At truuth your privacy is extremely important to us, as demonstrated in our overall mission to empower all our customers to protect their identity and personal data with military-grade security. We’re passionate about creating a more secure and trusted online world, where you can have confidence in the identity and claims of other users. We enable people to share verifiable data in a secure environment.
This policy explains how we are to protecting the privacy and security of your data in our ‘Identity Verification’ Service where we verify an identity and carry out checks related to that identity. This Privacy Policy helps you understand how we use the information we collect to provide our Identity Verification Services to ensure your trust in our truuth Identity Platform.
We may need to update this Privacy Policy from time to time, so we recommend you check back periodically If we make any substantial changes, we may notify you via email or by posting a notice on our website.
To provide our Identity Verification Services, we need to collect certain information about users. The exact information needed depends on the check that’s being carried out. The information we collect may include but is not limited to:
We may collect “sensitive” information about you. We will always ask your consent to carry out the checks and obtain the data only by lawful and fair means.
For example, when verifying the identity of a user, we’ll ask for an image of their identity document as well as a picture or video of their face. We’ll then seek to verify whether the identity document is likely to be genuine and whether the person in the photo or video is likely the same person pictured in the identity document. We will also look to identify signs of fraud, such as imitating the identity of a different person. To achieve this, we examine the information contained in the images, including the machine-readable data (such as an identity document’s barcode) and the image metadata (such as the name of the camera model used to take the image).
Our data collection involves 3 separate parties:
Clients are organizations that have asked truuth to verify an identity and/or carry out additional checks related to that identity. Once we have verified an identity or run a check, we share the results with the client in a truuth Report, as described further below. The client then decides how they want to proceed with the user based on the results. In some cases, the client might ask for additional information before making a decision. Also, some clients only ask us to carry out a check if an earlier check was passed or not passed. This ensures we only do the minimum number of checks needed.
Users are individuals whose identities we verify or otherwise check on behalf of our clients. We collect users’ information from clients or directly from the users themselves. This information might include an image of an identity document (e.g. a passport or a driver’s license), photos (at times, taken in quick succession for anti-fraud purposes) or a video of the user, and biometric identifiers for the face, voice, and fingerprint. This enables us to help the client verify that the user is the true owner of the identity document and has not shown signs of fraud. In some circumstances, we may also collect device identifiers, location coordinates, and IP addresses to help us understand whether a device has previously been used in relation to suspected fraudulent activity and whether truuth is permitted to provide Identity Verification Services in the country in which the user is located. To further combat fraud, we also collect identity information that has been leaked or otherwise made available on the internet.
Data providers are used to provide additional information to carry out specific checks. For example, if we need to verify the details of a user’s drivers licence, we might ask for additional information from the appropriate governmental body.
We also keep logs of how our clients, users, and data providers interact with our Identity Verification Services. This might include timestamps of when the information was submitted to truuth, and information about the device used to submit that information.
Purpose of collecting the above information is to verify the identity of the users for our Client, to securely share it with them and store as per our agreed policies with our clients. These policies are in line with the privacy policies that our clients agree with Users.
truuth policy complies with Privacy Act 1988 and ACC Act 2002 on purpose of collecting the personal information.
We collect personal information of the users via Mobile application or Web portal that the user will be provided access to from the Client or ourselves.
Information we collect from our users are kept in secure storage inside Australia owned data centres physically located within Australia. We ensure that any information is securely protected from misuse, loss, and unauthorised access, modification or disclosure. Best practices such as encryption, access control, logging and versioning have been implemented on the secure storage which holds personal information inline with ISO27K standards that truuth is accredited for. For more information about information security at truuth, please visit the Guide to Security at truuth. If you think you have identified a security vulnerability or bug in our Identity Verification Services, please report it to the truuth security team at security@truuth.id.
We may collect “sensitive” information about you. We will always ask your consent to carry out the checks and obtain the data only by lawful and fair means.
For example, when verifying the identity of a user, we’ll ask for an image of their identity document as well as a picture or video of their face. We’ll then seek to verify whether the identity document is likely to be genuine and whether the person in the photo or video is likely the same person pictured in the identity document. We will also look to identify signs of fraud, such as imitating the identity of a different person. To achieve this, we examine the information contained in the images, including the machine-readable data (such as an identity document’s barcode) and the image metadata (such as the name of the camera model used to take the image).
truuth policy complies with Privacy Act 1988 and ACC Act 2002 on storing the personal information.
We perform our Identity Verification Services on behalf of our clients for a variety of different reasons. Those reasons are identified by our clients, and we rely on them to tell us when they no longer need us to store the information we’ve collected on their behalf. Once instructed, either through our policy agreement with the client or through an ad hoc request, we delete the information we have collected about users when performing the requested Identity Verification Services.
If you, as a user, would like to make a specific request to have your information deleted, please make that request directly to the client that carried out your related check. For more information about how to do this, please see below under “Your Rights”.
Where we have a legitimate legal reason, we may also store information for longer than described above – for example, where we are under a binding legal order not to destroy information.
Using & disclosing Information captured in our Identity Verification Services
We will disclose the information to our Client in order to verify the user identity and checks with them.
We will not share, transfer or store the information we collect outside Australia.
As well as sharing information with clients, users, and data providers (as described above), truuth also shares information with external parties that are performing tasks on our behalf (including our affiliates) and with other companies, organizations, government bodies, and individuals outside truuth where we have a legitimate legal reason for doing so (for example, in connection with any merger or acquisition) or where we have been instructed to share the information on behalf of our clients.
For example, if a client has configured the Identity Verification Services to check whether an identity document has been previously identified as lost, stolen, fraudulent, or otherwise compromised by a government or other external party, truuth may share that compromised identity document on behalf of that client, and the government or other external party may retain a copy to the extent they consider it necessary, proportionate, and lawful. Under the instruction of clients or under court order, truuth may be required to share identity documents with the Police Department or Government Regulatory Authorities.
Whenever legally possible, we seek to protect the information we share by imposing contractual privacy and security safeguards on the recipient of the information. This is particularly important in cases where the recipient is located in a country that has different or lesser privacy laws than those of the country where the information was originally collected.
If we’re able to verify the identity of a user and the user is able to pass all requested checks, we notify the client who can then continue with their onboarding process.
If we’re unable to verify the identity of a user or the user isn’t able to pass all requested checks, we recommend to the client that they conduct additional checks before continuing with the onboarding process.
To further improve our Identity Verification Services, we train our computers to recognize specific patterns in information and make predictions about new sets of information based on those patterns. This is known as machine learning. We train our machine learning models to locate and extract the information in documents, to detect fraudulent documents, and to verify the users are human (not robots).
We also train our human analysts to perform those tasks so they can assist when our machine learning models aren’t best suited for the task or are still learning. Sometimes, we’ll also re-run and re-submit checks to ensure our Identity Verification Services are working properly, particularly when testing a new feature or service for quality assurance. Together, these developments help make truuth’s Identity Verification Services stronger and safer for all clients and users.
We use information to provide and maintain our Identity Verification Services on behalf of clients on the basis that the user has consented to the processing or otherwise requested Identity Verification Services, the client has a legitimate or lawful reason for requesting Identity Verification Services, or the processing is necessary to carry out a task in the public interest or for reasons of substantial public interest.
We also use information to further improve our Identity Verification Services on the basis that the processing is necessary in the legitimate interest of the client or truuth, the processing is necessary to carry out a task in the public interest or for reasons of substantial public interest, the processing is necessary for scientific research purposes, or the user has provided their consent.
When we verify an identity or carry out a check on behalf of a client, we provide a truuth Identity Report to that client. This truuth Identity Report details our recommendation and the reasoning behind it. The reasons are generated from the different machine learning models and human powered processes that are used to verify an identity or perform a check. The truuth Identity Report includes details of multiple types of identity verification such as:
By providing our clients with these detailed truuth Identity Reports, our aim is to empower our clients to make informed decisions about users and to provide specific help to users that are having difficulty in passing a truuth Identity Check.
If you would like to access a copy of your information, have your information deleted, corrected or otherwise exercise control over how your information is used, please contact truuth at privacy@truuth.id.
To lodge a complaint, please write us at privacy@truuth.id
Please be aware, some requests may require us to notify the relevant client so the client may fulfill the request instead (and not truuth). This is necessary where truuth is acting on the client’s behalf.
As truuth provides its Identity Verification Services on behalf of its clients, truuth will not disclose any information related to a specific check pursuant to a government or law enforcement request unless there is a binding legal order to do so or our client has consented to the disclosure. This is necessary for us to comply with our legal obligations. Any government or law enforcement body requesting information related to a specific check may contact us at privacy@truuth.id, and we will seek to put you in contact with the relevant client.
If you would like more information about how truuth collects and uses information, or if you would like to contact the truuth data protection officer, please contact truuth at privacy@truuth.id, or at:
Attention: Privacy Office
truuth
Level 6, 201 Kent St
Sydney 2000
Australia
If you would like to raise a concern with a Privacy Supervisory Authority, a list of contact points is available here.
Drop us a line and we will get back to you soon!
