Privacy Notice
Last Modified: 12/17/2025
1. WHO WE ARE AND HOW TO CONTACT US
The vouchID platform is operated by vouchID Inc. ("vouchID", "we", "us" or "our"). vouchID is the controller of certain personal data processed by the Platform.
If you have any questions about this Privacy Notice or would like to exercise any of your rights, please contact our Data Protection Officer by email:
- Privacy Team: privacy@vouchid.com
- Data Protection Officer: dpo@vouchid.com
2. WHEN THIS PRIVACY NOTICE APPLIES
This Privacy Notice (together with our Terms of Use) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us or by our third party service providers.
We respect your privacy and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations. Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it.
This Privacy Notice applies to information we collect:
- on the Platform, ourselves or via the services of third-party service providers; or
- in e-mail and other communications between you and vouchID.
3. WHO THIS PRIVACY NOTICE APPLIES TO
This Privacy Notice applies to anyone who visits or uses our Platform including individuals who create an account ("Users") and platforms that integrate with our services ("Platforms").
4. NATURE OF PROCESSING
VouchID is an identity verification platform designed to prove humanity while minimizing data exposure.
Role Clarification: For our enterprise clients (Platforms), we generally function as a Data Processor, processing data strictly under their instructions. For data processed for our own security, billing, and site functions (like website analytics), VouchID acts as the Data Controller.
Privacy & Minimization: While we process necessary data to verify identity (such as liveness checks), we employ strict data minimization. We segregate data between clients and do not use end-user data for cross-client commercial marketing.
5. INFORMATION WE COLLECT
To provide our services, we process the following categories of data:
- Sensitive Personal Information (Biometric Data): To verify your identity, we collect a video selfie and/or photo ID. This imagery is processed to generate a Facial Geometry Scan (Biometric Identifier) and a cryptographic FaceMap for liveness and anti-fraud checks.Notice & Written Consent: By using the service and clicking the confirmation box prior to verification, you acknowledge that you have received this written notice of: (i) the specific data being collected (Facial Geometry/FaceMap); (ii) the precise purpose (identity verification, fraud prevention, and security); and (iii) the specific retention schedule (see Section 9). Your use of the service constitutes your explicit, written consent to the collection, processing, and limited retention of this sensitive data by vouchID and its sub-processors.
- Security & Audit Trails (Technical Data): We retain technical metadata including IP addresses, device types, and transaction logs. This data is used solely for security monitoring, fraud prevention, and maintaining the integrity of our platform.
- Contact Information: If provided (e.g., email or phone), we may store this data in a cryptographically hashed format or encrypted state depending on the specific service requirement.
- Verification Results: We generate a cryptographic proof of verification (e.g., "User is Human" or "Age 18+") which is shared with the requesting platform.
- Inferred Information: We may generate inferences about you (e.g., a "Risk Score" or "Fraud Score") based on the data collected to prevent malicious activity.
6. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA
We use information that we collect about you or that you provide to us for the following purposes:
| Purpose | Data Types | Legal Basis |
|---|---|---|
| Identity verification and fraud prevention | Hashed account information, hashed verification data, hashed technical data | Performance of contract and legitimate business interests |
| Providing verification services to platforms | Verification status, platform integration data | Performance of contract |
| Account management and user support | Hashed account information, hashed technical data | Performance of contract and legitimate business interests |
| Platform security and abuse prevention | Hashed technical data, verification patterns | Legitimate business interests and legal obligations |
7. DISCLOSURE OF YOUR PERSONAL DATA
We maintain strict confidentiality. We do not sell or share your personal data for cross-context behavioral advertising. We disclose data only in the following limited circumstances:
- Identity Verification Sub-processors: We share necessary data (including biometric captures/scans) with our trusted third-party verification providers (such as liveness detection vendors) solely to perform the verification. These vendors are bound by strict Data Processing Agreements (DPAs) requiring the same or greater level of security and BIPA/GDPR compliance.
- The Requesting Platform: We share the result of your verification (e.g., "Verified," "Age 18+," or "Verification Failed") with the platform you are trying to access.
- Legal & Security: We may disclose data to law enforcement if compelled by a valid court order, or to protect our platform from malicious attacks (e.g., DDoS or botnets).
8. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
We may transfer personal data across borders for the purposes described in this notice. When we transfer personal information to countries outside the EEA and other regions with comprehensive data protection laws, we ensure appropriate safeguards are in place.
We rely on adequacy decisions, standard contractual clauses, or other appropriate transfer mechanisms as required by applicable law.
9. RETENTION OF PERSONAL DATA
We maintain a clear, publicly available written policy establishing our retention schedule and destruction guidelines for all data, in accordance with BIPA and CPRA standards.
- Biometric Data (Facial Geometry/FaceMap): Raw biometric imagery is retained only for the duration necessary to perform the verification and resolve immediate disputes (typically less than 72 hours), after which it is permanently destroyed. The Biometric Identifier (e.g., FaceMap) is retained only until the earlier of: (i) three (3) years from your last interaction with VouchID; or (ii) when the initial purpose for collection (e.g., fraud prevention for a specific account) has been satisfied. Upon the earliest of these events, all such data is permanently destroyed.
- Security Logs: Audit trails (IPs, transaction IDs, device metadata) are retained for a period necessary to ensure security, compliance with SOC2 standards, and regulatory compliance (typically up to 12 months), after which they are purged.
- Cryptographic Hashes: Hashed credentials (not considered Biometric Information under BIPA) may be retained indefinitely to prevent fraud (e.g., stopping a bad actor from re-registering) unless you exercise your Right to Erasure.
10. YOUR RIGHTS RELATED TO YOUR PERSONAL DATA
Subject to local law, you have certain rights regarding your personal data:
- Right to Correction (CPRA): You have the right to request correction of inaccurate personal data we hold about you.
- Right to Erasure (Deletion): Request permanent deletion of your personal data (subject to legal and security retention obligations, like preventing the fraudulent re-registration of a banned identifier).
- Right to Know (Access): Request the categories and specific pieces of personal information we have collected about you, the sources of the data, and the business purposes for collection.
- Right to Opt-Out: Because VouchID does not sell or share your Personal Data for cross-context behavioral advertising, a "Do Not Sell" link is not required.
- Right to data portability: Receive your data in a machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to restriction: Limit our use of your personal data in certain circumstances
- Right to withdraw consent: Where processing is based on consent
- Right to file a complaint: With your local data protection authority
To exercise these rights, contact us using the details at the beginning of this notice. We may need to verify your identity before responding to requests.
11. SECURITY MEASURES
We implement industry-leading security measures to protect your personal data, with cryptographic hashing as our primary privacy protection:
- Immediate Data Hashing: All personally identifiable information is hashed upon collection using industry-standard cryptographic algorithms
- No Plaintext Storage: We prioritize cryptographic storage and minimize plaintext retention wherever possible
- End-to-end encryption: All data transmission is encrypted
- Zero-knowledge architecture: Our systems are designed to verify identity without learning your personal information
- Regular security audits: Independent security assessments and penetration testing
- Secure development practices: Code reviews, vulnerability scanning, and security-first engineering
12. COOKIES AND TRACKING
We use necessary cookies for platform functionality and optional analytics cookies (with your consent) to improve our services. You can manage cookie preferences through your browser settings.
13. CHILDREN'S PRIVACY
Our platform is designed for users 18 years and older. We do not knowingly collect personal data from children under 18. If we become aware that we have collected such data, we will take steps to delete it promptly.
14. CHANGES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time. We will notify you of any material changes by posting the new Privacy Notice on this page and updating the "Last Modified" date. We encourage you to review this Privacy Notice periodically.
15. CONTACT INFORMATION
If you have questions about this Privacy Notice or our privacy practices, please contact us at:
- Email: privacy@vouchid.com
- Data Protection Officer: dpo@vouchid.com