Always welcome entries into the IDV space, I just have a concern when it comes to data privacy and the app.
From a B2B2C perspective, you outline you are GDPR and and CCPA compliant as a data processor, however, your data processing agreement is insufficient to back up this claim. There seems to be a lack of anything to do with data security on your website, which is typically expected. Nothing on confidentiality, processing under instructions only. Any reasonable firm should be doing a DPIA for these types of systems, for which would be a struggle to pass for the types of firms who need IDV platforms.
On a bigger note, for your B2C side, even on the 'trial' basis, your privacy policy doesn't come close to being compliant with GDPR. It is 6 paragraphs long and misses most of the requirements within Art 13.