Privacy policy

We may collect personal information you provide to us directly or through your interactions with our services. This may include information such as your name, email address, or other details as required.

Event Reporting

If you choose to opt in to event reporting in the app, we may collect some anonymized information about the events that occur in the app. The app generates a random and anonymous identifier tied to your device that helps us keep track of the events. This information is used to improve our services and to provide you with a better experience.

We associate some data to these events that may contain information about the specifications of your device (RAM, model, etc.), your region, and anonymized metadata about your ID such as its issue and expiry date, issuing country, document type (passport or national ID), the signing algorithm and hashing algorithm used and the certificates used to sign your ID.

No personal nor sensitive information is collected from this operation. Data such as your name, document number, date of birth or any other sensitive ID data (including their hashes and signatures) never leaves your device during the operation.

If you choose to not opt in to event reporting, we will not collect any information about the events that occur in the app, nor about your device or the metadata of your ID.

Private FaceMatch

Some websites may ask you to perform a Private FaceMatch in ZKPassport when going through a verification process. The entire face matching process, including the liveness check, is performed locally on your device.

On some Android devices, the last part of the FaceMatch process, which verifies the integrity of the app's logic and of the device, can sometimes be delegated to a server. The server will only learn the expiry date of your ID, the certificate chain from Google root certificate to your device's secure enclave key id attestation, and the integrity token derived from your device hardware. All of this data is immediately discarded after the operation is completed.

On iOS, the last part of the FaceMatch process, which verifies the integrity of the app's logic and of the device, can be delegated to a server on older iPhones (such as the iPhone 8) with less than 3.5GB of RAM. More recent iPhones (e.g. iPhone 11 to 17) perform the entire process locally on the device without anything delegated to a server. The server will only learn the expiry date of your ID and the certificate chain from Apple root certificate to your device's secure enclave key id attestation. All of this data is immediately discarded after the operation is completed.

We use the information collected to provide, maintain, and improve our services, communicate with you, and for other legitimate business purposes.

We do not sell, trade, or otherwise transfer your information to outside parties unless necessary to provide you with our services, comply with legal obligations, or protect our rights.

We take reasonable steps to protect your information from unauthorized access, use, or disclosure. However, we cannot guarantee absolute security.

You may choose not to provide certain information, though this may limit your access to certain features of our services. You may also request to access, update, or delete your personal information by contacting us.

What biometric data does the app collect?

Our app does not collect, store, or process any biometric data. The app utilizes biometric systems provided by the user's phone solely for local authentication purposes to protect access to the encrypted identity data stored on the device.

How are biometric data used?

Biometric data (e.g. Face ID) are used exclusively as a security measure to make sure only the authorised users on the phone are granted access to the encrypted identity documents stored locally on the device.

Third-party sharing and storage:

No biometric data is shared with any third parties, including our servers. All biometric data processing occurs locally on your device and is never transmitted, uploaded, or stored by our application.

Data retention:

Since our app does not collect or store any biometric data, there is no retention period applicable to biometric data. All biometric processing is managed by the phone manufacturer according to their privacy and security standards.

User control:

You can disable biometric authentication for our app at any time through your device's settings. Disabling biometric authentication will require you to use your device passcode for authentication instead.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on our website.