I think any business (on Algorand or not) would be wise to outsource KYC to a large trusted party and not be anywhere near any personal data if you don’t have to.
Personally I wouldn’t start any business that offers things like KYC in-house if you can outsource. As it’s just a mess to deal with regulations & keeping it secure until it get hacked (let’s face the truth - almost any web3 company with interesting data got hacked one way or the other during the past years).
So why not build some bridge between Algorand and a trusted KYC service (that employs a team of cybersec specialist) to achieve what you want? Let the personal data be stored within the KYC service rather than your own decentralized off-chain DB. I can only hope that other projects do something similar to prevent leaks.
What makes your service different compared to the third party one that Pera is using (if they use one)?
Personally I’d not use a KYC system that at least doesn’t look good on paper. Let’s say, a decent sized team (with cybersec specialist), funded by blue chip VC’s, a strong online present and some large customers. Currently it seems that you’re doing this alone, besides your other 10 projects/companies.
It’s a whole lot to chew on, you sure you want to build this from scratch with all the risks, sleepless nights, stressing over security and the potential of being hacked risking the data of your customers?