GDPR-Compliant Passport Data Extraction

Process highly sensitive passport data with absolute legal confidence. Our zero-retention API extracts global MRZ and VIZ data instantly without ever storing your users' PII.

GDPR compliant passport data extraction using a secure, zero-retention API.

The Severe Risks of Legacy OCR Storage

For companies operating in or serving the European Union, handling passport images is a massive regulatory liability. Under the General Data Protection Regulation (GDPR), transmitting Personally Identifiable Information (PII) through legacy OCR vendors that store images, write logs to disks, or use customer data to train their AI models exposes businesses to devastating fines. For a comprehensive look at securing cross-border onboarding architectures, explore our travel identity verification solutions.

StructOCR: The Process-and-Forget Standard

Designed for strict privacy compliance, our core Passport OCR engine operates on a mandatory zero-data-retention policy. Deployed entirely on Cloudflare's secure global edge network, your users' Base64 document streams are processed entirely in RAM. The moment the JSON extraction is completed and dispatched back to your server, the data is instantly and permanently destroyed. By utilizing a pure REST API instead of black-box mobile SDKs, you maintain total architectural control over the data flow.

Live Demo: Passport scanner

No registration required. Upload a file to test the extraction.

1
Upload
2
Results

Drop files here or click to browse

JPG · PNG · WebP  ·  up to 500 files · max 4.5 MB each

No files selected

Ready to use this in production? Get 20 free API calls — no credit card needed.

Get 20 Free API Calls →

Core Compliance Applications

European FinTech & Neo-Banks

Execute KYC workflows across EU jurisdictions without expanding your compliance attack surface. We natively support USDT payments for borderless SaaS operations. View our straightforward API pricing.

Global HR & EOR Platforms

Verify Right-to-Work documentation for remote hires in Europe securely, ensuring applicant data is never stored on third-party public clouds.

Legal & Immigration Tech

Process sensitive client immigration portfolios with an API that inherently respects attorney-client data boundaries.

Healthcare & Patient Onboarding

Extract patient identity data securely, maintaining compliance with both GDPR and HIPAA standards through localized edge processing.

Technical Specs

  • Zero Data Retention: 100% process-and-forget. Images and JSON outputs are purged from RAM immediately after the HTTP response is sent.
  • No Model Training: We explicitly guarantee in our Terms of Service that customer data is never utilized to train or fine-tune our internal OCR models.
  • Base64 Native: Stream candidate data securely via HTTP POST without ever generating public AWS S3 URLs for sensitive documents.
  • Edge Processing: Sub-1.2s latency globally, powered by Cloudflare's distributed edge network, ensuring data is processed close to the user.

Key Features

  • Universal Coverage: Seamlessly extracts MRZ and visual (VIZ) data from all European Union passports and ID formats.
  • Strict Normalization: Forces all dates (`date_of_birth`, `date_of_expiry`) into deterministic ISO 8601 formatting to prevent backend calculation errors.
  • API-First Architecture: 100% RESTful HTTP integration ensures perfect compatibility with web-based platforms without the black-box risks of SDKs.

Integration & AI Prompts

Never expose PII on public storage buckets. Pass Base64 data directly to our API from your backend. For complete schema details, consult our Passport OCR Developer Documentation.

import requests
import base64

# 📚 Developer Docs: https://structocr.com/developers/passport-ocr

# Note: StructOCR is API-first. Send Base64 natively from your 
# backend to ensure PII never leaves your controlled environment.

with open("eu_citizen_passport.jpg", "rb") as image_file:
    base64_image = base64.b64encode(image_file.read()).decode('utf-8')

url = "https://api.structocr.com/v1/passport"
headers = {
    "x-api-key": "YOUR_API_KEY",
    "Content-Type": "application/json"
}
payload = {
    "img": base64_image
}

try:
    # Processed securely in RAM at the edge and instantly destroyed
    print("Processing Passport securely (Zero-Retention)...")
    response = requests.post(url, headers=headers, json=payload)
    result = response.json()

    if result.get('success'):
        print("✅ GDPR-Compliant Extraction Complete!\n")
        
        core = result['data']
        print(f"Legal Name:  {core.get('given_names')} {core.get('surname')}")
        print(f"Nationality: {core.get('nationality')} ({core.get('country_code')})")
        print(f"Doc No:      {core.get('passport_number')}")
        print(f"DOB:         {core.get('date_of_birth')} (ISO 8601)")
    else:
        print(f"❌ Extraction Failed: {result.get('error')} - {result.get('message')}")
except Exception as e:
    print(f"Error: {e}")

Standardized JSON Output

Receive deterministic, cleanly structured compliance data ready for immediate integration into your secure database.

{
  "success": true,
  "data": {
    "type": "passport",
    "country_code": "IND",
    "nationality": "INDIAN",
    "passport_number": "Z1234567",
    "surname": "SHARMA",
    "given_names": "RAHUL",
    "sex": "M",
    "date_of_birth": "1988-07-22",
    "place_of_birth": "NEW DELHI",
    "date_of_issue": "2021-04-10",
    "date_of_expiry": "2031-04-09",
    "issuing_authority": "MINISTRY OF EXTERNAL AFFAIRS",
    "country_specific": {
      "last_page": {
        "father_name": "AMIT SHARMA",
        "mother_name": "SITA SHARMA",
        "spouse_name": "PRIYA SHARMA",
        "address": "FLAT 4B, GREENWOOD APARTMENTS, NEW DELHI PIN: 110001, INDIA",
        "old_passport_number": "P7654321",
        "old_passport_issue_date": "2010-01-05",
        "old_passport_issue_place": "DELHI",
        "file_no": "DL1076071103622",
        "ecr_status": null
      }
    }
  }
}

Frequently Asked Questions

How does StructOCR ensure GDPR compliance?

We operate on a strict 'process-and-forget' architecture. When your server sends a Base64 image, it is processed entirely in-memory at our Cloudflare edge nodes. We never write the image or extracted PII to any physical disk, log file, or database. Additionally, we never use customer data to train our AI models.

Why is a REST API more secure than an OCR SDK for privacy compliance?

Mobile SDKs are notorious 'black boxes' that often silently collect telemetry data, device fingerprints, or cache images locally on the user's phone, which can violate GDPR. A pure REST API gives your engineering team absolute control over the data pipeline—you send the payload, we process it, and return the JSON over secure TLS.

Do we need to sign a Data Processing Agreement (DPA)?

Yes. As a B2B infrastructure provider processing data on behalf of EU citizens, we provide standardized Data Processing Agreements (DPAs) for our enterprise clients to ensure full legal compliance with GDPR requirements.

Explore More Travel & KYC Solutions

Precise Data Extraction and Seamless Integration with AI-powered OCR API.

Empower your solutions with automated data extraction by integrating best-in class StructOCR via API seamlessly.

No credit card required • Full API access included