Skip to main content

    How Passing Verification Works

    A careful, step-by-step process designed to protect everyone involved. Messages are only released after verification is complete.

    Version 2.4.0Last Updated

    Company: Y.O.D.O. Ltd (Company No. 15736034)
    Registered Office: 42 Mayfair Gardens, Southampton, SO15 2TW, United Kingdom
    ICO Registration: ZC015883 (Data Protection Lead: Mrs Theodosia Kouraki)
    EU Representative under Article 27 EU GDPR: Christina-Eloiza Kouraki, Marasli 29, Athens 10676, Greece, email eloizakouraki@yahoo.gr.
    Contact: info@yodo.ltd

    A missed Scheduled Check-in, a Status Check, or a lack of response does not mean a Passing.

    Messages are delivered only after a Passing is reported and verified through the Service.

    The final decision to release or withhold is made by a human reviewer. We do not make solely automated decisions with legal or similarly significant effect within the meaning of Articles 22A to 22D UK GDPR (introduced by the Data (Use and Access) Act 2025 with effect from 5 February 2026, replacing the previous Article 22).

    High-level steps

    1

    A Delegate reports a Passing in the Service.

    2

    The Delegate completes step-up authentication (for example, a one-time code).

    3

    The Delegate completes identity verification via Persona.

    4

    A death certificate is uploaded through the in-app upload flow. This can be done by an accepted Delegate, or by a Special Delegate who is a solicitor or notary and whom the Account Holder has enabled to assist with verification.

    5

    We review the submission for plausibility and consistency. We may request additional information or a resubmission.

    6

    If verification is completed, Messages are delivered to Recipients according to the plan and settings.

    Multi-Delegate accounts

    If there are other Delegates on the account, they will be notified and have 72 hours to respond. Responses may include confirming the Account Holder is OK, disputing the report, or confirming the Passing. See our Terms for details of how disputes are handled.

    If verification is not completed

    If verification is not completed within the time limit, the report closes. A Delegate may submit a new report at a later time.

    Time limit

    Passing verification must normally be completed within 30 days of the report being started. We may extend this where reasonably necessary (for example, where there are review, provider or technical delays). We will notify the reporting Delegate if we extend the verification window and will confirm the revised timescale where possible.

    About verification checks

    Persona verifies identity

    Persona is our identity verification provider. Depending on the workflow in use, Persona may act as an independent controller for biometric processing (where it determines the means of biometric processing under its own terms) or as a processor on Y.O.D.O.'s instructions (where Y.O.D.O. controls the verification configuration). We receive verification outcomes and limited audit metadata. We do not receive your biometric template.

    About document authentication

    We do not authenticate death certificates with issuing authorities and we do not guarantee the authenticity of third-party documents.

    The certificate file is stored in encrypted object storage (AWS S3) while the Account Holder's account is active and is removed from live storage when the account is deleted. Because the storage bucket has object versioning enabled with a 365-day lifecycle on noncurrent versions, a removed certificate may persist as a recoverable noncurrent version for up to 365 days after account deletion, then is permanently deleted. We do not compute or store a hash of the certificate. The passing-report event log and the Persona identity-verification record are soft-deleted on account deletion (excluded from live queries but retained in encrypted form for audit and dispute handling). See our Data Retention Policy.

    Messages remain sealed

    Messages remain sealed unless and until passing verification is completed through the Service.

    Who reviews and what we look for

    Every release decision is reviewed by one of two named people: the founder of Y.O.D.O. or our engineering lead. The reviewer reads the evidence and records one of three outcomes: verify, reject, or escalate. If they escalate, the founder arbitrates. The reasoning behind every decision is recorded in the case file.

    The reviewer is doing a documentary check. They are looking at whether the certificate is properly issued, whether the details match the Account Holder record, and whether anything looks off. They are not forensically authenticating the certificate. The person reporting the Passing is the one who warrants that what they have submitted is true.

    If the Account Holder has set up a Solicitor/Notary Special Delegate verification carve-out, the reviewer is informed that the person reporting the Passing is a verified registered solicitor or notary whom the Account Holder expressly authorised during their lifetime. The reviewer gives that status appropriate weight when weighing the documentary check.

    We retain the right to call for a second reviewer or to escalate to the founder for arbitration on any case where the first reviewer has any concern. Releasing messages cannot be undone, so the reviewer is empowered to slow the process down whenever the case warrants it.

    We ask you to redact the cause-of-death section of any certificate before you send it. We do not need it to verify a death. If you cannot redact, we will do it for you on receipt.

    The certificate file and the review log are held while the Account Holder's account is active. On account deletion the certificate file is removed from live storage (subject to the 365-day object-versioning window described above and in our Data Retention Policy), and the review log entry is soft-deleted: excluded from live queries but retained in encrypted form so we can answer a later dispute or regulator query about the release. We do not run a seven-year retention period on the certificate file itself.

    If you have a question about a verification in progress or a verification we have already completed, email info@yodo.ltd. We will respond within five working days.

    Use of AI in verification (EU AI Act)

    Persona uses machine-learning systems to assess document authenticity, perform face-match comparison, and detect fraud signals. Under the EU AI Act (Regulation (EU) 2024/1689), AI systems used for biometric identification and verification of natural persons are high-risk under Annex III. A Persona outcome is never the sole basis for releasing messages or unlocking an account. A named human reviewer at Y.O.D.O. assesses the evidence and records the decision. You have the right to know that AI tools assisted the check, to ask for a human review, and to challenge the outcome by emailing info@yodo.ltd. We do not use AI for emotion recognition, social scoring, or any practice prohibited by Article 5 of the AI Act.

    For Recipients

    Once verification is complete, Recipients will receive a secure link to access their Message. Recipients will need to complete identity verification before accessing the content. Messages are available for 12 months from delivery. Extensions may be available on request within the original 12-month period. See our Terms for details.

    Need help?

    We understand this is a difficult time. If you need support with the verification process, please reach out:

    info@yodo.ltd

    Do not email identity documents. If documents are needed, use the secure in-app flow.

    Related policies