I checked for you, it's done via KYC provider
Onfido. Make of that what you will.
For Ledger's shard, yes. But your KYC data will also be stored with the other two third party companies as well, in order for them to release their shard if needed:
Ledger Recover uses your ID and a selfie to verify who you are, via its Identity Verification provider, Onfido. Then, it links your identity to encrypted fragments of your Secret Recovery phrase. The identity providers store this ID data in an encrypted form.
So there will be three companies holding your KYC data, duplicated across an unknown number of servers in an unknown number of locations with unknown security protocols and an unknown number of people with digital or physical access. Just like every other KYC, it will only be a matter of time before your information is leaked/hacked/shared/sold.
They do claim the seed can only be decrypted with the same Ledger that created it, but I imagine with any Ledger there would be a simple workaround for this, such as spoofing the device's log number in order for the encrypted shard to think it's the same one.
It's the exact opposite, in fact. They say that you can use Ledger Recover with a brand new device:
What if I lose my Ledger device that is associated with my Ledger Recover subscription?
Simply get another Ledger device and follow the process to recover access to your wallet.