Verify 2024 Privacy Policy

PLEASE READ THIS PRIVACY POLICY CAREFULLY AS IT CONTAINS IMPORTANT INFORMATION AND AFFECT YOUR LEGAL RIGHTS. PLEASE, NOTE THAT THE APPLICATION IS BUILT USING THE SPECIAL TECHNOLOGY TO SIGNIFICANTLY REDUCE THE VOLUME OF DATA COLLECTED FROM YOU, THE USER, AND TO ELIMINATE THE NECESSITY FOR CENTRALIZED DATA STORAGE OR SHARING.

LAST UPDATED: 21 March 2024

1. This Privacy Policy is incorporated in our Verify 2024 General Terms & Conditions (the "Terms") by reference, and together with the Terms constitutes a binding agreement between you and Provider and describes our information handling practices when you access and use the Application and Services. This Privacy Policy is meant to help you understand what your personal information (the "Personal Information") we collect and process and how we collect, process, use, store and protect the Personal Information. The Provider respects the privacy of the Users and recognizes the need for adequate protection and administration of the Personal Information in accordance with this Privacy Policy.

2. The Provider may make changes to this Privacy Policy from time to time. The changes will be effective immediately upon their publication. Please, review this Privacy Policy on a regular basis. You can determine when this Privacy Policy was last revised by referring to the "LAST UPDATED" sign at the top of the then-current version of this Privacy Policy. If changes are significant, we will provide a more prominent notice in compliance with applicable law.

3. Capitalized terms used but not defined in this Privacy Policy shall take the meanings assigned to such terms by the Terms.

4. BY ACCESSING OR USING, OR BOTH, THE APPLICATION OR SERVICES, OR BOTH, YOU AGREE TO BE BOUND BY, AND ACCEPT THIS PRIVACY POLICY.

5. If you have any questions about this Privacy Policy, please submit your request using the contact information, provided for in section 1.1 hereof.

1. OUR RELATIONSHIP TO YOU

1. Responsible entity for the collection, processing, use, storing and protection of your Personal Information is:

Name: Mark Feygin (fictitious name)

Email: [email protected] 

2. For any questions about this Privacy Policy or if you want to make privacy rights requests relating to your Personal Information, you may always contact us using the contact information above.

3. If you believe that we have infringed your rights, we encourage you to first submit a request by sending an email to: [email protected] (subject line: "Privacy Policy Request") so that we can try to resolve the issue or dispute internally.

4. If for any reason you are not satisfied with our data protection handling, you may complain to the relevant supervisory authority. This will be the applicable data protection regulator in your jurisdiction.

2. PERSONAL INFORMATION THE PROVIDER OR APPLICATION COLLECTS AND WHEN THE PROVIDER OR APPLICATION COLLECTS SUCH INFORMATION

5. The Personal Information is typically data that identifies an individual or relates to an identifiable individual (the definition of the Personal Information depends on the applicable law based on your physical location; only the definition that applies to your physical location will apply to you under this Privacy Policy). THE PROVIDER ITSELF COLLECTS, PROCESSES, USES AND STORES LIMITED TO THE MAXIMUM EXTEND AMOUNT OF THE PERSONAL INFORMATION, WHICH INCLUDES ONLY CORRESPONDENCE INFORMATION (as defined below) AND DOES NOT SHARE ANY PERSONAL INFORMATION WITH ANY THIRD PARTY. At the same time, inherent to its design, the Application (EXCLUSIVELY ON YOUR DEVICE) is capable of processing specific categories of the Personal Information, such as Identifying Documents and other forms of personally identifiable information (the "Eligibility Information"). THE ELIGIBILITY INFORMATION SHALL NOT BE DEEMED AS THE PERSONAL INFORMATION, WHICH IS COLLECTED, USED, SHARED OR STORED BY THE PROVIDER. THE ELIGIBILITY INFORMATION IS COLLECTED, PROCESSED, AND USED SOLELY ON THE USER’S DEVICES WITHOUT ANY INVOLVEMENT OF THE PROVIDER. THE ELIGIBILITY INFORMATION IS NOT STORED ON THE DEVICE UPON CREATION OF THE DI.  

6. First of all, to use the Application and Services, you may provide us with certain correspondence information, including any one or more of the following: information provided to our support team or user research team; records and copies of your email messages together with your email address and our responses, if you choose to correspond with us through email (the "Correspondence Information"). THE PROVIDER COLLECTS, PROCESSES, USES AND STORES ONLY CORRESPONDENCE INFORMATION, AND ONLY TO THE CORRESPONDENCE INFORMATION SECTIONS 3, 4, 5 AND 6 ARE APPLICABLE.

7. The Application is intentionally designed to minimize the collection, processing, use, storage, and sharing of the Eligibility Information. Accordingly, we will provide a highly detailed explanation of the processing level and depth to ensure you fully understand how the Provider safeguards your privacy and that the Provider has no access to the Eligibility Information.

8. The Eligibility Information is gathered directly from the User by the Application and processed solely and exclusively within the Application on the Device, without any involvement of the Provider or any other person, under the following circumstances:

1. the User downloads and uses the Application;

2. the User verifies the VC (as defined below) through the Application; and

3. the User creates Digital Identity through the Application.

9. The Application and Services use an identity system based on zero-knowledge cryptography. This system enables the Users to verify their eligibility to third parties without disclosing their Personal Information to such third parties.

10. Your DI is the virtual representation that you passed credential-based verification. The DI includes anonymized identificatory (the "Identificatory") of the User and verifiable credential of the User’s Identifying Documents (the "VC"). The Identificatory is issued by the Application upon creation by the User of the VC based on the zero-knowledge proof of the relevant Identifying Document. The Provider and other third parties can access only Digital Identity as a vehicle to verify selective checks on your VC.

11. For each VC that the User creates through the Application, the following set of the Eligibility Information is processed by the Application: proof-of-citizenship (based on the Identifying Documents), which includes the hash of your photo retrieved from the relevant Identifying Document, your nationality, your date of birth, the date of issue and the date of expiry of the relevant Identifying Document. This data is provided by you and accessed voluntarily within the process of the Application use.

12. When creating the VC through the Application, the Application anonymizes the Eligibility Information through the use of zero-knowledge proofs. Zero-knowledge proofs are a method by which we help you stay anonymous; they are a mathematical method to prove certain statements about you without disclosing any of the underlying Personal Information. The questions we verify through zero-knowledge proofs are carefully selected in order to ensure full anonymity and make real name identification of you through indirect means practically impossible. Already anonymous Personal Information does not require further anonymization and will be provided as collected.  

13. In the following, a list of the anonymized data verifiers can access for each of the VCs created through the Application once authorized by you:

1. proof-of-citizenship: (i) adulthood - is the VC holder over 18 years old? [yes/no]; (ii) citizenship - country of your citizenship; and

2. proof-of-personhood: (i) uniqueness - has the hash of your photo retrieved from the relevant Identifying Document been used to create another VC? [yes/no]; and (ii) similarity ciphertext - to what degree does the hash of your photo retrieved from the relevant Identifying Document match with previously collected hashes of the photos? [0 - 100%].

14. SINCE THE DI IS ANONYMIZED USING ZERO-KNOWLEDGE PROOF, YOU HEREBY CONFIRM AND AGREE, THAT THE USERS CARRY ANY ELIGIBILITY INFORMATION SOLELY AND EXCLUSIVELY WITHIN THEIR DEVICES. IF YOU ARE THE USER THAT USES THE APPLICATION, YOU ARE SOLELY RESPONSIBLE FOR KEEPING YOUR DEVICE AND ANY ELIGIBILITY INFORMATION SECURE. THE PROVIDER, AND ANY OTHER PERSON, OTHER THAN THE USER, HAS NO ACCESS TO ANY ELIGIBILITY INFORMATION. IN NO EVENT, THE PROVIDER COLLECTS, USES, SHARES OR STORES ANY ELIGIBILITY INFORMATION.  

3. USE OF PERSONAL INFORMATION

Our primary purpose in collecting Personal Information is to provide you with a secure, smooth, efficient and customized experience. We generally use Personal Information to create, develop, operate, deliver, and improve the Application and Services, content and advertising; and for loss prevention and anti-fraud purposes. We may use the Personal Information in the following ways and for the following purposes:

1. to provide you with the Application and Services, to deal with any requests or inquiries you may have with respect to the Application or Services, or both, and to provide customer service and support;

2. communicate with you about your access and use the Application or Services;

3. inform you about important changes to, or other news about, the Application or Services, or both;

4. to operate, maintain, improve, personalize, and analyze the Application and Services, to monitor and analyze trends, usage, and activities for marketing or advertising purposes, to enhance your experience, to allow you to participate in interactive features on the Application and Services;

5. to develop, test and improve new products or services, including by testing and troubleshooting new products and features; and

6. for any purpose that you provide your consent. We will not use your Personal Information for purposes other than those purposes we have disclosed to you, without your permission.

4. SECURITY, PROTECTION AND STORAGE OF PERSONAL INFORMATION

15. The Application and Services are built with strong security features that continuously protect your Personal Information. The Provider maintains appropriate physical, electronic and procedural safeguards to protect the security and confidentiality of the Personal Information you entrust to us. And if we do detect something risky that we think you should know about, we will notify you and help guide you through steps to stay better protected.

16. In general, we protect your Personal Information by maintaining physical, electronic and procedural safeguards in compliance with the applicable laws and regulations, including:

1. physical safeguards: enforcing physical access control to our buildings and files;

2. electronic safeguards: firewalls and data encryption; and

3. procedural safeguards: authorization of access to Personal Information only for those employees, contractors, and agents who require it to fulfill their contractual responsibilities (we have strict confidentiality obligations for anyone with access to Personal Information); reviewing the information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to the Personal Information.

17. However, you hereby acknowledge and agree that safety and security of your Personal Information also depend on you. We ask you not to share your Device with anyone.

18. While we have employed security technologies and procedures to assist in safeguarding your Personal Information, no system or network can be guaranteed to be 100% secure. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of the Personal Information at any time. Any transmission of the Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in the Application or Services, or both. Furthermore, we cannot ensure or warrant the security or confidentiality of the information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your Personal Information is no longer secure, please contact us using the contact information provided in section 1.1 above.

5. LEGAL BASIS FOR PERSONAL INFORMATION PROCESSING

19. For Users who are located in the European Economic Area, the United Kingdom or Switzerland ("EEA Residents")  at the time their Personal Information is collected, our legal basis for processing their Personal Information under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC will depend on the Personal Information at issue, the specific context in the which the Personal Information is collected and the purposes for which it is used. We generally only process your Personal Information where we are legally required to, where processing is necessary to perform any contracts we entered with the relevant User, where processing is in our legitimate interests to operate our business and not overridden by the relevant User's data protection interests or fundamental rights and freedoms, or where we have obtained the relevant User's consent to do so. Below, in a table format, a description of all the ways we plan to use your Personal Information, and which of the legal bases we rely on to do so are set out.

20. Please, contact us if you need details about the specific legal basis we are relying on to process your Personal Information where there is more than one legal basis for processing.

21. We will only ever process your Personal Information for the purposes we collected it, unless we reasonably consider that we need to process it for another purpose and that purpose is compatible with the original purpose. If you wish to get an explanation as to how the processing for a new purpose is compatible with the original purpose, please, contact us.

22. If we need to process your Personal Information for an unrelated purpose, we will notify you and we will explain the legal or other basis which allows us to do so.

6. RETENTION OF PERSONAL INFORMATION

23. The Provider only retains the Personal Information for no longer than is necessary for the purposes for which the relevant Personal Information is processed. The Provider may retain your Personal Information for a longer period in the event of a complaint or if it reasonably believes, there is a prospect of litigation in respect to relationships between you and Provider.

24. To determine the appropriate retention period for the Personal Information, the Provider considers the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of the Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means.

25. In all cases where we keep the Personal Information, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

7.  CHILDREN'S PERSONAL INFORMATION

You must be 18 (eighteen) years or older to access and use the Application and Services. If you are under 18 (eighteen) years of age, you are not permitted to access and use the Application and Services. The Provider does not collect, process, use or store the information of persons under 18 (eighteen) years of age.

8. YOUR CHOICES AND PRIVACY RIGHTS

26. Depending on applicable laws and regulations of jurisdictions where the relevant User resides (including the EEA Residents), the User may be able to assert certain rights related to the Personal Information identified below:

1. to obtain from the Provider confirmation whether the Provider process any of your Personal Information;

2. to request for access to your Personal Information processed by the Provider;

3. to withdraw of the consent to processing of your Personal Information at any time (provided that the relevant Personal Information processing is based on your consent);

4. to obtain from the Provider the rectification (correction) of inaccurate Personal Information;

5. to obtain from the Provider the erasure (deletion) of the Personal Information;

6. to obtain from the Provider the restriction of processing;

7. to receive your Personal Information, which have been provided to the Provider, in a structured, commonly used and machine-readable format and to transmit that Personal Information to another controller without hindrance from the Provider;

8. to object to processing;

9. not to be subject to a decision based solely on automated processing; and

10. to complain to the local data protection authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your Personal Information.

27. These rights will only apply in certain circumstances. If you wish to exercise any of these rights or become acquainted with circumstances, in which the relevant right is applied, please, contact us. That being the case, the Provider may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

28. If any of the rights listed above are not provided under law for the relevant User's jurisdiction, the Provider has sole and absolute discretion in providing the relevant User with those rights.

9. TERMS

If you choose to access or use, or both, the Application or Services, or both, such actions and any dispute over privacy is subject to this Privacy Policy and the Terms, including limitations on damages, resolution of disputes and application of the law of the State of Florida.