Privacy Policy

1. Introduction

At IdentiStride, we are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our identity verification services.

Our Core Principle: We operate on a zero PII storage policy. We do not store biometric templates, identity documents, or personally identifiable information beyond what is absolutely necessary for verification processing.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Company name (if applicable)
• Billing information (processed securely through Stripe)
• Use case information (to better serve your needs)

2.2 Verification Data (Temporary)

During identity verification, we temporarily process:

• Biometric gait patterns - Analyzed in real-time and immediately discarded
• Identity documents - Validated and discarded within seconds
• Facial images - Used for liveness detection only, never stored

2.3 Verification Results (Anonymized)

We store only anonymized verification metadata:

• Verification outcome (approved/rejected/needs review)
• Fraud risk score
• Document quality metrics
• Timestamp of verification
• Your provided external ID (for your reference only)

2.4 Technical Data

We collect standard technical information including:

• IP address
• Browser type and version
• Device information
• API usage metrics
• Error logs (for debugging purposes)

3. How We Use Your Information

We use the collected information to:

• Provide Services: Process identity verification requests
• Maintain Accounts: Manage your account and API keys
• Process Payments: Handle credit purchases through Stripe
• Improve Services: Analyze anonymized usage patterns to enhance our platform
• Prevent Fraud: Detect and prevent fraudulent activities
• Communicate: Send service updates, security alerts, and support responses
• Legal Compliance: Meet regulatory requirements and respond to legal requests

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

4.1 Service Providers

• Stripe: Payment processing (they handle all payment card data)
• Clerk: Authentication services
• AWS: Cloud infrastructure (data processed in Canadian regions)

4.2 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if necessary to:

• Comply with legal processes
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to emergencies involving safety

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data in transit is encrypted using TLS 1.3
• Access Controls: Strict role-based access to systems
• API Keys: Secure key generation and management
• Monitoring: 24/7 security monitoring and threat detection
• Regular Audits: Periodic security assessments and penetration testing
• Zero Storage: Biometric data never touches permanent storage

6. Data Retention

6.1 Biometric Data & Identity Documents

Retention Period: 0 seconds - This data is processed in real-time and immediately discarded. It is never stored.

6.2 Verification Results

Anonymized verification results are retained for 24 months for analytics and fraud prevention purposes.

6.3 Account Data

Account information is retained for the duration of your active account plus 12 months after account closure, unless longer retention is required by law.

6.4 Logs & Technical Data

System logs and technical data are retained for 90 days for debugging and security purposes.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

7.1 Access & Correction

You can access and update your account information at any time through your dashboard.

7.2 Data Deletion

You can request deletion of your account by contacting support@identistride.com. Note that verification results may be retained in anonymized form for fraud prevention.

7.3 Data Portability

You can request a copy of your account data and verification history in a machine-readable format.

7.4 Opt-Out of Marketing

You can unsubscribe from marketing emails at any time using the link in the email footer.

7.5 File a Complaint

You have the right to file a complaint with your local data protection authority if you believe your privacy rights have been violated.

8. International Data Transfers

Our services are hosted in Canada (AWS ca-central-1). If you access our services from outside Canada, your data may be transferred to and processed in Canada. We ensure appropriate safeguards are in place for such transfers.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

• Essential Cookies: Required for authentication and security
• Analytics: First-party analytics for service improvement (anonymized)

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and posted on our website. The "Last updated" date at the top indicates when changes were last made.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: