SSI Verify App Privacy Policy

Key definitions

Analytics

ID Crypt Global reserves the rights to looks at trends of usage within the app. All information gathered through analytics is for the purpose of ID Crypt Global improving their customer experience, with all data used being aggregated and anonymous.

Data Controller

The data controller determines the purposes for which and how personal data is processed. So, if your company/organisation decides "why" and "how" the personal data should be processed it is the data controller.

Data Protection Officer

The person who is responsible for overseeing a company's data protection implementation to ensure compliance with data privacy law.

Encryption

This allows information to be hidden so that it cannot be read without a cryptographic key.

GDPR

The General Data Protection Regulation is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the UK & European Union (EU). It protects people and lays down rules about how data about people can be used.

This Privacy Policy

This privacy policy covers the ID Crypt Global SSI Verify Application (the "app").

ID Crypt Global is both the technology provider, developer and provider of the ID Crypt Global SSI Verify App.

The app verifies the presentation and authenticity of a Self-Sovereign Identity (SSI) as held by an individual. The App requests a cryptographic verifiable proof of the individual's identity, presenting their identity via a compatible SSI wallet, such as the ID Crypt Global Vault app, which is securely hosting their digital identity. The app works by forming a low-energy bluetooth connection with the compatible SSI wallet, as owned by an individual. Bluetooth is then used to send the identity proof from the individuals SSI wallet to the Verify app. The Verify app cryptographically verifies the authenticity of the identity and presents certain data to the user of the Verify app. The user is then able to provide the final step in authenticating and verifying the individuals identity.

The app enables you to quickly verify, cryptographically, identity claims made by an individual in a face-to-face situation. Typical use cases included verification of an individuals accreditations, such as certification from a professional body. The verify app also supports Zero Knowledge Proof presentation, for example, confirming an individual is over the age of 21 without the need for the individual to disclose their date of birth.

Information collection and use

ID Crypt Global collects zero data when the app is being configured or used. The app works in a peer-to-peer fashion with any compatible SSi wallet. For the avoidance of doubt, the Verify app connects directly with an individuals mobile SSI app, such as the ID Crypt Global Vault app, the connection is bi-lateral and does not use any third party platform or services to share data between the two. The app may capture presented proofs as part of an optional audit trail (the organisation must opt in for this feature) on behalf of the organisation using the Verify app. In such cases, proof presentation data is encrypted at rest within the audit functionality and securely stored by ID Crypt Global only.

The information we collect when creating your app

Organisation ID: If your organisation requires the use of the Audit capability of the app, then you must provide your Organisation ID as part of the configuration of your app. Your Organisation ID would have been issued to you by ID Crypt Global seperately.

Resolving issues

The app can be installed on multiple devices. However, in order for the Audit service to function correctly, each installation must have the Organisation ID entered wihtin the configuraiton of the app.

Recovering your account

If you use the Verify app with the Audit service, you may need to recover your credentials if you are moving to a new device, have uninstalled the app, and are reinstalling the app, have had your device lost or stolen. In any case, recovering an account is carried out by:

Providing an email address which has been previously verified by ID Crypt Global.

Requesting your Oranisation ID and access key to be securely re-issued to your verified email address.

Alternatively, your Organisation ID may be used with an access key.

An Organisation account should not be confussed with an Organisation ID. An Organisation ID is a unique identifier of the Organisation, it is not an account which can be managed. The Verify app is linked to an Organisation Account via the provided Organisation ID and Access key.

If the Verify App has the Audit capability enabled, then the Organisation ID and Access Key must be confiugred within the App. Failure to do so will result in data not being shared with the Audit service. In the case of an Audit, the Audit service can only provide data that has been shared correctly. It is the responsiobility of the Organisation to confirm the correct configuration of the Verify app, and to periodically check that their Audit data is being successfully captured from all devices running the Verify app.

Deleting your account

You may uninstall the Verify App at any time. If your Organisation wishes to delete its Audit account with ID Crypt Global, then this must be done by accessing the Organisations SaaS Portal with ID Crypt Global.

Push notifications

Some functions require the app to receive push notifications. The app makes available all push notification channels within the settings of the app.

Information sharing

Sharing captured personal information

The verify app captures and cryptographically verifies an individuals identity. In doing so, personal identifable data may be captured. The Verify App does not store this personal data, it only presents it to the end user for final verification. The end user should at no time attempt to capture the information or share with third parties. The user must work in accordance with local privacy laws at all times.

ID Crypt Global encourages all parties that request identity proofs from individuals to request as little information as possible, and wherever possible request a "zero knowledge proof" (ZKP). A ZKP provides cryptographic proof of a specific claim/attribute about an individual, however, it does not share any of the underlying data. An example would be a proof that is requested to confirm that an individual is over the age of 21. A ZKP would cryptographically confirm that you are over the age of 18, without the individuals data of birth being shared.

Security and data location

No data is captured or stored by the Verify App, unless an Audit service subscription is in place and the app configured to reflect this. In such cases, all data encrypted and stored at rest within a legal Jurisdiction that is either within the Organisations operating jurisidction, or at an identified region acceptable for that Organisation. Data that is transmitted is always done so via a secure encrypted link from the mobile app to the ID Crypt Global Audit service. Please note, data never leaves this secure location.

There is no need for any information to be viewed by our staff members. In addition, data is not shared at any stage of onboarding, using our services or when deleting the app, except for law enforcement data requests.

ID Crypt Global security policies are aligned with industry standards such as NIST and ISO 27001. The ID Crypt Global data location is continually tested for compliance with data centre international standards as well as for security and privacy. Independent penetration tests are carried out on an annual basis to ensure data security. ID Crypt Global will produce associated documentation on standards and security reviews of data centres if required.

Your rights and choices

Access rights

ID Crypt Global via the Verify app holds zero information and data on your users or organisation. As such, there is no data to requset access too.

In-house and Firebase analytics

Any analytical information that is collected from the use of the app is aggregated and is anonymous. We cannot therefore provide you with any information relating to your use of the app.

Complain to the regulator

As a UK company, ID Crypt Global is regulated by the UK Information Commissioner's Office (ICO) who is responsible for making sure that companies comply with the law on handling personal information. https://ico.org.uk/global/contact-us/

Contact us

You may contact ID Crypt Global via the following methods:

General purpose email: letstalk@idcrypt.global

Privacy / Security related email: privacy@idcrypt.global

Previous privacy policy versions

All versions of the ID Crypt Global privacy policy are stored securely by ID Crypt Global. There are no previous versions to date.