Privacy Notice
Last Modified: 9/5/2025
1. WHO WE ARE AND HOW TO CONTACT US
The vouchID platform is operated by vouchID Inc. ("vouchID", "we", "us" or "our"). vouchID is the controller of certain personal data processed by the Platform.
If you have any questions about this Privacy Notice or would like to exercise any of your rights, please contact our Data Protection Officer by email:
- Privacy Team: privacy@vouchid.com
- Data Protection Officer: dpo@vouchid.com
2. WHEN THIS PRIVACY NOTICE APPLIES
This Privacy Notice (together with our Terms of Use) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us or by our third party service providers.
We respect your privacy and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations. Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it.
This Privacy Notice applies to information we collect:
- on the Platform, ourselves or via the services of third-party service providers; or
- in e-mail and other communications between you and vouchID.
3. WHO THIS PRIVACY NOTICE APPLIES TO
This Privacy Notice applies to anyone who visits or uses our Platform including individuals who create an account ("Users") and platforms that integrate with our services ("Platforms").
4. WHY DO WE COLLECT INFORMATION?
vouchID is a federated identity verification protocol that proves humanity without storing personally identifiable information (PII). We collect information from Users to verify their identity and provide platforms with cryptographic proof of verification while maintaining user privacy.
Critical Privacy Protection: All personally identifiable information we collect is immediately hashed using cryptographic algorithms. We never store plaintext personal data such as phone numbers, email addresses, or payment information. This ensures that even in the unlikely event of a data breach, your personal information cannot be recovered or misused.
Our verification methods include SMS verification, phone lookup, payment verification, and attestations from trusted platforms. Once verification is complete, we generate cryptographic proofs that platforms can use to confirm user authenticity without exposing personal data.
5. INFORMATION WE COLLECT AND HOW WE COLLECT IT
We only collect a limited amount of personal data about Users, and all personally identifiable information is immediately hashed upon collection. This means we store only cryptographic representations of your data, not the actual data itself. The data we process is listed below:
| Personal data we collect | How it is collected |
|---|---|
| Account Information (cryptographically hashed email addresses and credentials) | You provide it directly when creating an account. All data is immediately hashed - we never store your actual email or password. |
| Verification Data (cryptographically hashed phone numbers, payment information, and verification details) | You provide it during verification processes. All personal data is immediately hashed and the original data is discarded - we never store plaintext personal information. |
| Verification Status (cryptographic proofs of successful verifications) | Generated automatically upon successful verification. |
| Technical Data (hashed IP addresses, browser fingerprints, device identifiers) | Collected automatically from your device or browser for security purposes. IP addresses are hashed for privacy protection. |
| Platform Integration Data (scoped verification IDs for integrated platforms) | Generated when you verify with platforms using vouchID. |
6. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA
We use information that we collect about you or that you provide to us for the following purposes:
| Purpose | Data Types | Legal Basis |
|---|---|---|
| Identity verification and fraud prevention | Hashed account information, hashed verification data, hashed technical data | Performance of contract and legitimate business interests |
| Providing verification services to platforms | Verification status, platform integration data | Performance of contract |
| Account management and user support | Hashed account information, hashed technical data | Performance of contract and legitimate business interests |
| Platform security and abuse prevention | Hashed technical data, verification patterns | Legitimate business interests and legal obligations |
7. DISCLOSURE OF YOUR PERSONAL DATA
We understand that your personal data is important, and we therefore want you to understand the limited circumstances in which we may disclose it.Because all personally identifiable information is cryptographically hashed, any data we share consists only of hashed values that cannot be reversed to reveal your original information.We do not share your personal data with third parties or allow them to access it, except as indicated below:
- To our third-party service providers (hosting, customer service, payment processing) under strict data processing agreements
- To comply with legal obligations, court orders, or law enforcement requests
- To protect and defend our rights, property, or safety and that of our users
- In connection with a merger, acquisition, or sale of assets (with notice to affected users)
- With your explicit consent for specific purposes
Platform Integration: When you verify with platforms using vouchID, we only share cryptographic proofs of verification, not your personal data. Each platform receives a unique, scoped identifier that cannot be correlated with your identity on other platforms.
8. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
We may transfer personal data across borders for the purposes described in this notice. When we transfer personal information to countries outside the EEA and other regions with comprehensive data protection laws, we ensure appropriate safeguards are in place.
We rely on adequacy decisions, standard contractual clauses, or other appropriate transfer mechanisms as required by applicable law.
9. RETENTION OF PERSONAL DATA
We store your personal data for different periods depending on the purposes for which we collected it. Since all personally identifiable information is stored as irreversible hashes, retention of this data does not compromise your privacy even over extended periods. We implement a privacy-by-design approach:
- Hashed Account Data: Retained while your account is active and for a reasonable period after deletion for legal compliance
- Verification Hashes: Retained indefinitely to prevent duplicate accounts and maintain the integrity of our verification system - these cannot be reversed to reveal personal information
- Technical Data Hashes: Retained for security purposes for up to 90 days unless required longer for fraud investigation
- Cryptographic Proofs: Retained as necessary to provide ongoing verification services to platforms
10. YOUR RIGHTS RELATED TO YOUR PERSONAL DATA
Subject to local law, you have certain rights regarding your personal data:
- Right of access: Request information about the personal data we hold about you
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Request deletion of your personal data (subject to legal obligations)
- Right to data portability: Receive your data in a machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to restriction: Limit our use of your personal data in certain circumstances
- Right to withdraw consent: Where processing is based on consent
- Right to file a complaint: With your local data protection authority
To exercise these rights, contact us using the details at the beginning of this notice. We may need to verify your identity before responding to requests.
11. SECURITY MEASURES
We implement industry-leading security measures to protect your personal data, with cryptographic hashing as our primary privacy protection:
- Immediate Data Hashing: All personally identifiable information is hashed upon collection using industry-standard cryptographic algorithms
- No Plaintext Storage: We never store your actual personal data - only irreversible cryptographic representations
- End-to-end encryption: All data transmission is encrypted
- Zero-knowledge architecture: Our systems are designed to verify identity without learning your personal information
- Regular security audits: Independent security assessments and penetration testing
- Secure development practices: Code reviews, vulnerability scanning, and security-first engineering
12. COOKIES AND TRACKING
We use necessary cookies for platform functionality and optional analytics cookies (with your consent) to improve our services. You can manage cookie preferences through your browser settings.
13. CHILDREN'S PRIVACY
Our platform is designed for users 18 years and older. We do not knowingly collect personal data from children under 18. If we become aware that we have collected such data, we will take steps to delete it promptly.
14. CHANGES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time. We will notify you of any material changes by posting the new Privacy Notice on this page and updating the "Last Modified" date. We encourage you to review this Privacy Notice periodically.
15. CONTACT INFORMATION
If you have questions about this Privacy Notice or our privacy practices, please contact us at:
- Email: privacy@vouchid.com
- Data Protection Officer: dpo@vouchid.com