Privacy Policy

Last Updated: 1 May 2026

1. Introduction and Acceptance of Terms

Identi.ly ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform, which provides secure file sharing, e-signing, and biometric-based encryption services.

By accessing or using Identi.ly's services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

If you do not agree with this Privacy Policy, you must discontinue use of our services.

Where required by applicable law, we may request explicit consent (e.g., via checkbox or digital acknowledgment) before certain data processing activities.

2. Core Privacy Principle: Zero-Knowledge Architecture

Identi.ly is built on a zero-knowledge architecture, which means:

We do not have access to your files or their contents
Your face authentication is required to extract your FaceKey™
Encryption keys are derived from user-controlled authentication factors, including biometric verification
Only intended recipients can decrypt and access shared files

As a result, your data remains private and inaccessible—even to Identi.ly.

3. Information We Collect

We collect only the minimum data necessary to operate and improve our services.

3.1 Account Information

Name
Email address
Organization name (if applicable)
Account credentials (securely stored)
Contact number (optional) for potential 2FA purposes

3.2 Authentication and Biometric Data

Facial verification data used for identity authentication
Liveness detection signals

Important:

Biometric data is processed into encrypted mathematical representations
We do not store raw facial images or biometric data
Biometric processing is used solely for authentication and encryption purposes

3.3 Usage and Technical Data

Device type, operating system, and browser type
IP address and access timestamps
Interaction with platform features

3.4 File Metadata (Not File Content)

File size and format
Upload/download activity
Sharing activity logs

We do not access, view, or store decrypted file content.

4. How We Use Your Information

We use collected information to:

Provide secure file sharing and e-signing services
Authenticate users and verify identity
Enable encryption and decryption workflows
Maintain system security and prevent fraud
Improve platform functionality and user experience
Comply with legal and regulatory requirements

We do not sell, rent, or trade your personal data.

5. Data Protection and Security Measures

We implement strong technical and organizational safeguards, including:

End-to-end encryption using AES-256 or equivalent standards
Zero-knowledge encryption architecture
Biometric-based authentication and access control
Secure key generation tied to user identity
Encrypted data storage and transmission
Continuous monitoring and periodic security audits

6. Data Sharing and Disclosure

We limit data sharing to the following circumstances:

6.1 Trusted Service Providers

We may engage third-party vendors (e.g., cloud infrastructure, analytics providers) who process data on our behalf under strict confidentiality and security obligations.

6.2 Legal and Regulatory Requirements

We may disclose information where required to:

Comply with applicable laws and regulations
Respond to lawful requests by public authorities
Protect the rights, safety, or security of users or the public

Due to our zero-knowledge architecture, encrypted file contents remain inaccessible and cannot be disclosed.

7. Data Retention

We retain personal data only for as long as necessary to:

Provide our services
Fulfill contractual obligations
Comply with legal and regulatory requirements

Users may request deletion of their personal data, subject to applicable legal limitations.

8. Your Rights

Depending on your jurisdiction, including under the Personal Data Protection Act and the General Data Protection Regulation, you may have the right to:

Access your personal data
Correct or update inaccurate data
Request deletion of your data
Withdraw consent at any time
Object to or restrict certain processing activities

To exercise your rights, contact us at: hello@identi.ly

9. International Data Transfers

Your data may be processed or stored in jurisdictions outside your country of residence. We ensure that appropriate safeguards are implemented to protect your data in accordance with applicable laws.

10. Children's Privacy

Identi.ly's services are not intended for individuals under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

We will notify users of material changes through appropriate channels (e.g., platform notifications or email). Continued use of our services after such updates constitutes acceptance of the revised Privacy Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:

Identi.ly Support Team

Email: hello@identi.ly

Address: 548 Market St PMB 78561 San Francisco CA 94104

13. Trust Commitment

At Identi.ly, privacy is not just a policy—it is a system design principle.

We do not have backdoor access to your files
We cannot decrypt your data
We do not monetize your information

Your data belongs to you, and only you.