GDPR-Compliant Passport Data Extraction
Process highly sensitive passport data with absolute legal confidence. Our zero-retention API extracts global MRZ and VIZ data instantly without ever storing your users' PII.

The Severe Risks of Legacy OCR Storage
For companies operating in or serving the European Union, handling passport images is a massive regulatory liability. Under the General Data Protection Regulation (GDPR), transmitting Personally Identifiable Information (PII) through legacy OCR vendors that store images, write logs to disks, or use customer data to train their AI models exposes businesses to devastating fines. For a comprehensive look at securing cross-border onboarding architectures, explore our travel identity verification solutions.
StructOCR: The Process-and-Forget Standard
Designed for strict privacy compliance, our core Passport OCR engine operates on a mandatory zero-data-retention policy. Deployed entirely on Cloudflare's secure global edge network, your users' Base64 document streams are processed entirely in RAM. The moment the JSON extraction is completed and dispatched back to your server, the data is instantly and permanently destroyed. By utilizing a pure REST API instead of black-box mobile SDKs, you maintain total architectural control over the data flow.
Live Demo: Passport scanner
No registration required. Upload a file to test the extraction.
Drop files here or click to browse
JPG · PNG · WebP · up to 500 files · max 4.5 MB each
Ready to use this in production? Get 20 free API calls — no credit card needed.
Get 20 Free API Calls →Core Compliance Applications
European FinTech & Neo-Banks
Execute KYC workflows across EU jurisdictions without expanding your compliance attack surface. We natively support USDT payments for borderless SaaS operations. View our straightforward API pricing.
Global HR & EOR Platforms
Verify Right-to-Work documentation for remote hires in Europe securely, ensuring applicant data is never stored on third-party public clouds.
Legal & Immigration Tech
Process sensitive client immigration portfolios with an API that inherently respects attorney-client data boundaries.
Healthcare & Patient Onboarding
Extract patient identity data securely, maintaining compliance with both GDPR and HIPAA standards through localized edge processing.
Technical Specs
- Zero Data Retention: 100% process-and-forget. Images and JSON outputs are purged from RAM immediately after the HTTP response is sent.
- No Model Training: We explicitly guarantee in our Terms of Service that customer data is never utilized to train or fine-tune our internal OCR models.
- Base64 Native: Stream candidate data securely via HTTP POST without ever generating public AWS S3 URLs for sensitive documents.
- Edge Processing: Sub-1.2s latency globally, powered by Cloudflare's distributed edge network, ensuring data is processed close to the user.
Key Features
- Universal Coverage: Seamlessly extracts MRZ and visual (VIZ) data from all European Union passports and ID formats.
- Strict Normalization: Forces all dates (`date_of_birth`, `date_of_expiry`) into deterministic ISO 8601 formatting to prevent backend calculation errors.
- API-First Architecture: 100% RESTful HTTP integration ensures perfect compatibility with web-based platforms without the black-box risks of SDKs.
Integration & AI Prompts
Never expose PII on public storage buckets. Pass Base64 data directly to our API from your backend. For complete schema details, consult our Passport OCR Developer Documentation.
import requests
import base64
# 📚 Developer Docs: https://structocr.com/developers/passport-ocr
# Note: StructOCR is API-first. Send Base64 natively from your
# backend to ensure PII never leaves your controlled environment.
with open("eu_citizen_passport.jpg", "rb") as image_file:
base64_image = base64.b64encode(image_file.read()).decode('utf-8')
url = "https://api.structocr.com/v1/passport"
headers = {
"x-api-key": "YOUR_API_KEY",
"Content-Type": "application/json"
}
payload = {
"img": base64_image
}
try:
# Processed securely in RAM at the edge and instantly destroyed
print("Processing Passport securely (Zero-Retention)...")
response = requests.post(url, headers=headers, json=payload)
result = response.json()
if result.get('success'):
print("✅ GDPR-Compliant Extraction Complete!\n")
core = result['data']
print(f"Legal Name: {core.get('given_names')} {core.get('surname')}")
print(f"Nationality: {core.get('nationality')} ({core.get('country_code')})")
print(f"Doc No: {core.get('passport_number')}")
print(f"DOB: {core.get('date_of_birth')} (ISO 8601)")
else:
print(f"❌ Extraction Failed: {result.get('error')} - {result.get('message')}")
except Exception as e:
print(f"Error: {e}")Standardized JSON Output
Receive deterministic, cleanly structured compliance data ready for immediate integration into your secure database.
{
"success": true,
"data": {
"type": "passport",
"country_code": "IND",
"nationality": "INDIAN",
"passport_number": "Z1234567",
"surname": "SHARMA",
"given_names": "RAHUL",
"sex": "M",
"date_of_birth": "1988-07-22",
"place_of_birth": "NEW DELHI",
"date_of_issue": "2021-04-10",
"date_of_expiry": "2031-04-09",
"issuing_authority": "MINISTRY OF EXTERNAL AFFAIRS",
"country_specific": {
"last_page": {
"father_name": "AMIT SHARMA",
"mother_name": "SITA SHARMA",
"spouse_name": "PRIYA SHARMA",
"address": "FLAT 4B, GREENWOOD APARTMENTS, NEW DELHI PIN: 110001, INDIA",
"old_passport_number": "P7654321",
"old_passport_issue_date": "2010-01-05",
"old_passport_issue_place": "DELHI",
"file_no": "DL1076071103622",
"ecr_status": null
}
}
}
}Frequently Asked Questions
How does StructOCR ensure GDPR compliance?
We operate on a strict 'process-and-forget' architecture. When your server sends a Base64 image, it is processed entirely in-memory at our Cloudflare edge nodes. We never write the image or extracted PII to any physical disk, log file, or database. Additionally, we never use customer data to train our AI models.
Why is a REST API more secure than an OCR SDK for privacy compliance?
Mobile SDKs are notorious 'black boxes' that often silently collect telemetry data, device fingerprints, or cache images locally on the user's phone, which can violate GDPR. A pure REST API gives your engineering team absolute control over the data pipeline—you send the payload, we process it, and return the JSON over secure TLS.
Do we need to sign a Data Processing Agreement (DPA)?
Yes. As a B2B infrastructure provider processing data on behalf of EU citizens, we provide standardized Data Processing Agreements (DPAs) for our enterprise clients to ensure full legal compliance with GDPR requirements.
Explore More Travel & KYC Solutions
Automated Hotel Check-In Passport Scanner API
Streamline hotel check-ins with our automated passport scanner API. Extract global guest data instantly without SDKs. Upload an image to test our free live demo.
Crypto KYC Passport API (No SDK Required)
Zero-retention Passport OCR API for Web3 and Crypto KYC. Extract global MRZ and VIZ data instantly without SDK bloat. Upload an image to test our free live demo.
DPDP Compliant Indian Passport OCR
DPDP-compliant, zero data retention OCR API for Indian passports. Securely extract back-page PII (Address, Parents' Names) for KYC workflows. File, Base64, and URL supported.
Precise Data Extraction and Seamless
Integration with AI-powered OCR API.
Empower your solutions with automated data extraction by
integrating best-in class StructOCR via API seamlessly.
No credit card required • Full API access included