KYC Know Your Customer
The identity check most hosts run on you — by law, by choice, or by the credit-card processor that already ran one for them.
The legal and operational practice of collecting identity documents — name, address, government ID — from customers before serving them. Required by AML regulations in the United States, the European Union and most G20 jurisdictions for financial services; voluntary for most hosting providers.
The whole product is built around not doing this.
KYC is not, in principle, a hostile practice. It exists because regulators decided that financial intermediaries should know who they move money for, and that decision has reduced the volume of straightforward fraud and sanctions evasion that flows through the global banking rails. The problem is what happens when KYC is bolted onto services that were never financial in the first place.
A web host that runs KYC has constructed a high-value identity-to-infrastructure mapping that did not previously exist. The host now knows that this exact person runs that exact server, on that exact IP address, serving that exact website. That mapping is subpoenable, breachable, leak-able, and — in jurisdictions where the host has limited legal protection — usable by the host's own marketing or risk teams.
NordBastion declines to build that mapping. We accept an email address and a cryptocurrency payment, and we store no government ID, no legal name, no phone number, no proof of address. The card on file does not exist because there is no card. The definitional opposite of this practice — "no-KYC" — is the other side of this same glossary, and the foundation of the doctrine.
The pages that lean on this term.
The questions people actually ask.
What does KYC stand for?
KYC stands for "Know Your Customer". The phrase originates in the international anti-money-laundering framework promoted by the Financial Action Task Force in the late 1990s, and was adopted into US law as part of the USA PATRIOT Act in 2001 and into EU law through successive Anti-Money Laundering Directives.
Is KYC legally required for hosting providers?
No. KYC is mandated for financial services — banks, brokers, payment processors, regulated cryptocurrency exchanges — and for a handful of adjacent sectors such as real estate and high-value goods. Web hosting is not a regulated financial activity in any major jurisdiction. When a host runs KYC on a customer, it is a commercial choice (usually inherited from the card processor on file), not a legal obligation.
What documents does a typical KYC check ask for?
At minimum: legal name, residential address, date of birth. At the strict end: a photo of a government-issued ID, a selfie or short video, and a recent utility bill or bank statement as proof of address. Some financial-grade KYC also runs the name against sanctions and politically-exposed-person watchlists.
Why does NordBastion not run KYC?
Because it is not legally required for hosting, because it is the single biggest privacy leak a hosting provider can introduce, and because the alternative — accepting payment in cryptocurrency that needs no identity to clear — works perfectly well operationally. The full reasoning is in /doctrine/.