Privacy Policy

Overview

This Privacy Policy governs the manner in which ID123 Inc. and our affiliates (“ID123”) collect, uses, maintain and processes data, including Personal Information on our Website, Services and Mobile Apps. The purpose of this privacy policy is to inform you about what kinds of information we may collect, process or store about you, how we may use that information, whether we disclose it to anyone, and your rights regarding the use, access and correction of your personal information. We are committed to safeguarding your Personal Information.

This policy does not apply to companies that we do not own or control, or to the actions of people we do not employ or manage. This includes any companies from whom you may have submitted your data to independently or through our Services, and any companies from whom you may have visited through a link made available to you through our Services.

If you disagree with this Privacy Policy, you should not use or stop using our Websites Services and Mobile Apps. This Website is not directed at children under 13 years of age.

What We Do

ID123 provides identity products and services (our “Services”) to institutions worldwide (our “Customers”) to help them create, manage their digital ID cards and credentials, and issue them to both people and things (“End Users”). We also provide Services directly to End Users to help them create a digital identity profile and store their institutionally issued ID cards and credentials. We also provide in-app messaging services to our Customers enabling them to communicate with their Users through the mobile application. Each End User has the option to opt-in or opt-out of receiving messages from the institution. Our Website at “id123.io” and other affiliated sites such as mobile app stores are used to market and advertise our Services as well as serve as a channel for support and feedback for Customers and Users.

Data We Collect and How We Use It

Information that you provide to us when you use the Website

Certain parts of our Website allow you to submit personal information voluntarily to learn more about our Service or for support reasons. We may collect personal information about you (such as full name, email address, country, phone number) so we can fulfill your request. You may also provide information about your employer, such as company name, URL and country. We will use this information to respond to your inquiries and communicate with you about our products.

Information that we collect automatically when you use the Website or Mobile App

When you visit our Website or Mobile App, we collect certain information related to your device, IP address, browser, geographic location (e.g. country or city-level location), and the time that you visited our Website. We may use cookies and similar technologies to help us track your usage automatically. You can choose to opt out of our cookies when visiting our Website. For more information on our use of cookies, please see our Cookie Policy. We will use the information we collect to analyze how our Website and Mobile App is used and to improve the experience. We will also use it to administer our website, troubleshoot issues, route web traffic, provide advertising to you on third party sites and to enable security mechanisms to prevent abuse.

Information that our End Users provide to us to perform our Services

End Users may upload personal information, such as email addresses, telephone numbers, physical addresses, full names, and photos to our Service to create their profile. End Users will have their email address and phone number verified to ensure they are the legitimate contacts of that individual. We use this information to enable the End Users to sign into the Service and so we can send them communications about their account or their issued digital ID cards. We may use the physical mailing address submitted by End Users to enable the shipping of a physical ID card duplicate to their home or other location, if applicable. End Users may upload a profile face photo or photos of other supporting identity documentation. We use the profile face photo as the default ID card face photo when an End User is installing a new digital ID card and we enable them to submit their photos to an ID card issuing institution. We may also use the profile face photo along with their name as part of chat communications to identify their messages in a conversation. With the End Users permission, we may compare photos submitted by the End User that contain their face with photos provided by the ID Card issuing institution that contain their face as part of the ID card issuing process to prevent fraud. We may collect and process face data from the photos provided by End Users to identify violations of photo ID card guidelines before the photo is submitted to the ID card issuing institution. For example, we may use face data to ensure the End Users eyes are open, or they are not wearing a hat or dark sunglasses. We rely on data processors to process, encrypt and securely storing the photos. We do not share photos with third parties or permit sub-processors to use photos for any other purpose. We will only share photos with an ID card issuing institution upon the request of the End User as part of the digital ID card issuing process. We also provide End users with the tools to share their digital ID card photo and other identity information with third parties from their device.We do not store the face data processed from ID card photos on our servers or share face data with third parties.

Information that our Customers provide to us to perform our Services

Our Customers are businesses and institutions. These Customers may upload ID card information including personal information, such as email addresses, telephone numbers, physical addresses, full names, identification numbers, and photos. Customers may send us attributes of their End Users in order for us to personalize their digital ID cards as well as communication with them. We use this information to generate a digital ID Card and related identity Services to End Users for our Customers. Our Customers can import photos of End Users faces that will then be added and displayed to the End User’ ID cards in the app so that the End User can be utilized as an ID card. Customers who upload an End User face photo controls the photo and this photo can be updated, modified or deleted at any time by the Customer. With the End Users permission, we may compare the photos provided by the ID Card issuing institution that contain their face with a photo or video of the End Users face taken from the Digital ID card app as part of the ID card issuing process to prevent fraud. We may use face data from the photos submitted by the Customer to identify violations of photo ID guidelines before the photo is issued to the End User as a digital ID card or physical ID card.

Information that we collect for our Customers to perform our Services

Customers may use our Services to collect information from their End Users through the mobile app in order to verify their identity and issue them a digital ID card. This may include personal information, photos, identity information, and also device information. We may display form fields within the mobile in order to collect information or obtain consents from an End User on the Customers behalf. We may host an email address or phone number for a Customer in order for them to send and receive communication with End Users on their behalf. We may collect replies and track opens and clicks of those messages. Customers can give End Users the option to upload their own face photos or other supporting identity documentation. We process and store this information on our Customers behalf as their data processor.

Information that we collect about our Customers using the Services

We will collect information, including Personal Information, about each Customer when they register for the Service, such as name, email address, phone number company name, company address, support email. We will use that information for correspondence concerning Customer’s use of the Service, regarding such things as product functionality, security updates, billing, support or other service related or marketing reasons. Any recipients of marketing emails will always be able to opt-out of receiving marketing information at any time. If the Customer pays buy credit card, our payment processor will collect payment information in order to process payments for their usage of the Service.

Your Privacy Under CCPA

If you are a resident of California, you have the right to request access, modification, and deletion of any personal information we process about you under the California Consumer Privacy Act. Our CCPA obligations cover any California resident’s personal information we process through the use of our Website, Services, and Mobile Apps. Data submitted to another company independently or through our Services is not covered under this section and all inquiries regarding your data rights should be directed to them.

When you use our Website, Services, and Mobile Apps we collect certain categories of personal information from you including identifying, contact, payment, biometric, geographic and navigational information as well as system usage data. We may disclose these categories of personal information for business purposes in order to provide our services to you, business operational reasons, and to provide internal data analytics information. We do not sell your personal information to any third parties.

You have the right to request the disclosure of all personal information we process about you over the past 12 months, including the right to know what personal information we disclosed to third parties for a business purpose. We will review your request and provide a disclosure which contains the categories and specific pieces of personal information we have processed, the sources of personal information, the business purpose for processing, and any third parties with whom we have shared your personal information. To ensure your privacy and security, we will take reasonable steps to verify your identity before processing your request.

You have the right to request the deletion of your personal information we have processed. We will review your request and will delete your personal information as well as direct all service providers to delete your personal information from their systems. Deletion of personal information is subject to certain exceptions, such as complying with law enforcement requests or other legal matters.

If you choose to exercise any of your data rights, we will not discriminate against you or your use of our Services in any of the following ways, including denying goods or services to you, charging different prices or rates for goods or services, providing a different level or quality of goods or services to you, or suggesting any of the above.
You can send an email to privacy@id123.io to request a disclosure or deletion of your personal information. Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

Your Privacy Rights Under GDPR

You may request access to your information to review, modify or request deletion of any personal information we process about you. We will review your request and will respond in accordance with applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before processing rights requests. We will also stop sending marketing communications to you by clicking “Unsubscribe” in any marketing e -mail communications we send you.

If you are a resident of the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or, if applicable, request the portability of your personal information. You can send an email to privacy@id123.io to exercise these rights or fill out a Data Erasure Request. If you are a resident in the EEA, you have the legal right to complain to the data protection authorities in the EEA about our collection and use of your personal information.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

Data Hosting & Security

Information collected from our Website, the Service and the Mobile App is transferred to and hosted in the United States. Additionally, we may use third-party vendors and affiliates in various countries around the world to process your information. We have taken appropriate safeguards to require that your personal information will remain protected in accordance our obligations.

We have legitimate business interests to collect process and retain personal information for the purposes described in this Policy. We retain personal information we collect from you for as long as we have an ongoing legitimate business reason or requirement to do so. While retaining the data, we will securely store your personal information. We use appropriate technical and organizational security measures to protect personal information against unauthorized access, disclosure, alteration, and destruction.

Data Disclosure to Third-Parties

We do not sell or rent any of your information to third parties for any advertising or marketing purposes. However, the following describes some of the ways that We may disclose your information in the normal course of providing Our services.

Vendors

We may use third party vendors, consultants and other service providers to help us with any of the collection and processing activities described herein. Those providers work on our behalf, as instructed by our team.  Prior to sharing data with a third party, we assess the provider’s controls to ensure the data is correctly processed and adequately protected. We require that any information disclosed to a provider is used only to provide services to us and only as allowed by applicable law. For a list of third party vendors we use to process personal information see Exhibit 2 of our Data Processing Addendum https://www.id123.io/terms/dpa/

Affiliates

We may provide your information with a subsidiary, parent company or company under common control with ID123 inc. Our affiliates will use your information only as described in this Policy.

Authorities

We reserve the right to disclose information as required by law or regulation and when necessary to comply with a judicial proceeding, court order, or legal process.

Change of Control

If we are involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction, as permitted by law and only for the purposes disclosed herein.

Cross-Border Data Transfer

ID123 is committed to safeguarding the transfer of your data between the EU and the US.  Our Data Processing Agreement (DPA) https://www.id123.io/terms/dpa/ includes the European Commission’s Standard Contractual Clauses and is incorporated into our Terms of Service.

This Policy

Updates:

We periodically update this Privacy Policy. We will post any changes on this page and, if the changes are significant, we will send an email notification if we have your contact info and permission.

Questions:

If you have any questions concerning our privacy policy, or how we treat your data, please contact us at: privacy@id123.io or mail us at ID123 inc. 397 Moody St. STE 202 Waltham MA 02453