authID Inc. Privacy Notice
Effective: August 16, 2024
To see prior versions of this Privacy Notice, please email us at legal@authid.ai.
“Personal information” is information that can be used to contact or identify you and includes your biometrics, that we collect.
This Privacy Notice describes how authID Inc. (“authID”, “we”) collect and use your personal information in relation to the provision of our identity authentication and verification services known as Verified™, Proof™, and FIDO2 Passkey Authentication (“authID Services”), as well as our software, interfaces, applications, system, and database that enable such services (“authID Software”).
This Privacy Notice also applies to the collection and use of personal information from you in relation to the operation of our https://authid.ai and https://investors.authid.ai websites (together, the "Site"). (The authID Services, authID Software, and Site are collectively referred to as, the “authID Offerings”.)
The authID Services are made available to our customers (“Customer”) for use by their employees, members, or people using our Customers’ services. Your use of authID Services will also be subject to your agreement with our Customer, which may be your employer or membership organization, or a business from which you are receiving any services when such Customer requests or requires you to use authID Services. Those Customers will have their own privacy policies, for which authID is not responsible and you should review those policies as well, in order to gain a fuller understanding of how your personal information is collected, used and disclosed by the Customer.
Personal Information We Collect
In the course of your interaction with the authID Offerings, we collect your personal information when you voluntarily provide it to us, when we collect it using automation, and when it is provided to us by third-parties, including our Customer, third-party service providers, and publicly available sources.
Personal Information That You Voluntarily Provide to Us:
Depending upon your usage of the authID Offerings, you might supply us with such information as:
- your name, email address, physical address, phone number, and other contact information;
- information about your location;
- usernames, aliases, and other authentication and security credential information;
- a live picture of your face and associated biometrics, which you provide via your device camera at onboarding or for authentication when you use the authID Services;
- user ID document image and ID document data derived from OCR and barcode scanning of your ID document (when you use Proof™ Services), which may include your nationality or residence status, the nature and number of your ID document and other information on the document.
Personal Information That We Automatically Collect
- computer and device information consisting of browser name and version, device manufacturer, device model, serial number, IMEI, IP address, and geo location are captured during transactions when you use the authID Services;
- computer and device OS information;
- authentication and security credential information;
- operating metrics, such as usage volume, occurrences of technical errors, diagnostic reports, backup information, API calls, and other logs;
- when you use the Site, we automatically collect the full Uniform Resource Locators (URL) clickstream to, through, and from the Site (including date and time), page response times, download errors, and page interaction information (such as scrolling, clicks, and mouse-overs);
- identifiers and information contained in cookies. (For additional information, see our Cookie Notice.)
Personal Information Provided to Us by Third-Parties
You use authID Services at the direction or request of one of our Customers. When the Customer is your employer or membership organization, the Customer provides us some, or all of your name, a username or employee ID. and email, or phone number, so that we can contact you to create an account. The Customer may also provide us your photo, for us to use in providing identity authentication and verification services related to your account. When the Customer is a business whose services you use, the Customer may also provide us with transaction data in connection with transactions which you are asked to approve, such as the dollar amount of funds sent, recipient name or identifier, and authentication details.
Some Customers contract with authID to use third-party services in order to provide additional verification of your identity. In such case, the third-party services provide authID third-party materials which may contain additional personal information about you, including your first and last name, your address, date of birth, telephone number, occupation and whether you are listed on certain governmental databases.
How We Use Personal Information
authID uses your personal information for the following purposes:
- Providing the authID Offerings to You and Our Customers: We use your personal information to provide authID Offerings, including the processing of Verified, Proof, and FIDO2 Passkey Authentication transactions, as well as the Site.
- Measuring, Supporting, and Improving authID Offerings: We use your personal information to measure use of, analyze performance of, correct errors in, provide support for, improve, and develop authID Offerings. We retain images of identity documents from Proof transactions for the purposes of training authID’s software models for improved accuracy. These identity document images are encrypted and stored in a secure location only accessible to authorized authID employees. The enhanced precision resulting from improvements in our Software benefits all our Customers and users in minimizing both false positives and false negatives.
- Communication with You: We use your personal information to provide you information about authID, its products and services, to respond to your requests, and to contact you with marketing or promotional materials that we believe may be of interest to you.
- De-Duplication: We use your personal information to identify and eliminate duplicate or multiple accounts created in relation to a single user
- Reducing Data Redundancy, Fraud, and Abuse: We use your personal information for data comparison and review to reduce data redundancy and to prevent and detect fraud and abuse.
- Compliance with Legal Obligations: In certain cases, we have a legal obligation to retain or disclose your personal information, such as for audit purposes or pursuant to a valid court order.
- Other Purposes for Which We Seek Your Consent: We also use your personal information for other purposes for which we have expressly requested and obtained your consent.
How We Share Personal Information
authID is committed to respecting and protecting the privacy of its Customers and the users of its products and services. At the core of authID’s mission is our goal of providing secure biometric and multi-factor identity verification and authorization solutions, to combat identity theft and fraud in a wide variety of electronic transactions. We will never sell or rent your personal information and will only share it with third-parties in accordance with the terms of this Privacy Notice.
authID shares your personal information as follows:
Transactions Involving Our Customers:
You may use authID Services at the direction or request of an authID Customer that is your employer (or prospective employer) or a membership association to which you belong or apply, or that is a third-party business whose services you use or apply for. We share your personal information with such Customers when you authorize us to do so, at the time that you (a) are being onboarded to such Customer’s systems, programs or services, or (b) are required to authenticate yourself to such Customer, or (c) approve a transaction with or by such Customer.
Proof Transactions
When you use the Proof Service, in order to provide proof of your identity to a Customer, you will enable the transmission to authID of additional personal information about you, in order to provide you with the authID Service. Such information may include (but is not limited to) your first and last name, your address, your nationality or residence status the nature and number of your identification document and any other information that may be contained in such document’s personal page or barcode or machine-readable zone (MRZ). In addition, the Proof Service will require you to provide a live picture and associated facial biometrics, for the purpose of matching such picture to the picture on the identification document. (All such information collected from the identification document and the live picture is collectively referred to as “Proof Information”). By using the Proof Service, you consent to the collection and processing of the Proof Information by authID and the transmission of the Proof Information to the Customer that requested you to provide such Information and, where applicable, the provider of a Third-Party Service (as detailed below). Once the transfer to the Customer has been completed, the Customer as data controller is responsible for that data and therefore the storage and use of the Proof Information will be governed by the Privacy Policy of the Customer to whom you authorized authID to transfer the Proof Information. You should check with the Customer what their Privacy Policy is with respect to the Proof Information.
Verified Transactions
When you use the Verified Service, the Customer has requested you to authenticate yourself by means of the authID Services. If the Customer is your employer, this will typically be for the purpose of accessing your employer’s computer systems, or certain applications or functions. If the Customer is your service provider, authentication may be for the purpose of accessing the Customer’s online systems and services, or to approve a particular transaction. When you authenticate yourself or approve a transaction that is presented to you while using authID Services, you are consenting to send authID biometric and other information for such purpose (depending on the Customer’s requirements) and consenting to authID sending a message to the Customer that is providing the relevant services, which will include information about you that is necessary to authenticate your identity and provide your approval. Personal information that is shared with the Customer includes your name, email address, phone number, device and OS details, and transaction data.
FIDO2 Passkey Authentication
When you use our passwordless authentication service, FIDO2 Passkey Authentication, once your identity is verified we set a FIDO2 compliant cryptographic key on your device, which is used in the future to automatically authenticate your device and tie it to your identity, so that we can confirm to the Customer that it is you who are accessing their service.
Third-Party Subprocessors and Service Providers:
authID employs other companies to perform certain functions that enable us to deliver and support the authID Offerings and to provide certain additional services that may be requested by our Customers (“Third-Party Functions”). authID shares your personal information with these other companies as needed for them to perform such Third-Party Functions. They may not use your information for purposes other than providing the Third-Party Functions and must process it in accordance with this Privacy Notice and applicable data protection law.
Subprocessors
We use subprocessors (“Subprocessors”) to host the authID Software, secure your information, and provide us information that helps us to understand user engagement and improve the authID Offerings. Currently we use Microsoft Azure to provide cloud storage of our production data and systems, including your personal information and biometrics.
We also use Google Analytics, provided by Google, Inc. (“Google”). We use Google to collect, monitor and analyze users’ engagement with the Site and the authID Services. Google Analytics uses its own cookies to help authID analyze how you and others use the Site and the authID Services. The information generated by the cookie about your use of this website may include your IP address, the internet browser and language you use, preferences, the date and hour of your access to the web page and the websites you access after visiting the Site, and will be transmitted to and stored by Google on servers in the United States. Google will use this information for evaluating your use of this website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
To opt out of being tracked by Google Analytics, go to https://tools.google.com/dlpage/gaoptout and to find out more about Google’s Privacy Policy go to https://policies.google.com/privacy?hl=en
Third-Party Service Providers
Some Customers contract with authID to use a third-party service provider in order to provide additional verification of your identity to that Customer or to comply with applicable “know your client” anti-money laundering, or sanctions regulations, and as further described in our Terms & Conditions of Use (a “Third-Party Service”). In such case, authID will share with the third-party service provider some or all of your personal information sufficient to provide the Third-Party Service, and we will share with the Customer certain materials received by authID from the third-party service provider (“Third-Party Materials”) which may contain additional personal information about you.
“Third-Party Materials” include (but are not limited to) your first and last name, address, date of birth, occupation and whether you are listed on certain governmental databases. authID does not store or process such third-party materials once the transfer to the Customer has been completed. You should check with the Customer whether they receive Third-Party Services through authID and, if so, what Customer’s privacy policy is with respect to their use and storage of any Third-Party Materials.
- Business Transfers: In the event that authID merges with another business, or authID or its assets are acquired by another business, your information may be among transferred assets. In such case, you will receive notice of the merger or acquisition and your personal information will continue to be protected by the terms of this Privacy Notice unless you are notified otherwise.
- Protection of authID and Others: We disclose personal information when we believe that such disclosure is necessary to comply with applicable law or a valid court order, or to protect you or the security of authID, our Customers, or others. This includes exchanging information with other companies and organizations, as we may believe reasonable, for fraud detection and prevention.
Location of Personal Information
authID Inc. is a multinational business headquartered in the United States, with subsidiaries and affiliates in various countries around the world. Your personal information will be stored and processed in the United States, and may additionally be transmitted to other jurisdictions, including those of our subsidiaries and affiliates, third-party service providers, and the Customer with which you consent for us to work when you use the authID Services. If you are located outside the United States, your information will also be processed in the jurisdiction in which you are located. Whenever we transfer personal information to other jurisdictions, we do so in accordance with this Privacy Notice and as permitted by applicable data protection laws.
How We Secure Personal Information
authID designs and operates our systems with the privacy of your personal data as our highest priority. We adopt physical, electronic, and procedural safeguards to protect personal information.
We protect the security of your information when in transit and at rest using encryption protocols and per ISO 27001 certified ISMS policies. At least annually we conduct a cybersecurity risk assessment, the results of which drive initiatives to enhance our security controls and processes. We deploy technical safeguards designed to protect our information systems from cybersecurity threats. Such safeguards are regularly evaluated and improved based on vulnerability assessments, cybersecurity threat intelligence and incident response experience. Technical safeguards, include:
- encryption of personal data in transit and at rest;
- encryption of computer systems;
- multiple access controls and multi-factor authentication to access company systems, including biometrics;
- privileged access controls to production systems where personal data is stored;
- audit logs of user activities, exceptions and security events
We maintain databases in restricted areas and secure the content by use of firewalls and other security methods, using Microsoft Azure’s state of the art cloud hosting security. We also limit access to databases containing personal information to specifically authorized employees and agents and other parties identified in the disclosure section above. We also regularly undertake independent testing of our systems and processes to ensure compliance with our security protocols and our certificates of testing may be inspected upon request. However, you should remember that no method of data transmission over the Internet, or method of electronic data storage, is 100% secure. While authID strives to use commercially reasonable means to protect your personal information, authID cannot guarantee its absolute security.
Your Right to Access and Control Your Personal Information
To access your personal data or exercise any of your rights in relation to such data, you should contact the Customer that has requested or required you to use authID Services (e.g., your employer or membership organization, or a business from which you are receiving another service). If they are unable to assist you, you may contact us at legal@authid.ai
Cookies and Other Identifiers
Like many sites and apps, the authID Software uses "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use parts or any of the authID Offerings.
For more information about what a cookie is and how cookies are used by authID, please see authID’s Cookie Policy.
Children’s Personal Information
We don’t provide authID Offerings for use by children. If you’re under 18, you are prohibited from using any authID Offerings.
External Links
In using our AuthID Software and Services you may have access to websites and services offered by third-parties. We do not endorse or make any warranty of any type regarding the content contained on such websites or products and services offered on those websites or by any third-party. We make no representation regarding your use of such websites or any Customer or other third-party services. Please be aware that we are not responsible for the privacy practices of our Customers, third-parties, or the operators of other websites. We encourage our users to be aware when they leave our Site or apps and to read the privacy statements of each website and Customer or other third-party that collects or processes personal information. This policy applies solely to personal information collected by us. You should read any other applicable privacy and cookies policies carefully before accessing and using such other Customer or other third-party services and any other websites.
Retention, Deletion and Updating of Personal Information
We keep your personal information to enable your continued use of authID Offerings, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal information varies depending on the purpose for its use, and we will delete your personal information in accordance with the instructions given to us by our Customer, who are the data controllers and applicable law
We retain images of identity documents from Proof transactions for the purposes of troubleshooting and training authID’s software models for improved accuracy. These identity document images and certain associated transaction and metadata are encrypted and stored in a secure location, separate and apart from any other personal information and only accessible to authorized authID employees.
If you wish to review, modify, verify, correct, update, or delete any of your personal information collected through the authID Services, you should attempt to do so in the first instance by contacting the Customer (your employer, or other organization) who requested you to use our Services, or by emailing us at legal@authid.ai. Please note that authID may continue to use your de-identified data after your personal information is deleted. To the extent that authID retains personal information for record keeping purposes we may not use the information for any other purposes.
Biometric information will be deleted upon request by the Customer that requested you to provide it, typically within a certain period of time after your account with such Customer is closed, you cease to use the Customer’s service that requires biometric authentication, or cease to be employed by such Customer (as the case may be). Where your local law has a specific deadline for destruction we will comply with that deadline (see specific State or other jurisdiction sections below).
How to Contact Us with Any Questions or Concerns about Privacy
If you have any concerns about privacy at authID, please contact us at legal@authid.ai with a description of your concern, and we will try to resolve the issue for you.
Contact details for jurisdictions outside the United States can be found in “Additional Information for Certain Jurisdictions” below.
When you interact with authID Offerings at the request of or as required by your employer or membership organization or a business whose services you use or wish to use, then your personal information may also be subject to that employer’s or organization’s or business’s privacy practices, and you should additionally direct privacy inquiries to them.
Changes to this Privacy Notice
This Privacy Notice is effective as of the date at the top of this Privacy Notice and will remain in effect subject to any changes in its provisions in the future, which will be in effect immediately after being posted on this page. authID reserves the right to update or change this Privacy Notice at any time and thus you should check this Privacy Notice periodically. Your continued use of the Site, any authID Software or Services after authID posts any modifications to the Privacy Notice on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Notice.
Additional Information for Certain Jurisdictions
We provide additional information about our controllers and data protection officers (as applicable), the privacy, collection, use and retention and destruction of personal information for users of authID Offerings located in certain jurisdictions.
European Economic Area and United Kingdom
Controller of Personal Information: When we process your personal information to provide authID Offerings (including Verified and Proof transactions) or to identify and eliminate duplicate user credentials and accounts (De-Duplication services), the Controller of your personal information is the authID Customer that has requested such services. Our Customer is the same the business or organization that has requested or required you to use authID services. This may be your employer or prospective employer, a membership organization which you are joining or to which you belong, or a business whose services you are receiving or wish to receive. The identity of this Customer and data Controller will be shown on the screen when using the authID Services before you agree to these terms and conditions and Privacy Notice and collection of your ID document or “selfie” (and biometric). Contact information of the Controller will be provided to you directly by the Controller.
When authID processes your personal information other than in the context of providing services to our Customers, authID is the Controller of your personal information. For example, we act as Controller when we use your personal information to analyze and improve authID Offerings, to communicate with you for marketing or promotional purposes, to prevent fraud and abuse of our technology, or to comply with our legal obligations, all as described in more detail in the section above entitled “How We Use Personal Information”.
Authorized Representative in the EEA: authID’s legal representative in the EEA is:
The DPO Centre Europe Ltd
Alexandra House
3 Ballsbridge Park
Dublin, D04C 7H2
Ireland
eurep@authid.ai
+353 1 631 9460
Authorized Representative in the UK: authID’s legal representative in the UK is:
The DPO Centre Ltd
50 Liverpool Street
London
EC2M 7PR
United Kingdom
ukrep@authid.ai
+44 (0) 203 797 1289
Legal Basis for Processing: We process your personal information on one or more of the following legal bases:
- as necessary for our Customer to enter into a contract with you or a legal entity you represent, for the Customer to perform their obligations under such contract, to respond to related requests from you, or to provide customer support;
- as necessary to enter into a contract with you or a legal entity you represent, to perform our obligations under such contract or under our contract with our Customer , to respond to related requests from or related to you, or to provide customer support;
- where we have a legitimate interest, as described in this Privacy Notice (see How We Use Personal Information above);
- as necessary to comply with applicable law and legal obligations, including to respond to lawful requests and orders; or
- with your consent. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time, and we will stop further processing of your data for that purpose.
Information We Retain After Your Account is Closed.
If you decide to terminate your agreement and close your account with our Customer, cease to use the services of such Customer or cease to be employed by such Customer and thereby wish to close your authID account, we will retain your content until directed by our Customer to delete it. During this period, you may decide to reopen your Customer account and thereby your authID account. At the end of this period, we will delete any content remaining in your account, with the exception that after account closure, we may need to keep certain information for an additional period of time for legal and legitimate business purposes. For example, we may retain personal information such as your contact information (e.g., name, email address, physical address), a log of the dates and times when you provided us consent to capture and use your personal information, or information for tax and accounting or legal purposes. If applicable, authID may also retain records of communications with you, as well as relevant logs (e.g., a log of your account closure) for dispute resolution purposes. We further may keep records for preventing fraud and ensuring security, for example in case of misuse of our services or violation of our terms.
Your Rights. Subject to applicable law, you have the right to:
- ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
- request that inaccurate personal information is corrected;
- request deletion of personal information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;
- request us to restrict the processing of personal information where the processing is inappropriate
- object to the processing of personal information; and
- request portability of personal information that you have provided to us (which does not include information derived from the collected information), where the processing of such personal information is based on consent or a contract with you and is carried out by automated means.
Questions and Contacts. If you wish to do any of these things or have a data-protection related question, please contact us at legal@authid.ai or our legal representatives in the EU or UK identified above.
The data protection officer for authID can be contacted at legal@authid.ai
You can also lodge a complaint with a local data protection authority or our principal supervisory authority, the Data Protection Commission of Ireland. Information on how to contact the Data Protection Commission of Ireland is available at https://www.dataprotection.ie/en/contact/how-contact-us.
The Information Commissioner’s Office (ICO) regulates data protection matters in the UK. Information on how to contact the ICO is available at https://ico.org.uk/for-the-public/.
Cookies. Please refer to our Cookie Policy below at https://authid.ai/cookie-policy/.
Transfers Outside of the EEA. When we transfer your personal information outside the EEA, we do so in accordance with the terms of this Privacy Notice and applicable data protection law and if applicable in accordance with the provisions of any Standard Contractual Clauses we may have entered into with our Customer.
United States
California
These additional state-specific privacy disclosures, serve as a Notice at Collection under the California Privacy Rights Act, are required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
Categories of Personal Information Collected. The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the California Privacy Rights Act, depending on how you engage with the authID Offerings:
- Identifiers, such as your name, alias, address, phone numbers, or IP address, your authID account log-in information, or a government-issued identifier (e.g., a state-issued ID number or an ID you provide for identity verification, which in some cases may reflect citizenship or immigration status);
- characteristics of protected classifications under California or US federal law, such as age, race, or gender;
- internet or other electronic network activity information, including content interaction information, which search engine you use, and a record of when you consent to authID’s Terms of Service and Privacy Policy;
- biometric information;
- geolocation data, which may in some cases constitute precise geolocation information, such as the location of your device or computer;
- professional or employment-related information, for example data you may provide about your workplace location and time and attendance; and
- inference data, such as information about your preferences
We collect this information from you, automatically through your interaction with the authID Offerings, or from third parties. We collect this information for the business and commercial purposes described in the “How We Use Personal Information” section above.
Categories of Personal Information Disclosed for a Business Purpose. The personal information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the California Privacy Rights Act, depending on how you engage with the authID Offerings:
- Identifiers, such as your name, address, or phone numbers, , or government identifier or certain types of ID you provide for identity verification that may in some cases reflect your citizenship or immigration status, for example if our Customer uses authID Services to verify your identity;
- information that may reveal your age, gender, race, or other protected classifications under California or US federal law, for example if our Customer uses authID Services to verify your age, for sale of age restricted products;
- commercial information, such as the details of a product or service you purchased if a Customer is seeking your approval to provide that product or service to you;
- Internet or other electronic network activity information, such as if we use a third-party service provider to help us gather reports for analyzing the health of our devices and services;
- geolocation data, which may constitute precise geolocation data, for example if our Customer uses authID Services to authenticate your transaction approval, for anti-fraud purposes.
- professional or employment-related information, for example if we provide information to a third-party service provider for verification or registration as part of the authID Offerings;
- inference data, for example if we use a third-party service provider to store information about your preferences
Categories of Recipients to Whom Personal Information May Be Disclosed. Your personal information is disclosed to the authID Customer in response to whose request or requirement you use the authID Offerings, and to such subprocessors and third party service providers, as authID may use to provide and support the authID Offerings.
Your Data Rights. You may have certain data rights under California state privacy laws, including to request information about the collection of your personal information by us, to access your personal information in a portable format, to correct or delete your personal information, to opt-out of the sale or sharing of your personal information, and the right to limit use and disclosure of sensitive personal information. Your right to request and access information also includes the right to request the categories of personal information collected; the categories of sources from which personal information is collected; the business or commercial purposes for collecting, or sharing personal information; the categories of third parties to whom personal information has been disclosed; and a copy of the specific pieces of personal information collected. If you wish to do any of these things or if you have any questions about how authID complies with California data privacy law, please contact us at legal@authid.ai. Additionally, you may have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request. Depending on your data choices, certain services may be limited or unavailable.
To ensure the security of your authID account, we will generally ask you to verify your request using the contact information you have already provided. If you are an authorized agent making a request on behalf of a consumer pursuant to applicable state law, we may ask you to provide information verifying you have proper authority to make the request on behalf of the consumer or we may ask the consumer to verify their identity with us directly
No Sale of Personal Information; Restricted Sharing of Personal Information. We do not sell any personal information of consumers, as those terms are defined under the California Privacy Rights Act. We only share personal information as disclosed in this Privacy Notice.
California Privacy Rights Act Sensitive Personal Information Disclosure. The categories of data that we collect and disclose for a business purpose include “sensitive personal information” as defined under the California Privacy Rights Act, in that using the Proof Service we may collect a copy of and data from your passport, alien registration card or other national ID document and we collect the precise geolocation of your computer or digital device. We do not use or disclose sensitive personal information for any purpose not expressly permitted by the California Privacy Rights Act.
California Privacy Rights Act Retention Disclosure. We retain your personal information as necessary to enable your continued use of authID Services, for as long as it is required in order to fulfill the relevant purposes described in this authID Privacy Notice, as permitted or as may be required by law, or as otherwise communicated to you. See Retention and Updating of Personal Information for additional information.
California Privacy Rights Act Non-Discrimination Statement. We will not discriminate against any consumer for exercising their rights under the California Privacy Rights Act.
California Privacy Rights Act De-identified Data Disclosure. authID may use de-identified data in some instances. authID either maintains such data without attempting to re-identify it or treats such data as personal data subject to applicable law. authID will not re-identify deidentified data, except as permitted by applicable law.
Illinois
These additional state-specific privacy disclosures, serve as notice pursuant to the Illinois Biometric Information Privacy Act, as amended (BIPA)
Consent to Processing of Biometric Information. We will never collect or use your biometric information without your prior written consent. You acknowledge that you provide a “written release” as mandated by BIPA when you click a box that says “Agree and Continue” while using the authID Services, after you are requested to consent to transact electronically and to authID collecting, transmitting, and processing your biometric information to our Customer, and after you are requested to consent to the authID Terms & Conditions of Use.
What Biometric Information Do We Collect and Store? When you use the authID Services, you share a “selfie” photo with us which we process to extract “biometric identifiers”. These biometric identifiers are measurements related to your unique physical characteristics, comprising your facial measurements, which can be used to identify you.
For What Purposes Do We Collect, Use, and Store Biometric Information? We use your biometric information to provide Verified and Proof identity verification and authentication services to you and our Customers, as further described in this Privacy Notice. We use your biometric information in de-identified form to train and improve our platform algorithms. We never sell or share your biometric information and we do not use it other than as disclosed and consented to by you.
Biometric Information Privacy Act Retention Disclosure. We retain your biometric information as necessary to enable your continued use of authID Services, for as long as it is required in order to fulfill the relevant purposes described in this authID Privacy Notice, as permitted or as may be required by law, or as otherwise communicated and consented to by you. Biometric information will be deleted upon request by the Customer that requested you to provide it, typically within a certain period of time after your account with such Customer is closed, you cease to use the Customer’s service that requires biometric authentication, or cease to be employed by such Customer (as the case may be). In any event your biometric information will be deleted within 3 years of your last interaction with the authID Services.
Texas
These additional state-specific privacy disclosures, serve as notice pursuant to the Texas Business & Commerce Code Section 503.001 (“Texas Code”)
Information and Consent to Capture of Biometric Identifier. The disclosures in the Privacy Notice serve as the disclosures required for the purposes of the Texas Code. You acknowledge that you were informed about and provide consent to the capture of your biometric identifies, as mandated by the Texas Code, when you click a box that says “Agree and Continue” while using the authID Services, after you are requested to consent to transact electronically and to authID collecting, transmitting, and processing your biometric information to our Customer, and after you are requested to consent to the authID Terms & Conditions of Use.
We retain your biometric information as necessary to enable your continued use of authID Services, for as long as it is required in order to fulfill the relevant purposes described in this authID Privacy Notice, as permitted or as may be required by law, or as otherwise communicated and consented to by you. Biometric information will be deleted upon request by the Customer that requested you to provide it, typically within a certain period of time after your account with such Customer is closed, you cease to use the Customer’s service that requires biometric authentication, or cease to be employed by such Customer (as the case may be). In any event your biometric information will be deleted not later than the first anniversary of the date the purpose for collecting the identifier expires, except as provided by Subsection (c-1) of the Texas Code (use in connection with an instrument or document that is required by another law to be maintained for a longer period.)