At truuth your privacy is extremely important to us as demonstrated in our overall mission to empower all our customers to protect their identity and personal data with military grade security. We’re passionate about creating a more secure and trusted online world, where you can have confidence in the identity and claims of other users. We enable people to share verifiable data in a secure environment.
To provide our Biopass Services, we need to collect certain information about users. The exact information needed depends on the check that’s being carried out. The information we collect may include but is not limited to:
We may collect “sensitive” information about you. We will always ask your consent to carry out the checks and obtain the data only by lawful and fair means.
For example, when (i) enrolling a user and then (ii) authorising the user for access to a relying party, we may ask to capture a picture or video of the users face. We will also look to identify signs of fraud, such as imitating the identity of a different person. To achieve this, we examine the information contained in the images and the image metadata (such as the name of the camera model used to take the image).
Our data collection involves two separate parties:
Clients are organizations that have asked truuth to authenticate a user. Once we have processed authentications, we share the results with the client. The client then decides how they want to proceed with the user based on the results – for example whether they are given access to their service.
Users are individuals whose identities we enrol and then verify against when processing an authentication on behalf of our clients. We collect users’ information from clients or directly from the users themselves. This information might include a video of the user, and biometric identifiers for the face, voice. It may also be a user PIN code used for the authentication. This enables us to help the client verify that the user is the identity owner and should be provided access to the client service and has not shown signs of fraud. In some circumstances, we may also collect device identifiers, location coordinates, and IP addresses to help us understand whether a device has previously been used in relation to suspected fraudulent activity and whether truuth is permitted to provide Identity Verification Services in the country in which the user is located. To further combat fraud, we also collect identity information that has been leaked or otherwise made available on the internet.
Purpose of collecting the above information is to verify the identity of the users for our Client, to securely share it with them and store as per our agreed policies with our clients. These policies are in line with the privacy policies that our clients agree with Users.
Truuth policy complies with Privacy Act 1988 and ACC Act 2002 on purpose of collecting the personal information.
We collect personal information of the users via Mobile application or Web application that the user will be provided access to from the Client or ourselves.
Information we collect from our users are kept in secure storage inside the region data centres agreed with the client for use with its users. We ensure that any information is securely protected from misuse, loss, and unauthorised access, modification or disclosure. Best practices such as encryption, access control, logging and versioning have been implemented on the secure storage which holds personal information inline with ISO27K standards that truuth is accredited for. For more information about information security at truuth, please visit the Guide to Security at truuth. If you think you have identified a security vulnerability or bug in our Identity Verification Services, please report it to the truuth security team at firstname.lastname@example.org.
truuth policy complies with Privacy Act 1988 and ACC Act 2002 on storing the personal information.
We perform our Biopass services on behalf of our clients for a variety of different reasons. Those reasons are identified by our clients, and we rely on them to tell us when they no longer need us to store the information we’ve collected on their behalf. Once instructed, either through our policy agreement with the client or through an ad hoc request, we delete the information we have collected about users when performing the requested Services.
If you, as a user, would like to make a specific request to have your information deleted, please make that request directly to the client that carried out your related check. For more information about how to do this, please see below under “Your Rights”.
Where we have a legitimate legal reason, we may also store information for longer than described above – for example, where we are under a binding legal order not to destroy information..
We will disclose the information to our Client in order to verify the user identity.
We will not share, transfer or store the information we collect outside the regions agreed with our clients for their users.
If we’re able to verify the identity of a user and the user is able to pass all requested checks, we notify the client who can then continue with the authentication process to provide the user access to the targeted relying party service.
If we’re unable to verify the identity of a user or the user isn’t able to pass all requested checks, we recommend to the client that they do not let the user complete the authentication and hence do not receive access to the targeted relying party service.
To further improve our Services, we train our computers to recognize specific patterns in information and make predictions about new sets of information based on those patterns. This is known as machine learning. We train our machine learning models to locate and extract the information in facial images & videos and to verify the users are human (not robots).
We use information to provide and maintain our Services on behalf of clients on the basis that the user has consented to the processing with the client who has a legitimate or lawful reason for requesting the truuth Services, or the processing is necessary to carry out a task in the public interest or for reasons of substantial public interest.
We also use information to further improve our Services on the basis that the processing is necessary in the legitimate interest of the client or truuth, the processing is necessary to carry out a task in the public interest or for reasons of substantial public interest, the processing is necessary for scientific research purposes, or the user has provided their consent.
If you would like to access a copy of your information, have your information deleted, corrected or otherwise exercise control over how your information is used, please contact truuth at email@example.com.
To lodge a complaint, please write us at firstname.lastname@example.org
Please be aware, some requests may require us to notify the relevant client so the client may fulfill the request instead (and not truuth). This is necessary where truuth is acting on the client’s behalf.
As truuth provides its Services on behalf of its clients, truuth will not disclose any information related to a specific check pursuant to a government or law enforcement request unless there is a binding legal order to do so or our client has consented to the disclosure. This is necessary for us to comply with our legal obligations. Any government or law enforcement body requesting information related to a specific check may contact us at email@example.com, and we will seek to put you in contact with the relevant client.
If you would like more information about how truuth collects and uses information, or if you would like to contact the truuth data protection officer, please contact truuth at firstname.lastname@example.org, or at:
Attention: Privacy Office
Level 6, 201 Kent St
If you would like to raise a concern with a Privacy Supervisory Authority, a list of contact points is available here.
Drop us a line and we will get back to you soon!