become unhealthy, the health status of the data center is immediately updated. Your traffic is automatically and seamlessly re-routed to the nearest healthy data center. No action is required from you to enable this behaviour. This architecture is how we provide Disaster Recovery and Business Continuity for our services and maintain high availability.