Privacy Policy

1. Our Privacy-First Approach

VerifID operates on a fundamental principle: no central database, no data storage. Unlike traditional identity verification services, we do not maintain a central repository of your personal information. Your data is verified once and never retained on our servers.

• No Central Database: We do not store your personal information in a central database.
• No Data Retention: Your information is verified, not stored. Once verification is complete, your data is not retained on our systems.
• Complete Control: You maintain complete control over your data at all times.

2. Information We Collect

To provide our verification services, we collect minimal information necessary for identity verification:

• Passport MRZ Data: Machine Readable Zone (MRZ) data from your passport, which includes your name, date of birth, passport number, nationality, and expiration date. This data is collected in accordance with ICAO 9303 standards.
• Identity Verification Data: Information required to complete the identity verification process, which may include biometric data stored securely on your device.
• Usage Information: Technical information about how you use the VerifID app, such as verification timestamps and QR code generation events.

Important: All sensitive data is encrypted and protected behind your smartphone's biometric authentication. We do not have access to your biometric data stored on your device.

3. How We Use Your Information

We use the information we collect solely for the following purposes:

• Identity Verification: To verify your identity and age using your passport data.
• QR Code Generation: To generate cryptographically signed QR codes that enable secure, privacy-preserving age verification.
• Service Improvement: To improve our verification services and user experience.
• Compliance: To comply with legal obligations and regulatory requirements.

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your data for advertising or analytics beyond what is necessary to provide our service.

4. Data Security

VerifID employs enterprise-grade security measures to protect your information:

• Cryptographic Security: All QR codes are cryptographically signed using ECDSA (Elliptic Curve Digital Signature Algorithm) with SHA-256 hashing, making them tamper-proof and secure.
• Biometric Protection: Your sensitive data is protected behind your smartphone's biometric authentication (fingerprint, face ID, etc.).
• Time-Limited Credentials: QR codes are time-limited, reducing the risk of unauthorized use.
• No Data Storage: Since we don't store your data, there's no central database that could be compromised.
• ISO 27001 Ready: Our security practices align with ISO 27001 standards for information security management.

5. Data Retention and Deletion

As part of our privacy-first approach, we do not retain your personal information after verification. However, we may retain minimal technical logs for security and compliance purposes, which are:

• Anonymized and cannot be linked to your personal identity
• Retained only as long as necessary for security and compliance purposes
• Subject to regular deletion schedules

You can request deletion of any data we may hold about you by contacting us at support@verifid.com.

6. Your Rights Under GDPR

VerifID is fully GDPR compliant. As a user, you have the following rights:

• Right to Access: You have the right to request access to any personal data we may hold about you.
• Right to Rectification: You can request correction of inaccurate personal data.
• Right to Erasure: You can request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: You can request restriction of processing of your personal data.
• Right to Data Portability: You can request transfer of your data to another service provider.
• Right to Object: You can object to processing of your personal data.
• Right to Withdraw Consent: You can withdraw consent for data processing at any time.

To exercise any of these rights, please contact us at support@verifid.com.

7. Third-Party Services

VerifID may use third-party services to support our platform operations. These services are carefully selected and are required to maintain the same privacy and security standards. We do not share your personal information with third parties except:

• When necessary to provide our verification services
• When required by law or regulatory authorities
• With service providers who are bound by strict confidentiality agreements

8. Compliance and Certifications

VerifID is committed to maintaining the highest standards of privacy and security:

• GDPR Compliant: We comply with the General Data Protection Regulation (GDPR) and respect your privacy rights.
• UK DIATF Certified: We are certified under the UK Digital Identity and Attributes Trust Framework.
• ISO 27001 Ready: Our security practices align with ISO 27001 standards.
• KYC/AML Compliant: We comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.
• Kantara IAF Ready: We are ready for Kantara Initiative Identity Assurance Framework certification.
• ICAO 9303 Standards: We follow International Civil Aviation Organization standards for passport data processing.

9. Children's Privacy

VerifID is designed for age verification purposes. We do not knowingly collect personal information from children under the age of 13 without appropriate parental consent. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your data is processed primarily within the United Kingdom and European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place to protect your privacy rights in accordance with GDPR requirements.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: support@verifid.com
• Website: verifid.com