Last Updated: 1 May 2026

1. Introduction and Acceptance of Terms

Identi.ly (“we”, “our”, or “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform, which provides secure file sharing, e-signing, and biometric-based encryption services.

By accessing or using Identi.ly’s services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

If you do not agree with this Privacy Policy, you must discontinue use of our services.

Where required by applicable law, we may request explicit consent (e.g., via checkbox or digital acknowledgment) before certain data processing activities.

2. Core Privacy Principle: Zero-Knowledge Architecture

Identi.ly is built on a zero-knowledge architecture, which means:

• We do not have access to your files or their contents
• Your face authentication is required to extract your FaceKey™
• Encryption keys are derived from user-controlled authentication factors, including biometric verification
• Only intended recipients can decrypt and access shared files

As a result, your data remains private and inaccessible—even to Identi.ly.

3. Information We Collect

We collect only the minimum data necessary to operate and improve our services.

3.1 Account Information

• Name
• Email address
• Organization name (if applicable)
• Account credentials (securely stored)
• Contact number (optional) for potential 2FA purposes

3.2 Authentication and Biometric Data

• Facial verification data used for identity authentication
• Liveness detection signals

Important:

• Biometric data is processed into encrypted mathematical representations
• We do not store raw facial images or biometric data
• Biometric processing is used solely for authentication and encryption purposes

3.3 Usage and Technical Data

• Device type, operating system, and browser type
• IP address and access timestamps
• Interaction with platform features

3.4 File Metadata (Not File Content)

• File size and format
• Upload/download activity
• Sharing activity logs

We do not access, view, or store decrypted file content.

4. How We Use Your Information

We use collected information to:

• Provide secure file sharing and e-signing services
• Authenticate users and verify identity
• Enable encryption and decryption workflows
• Maintain system security and prevent fraud
• Improve platform functionality and user experience
• Comply with legal and regulatory requirements

We do not sell, rent, or trade your personal data.

5. Data Protection and Security Measures

We implement strong technical and organizational safeguards, including:

• End-to-end encryption using AES-256 or equivalent standards
• Zero-knowledge encryption architecture
• Biometric-based authentication and access control
• Secure key generation tied to user identity
• Encrypted data storage and transmission
• Continuous monitoring and periodic security audits

6. Data Sharing and Disclosure

We limit data sharing to the following circumstances:

6.1 Trusted Service Providers

We may engage third-party vendors (e.g., cloud infrastructure, analytics providers) who process data on our behalf under strict confidentiality and security obligations.

6.2 Legal and Regulatory Requirements

We may disclose information where required to:

• Comply with applicable laws and regulations
• Respond to lawful requests by public authorities
• Protect the rights, safety, or security of users or the public

Due to our zero-knowledge architecture, encrypted file contents remain inaccessible and cannot be disclosed.

7. Data Retention

We retain personal data only for as long as necessary to:

• Provide our services
• Fulfill contractual obligations
• Comply with legal and regulatory requirements

Users may request deletion of their personal data, subject to applicable legal limitations.

8. Your Rights

Depending on your jurisdiction, including under the Personal Data Protection Act and the General Data Protection Regulation, you may have the right to:

• Access your personal data
• Correct or update inaccurate data
• Request deletion of your data
• Withdraw consent at any time
• Object to or restrict certain processing activities

To exercise your rights, contact us at: hello@identi.ly

9. International Data Transfers

Your data may be processed or stored in jurisdictions outside your country of residence. We ensure that appropriate safeguards are implemented to protect your data in accordance with applicable laws.

10. Children’s Privacy

Identi.ly’s services are not intended for individuals under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

We will notify users of material changes through appropriate channels (e.g., platform notifications or email). Continued use of our services after such updates constitutes acceptance of the revised Privacy Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:

Identi.ly Support Team
Email: hello@identi.ly
Address: 27 New Industrial Road Novelty TechPoint #09-03 Singapore 536212

13. Trust Commitment

At Identi.ly, privacy is not just a policy—it is a system design principle.

• We do not have backdoor access to your files
• We cannot decrypt your data
• We do not monetize your information

Your data belongs to you, and only you.