the safest way would probably use a system where data is stored briefly in a cryptographic way and deleted after verification
but I bet most of the websites store it indefinitely.
The regulations I know about KYC (and which are valid in the EU, for example) require exactly that, yes. Companies like Roobet are not allowed to do the checks themselves, but KYC is done by an external and certified company. However, since Roobet is not based in the EU, I do not know if this also applies here.
But the main thing is: the data would have to be deleted immediately after the review and may not be kept. Whether anyone adheres to this is of course another question ...
yes, this is the thing
it'd be easy to do, but probably there are shady companies that don't do it
even heard of a person who had a friend working on a company like that based in Hong Kong and he said they definitely wouldn't delete it after verification
but this is just gossip
would be good to have a way to verify.