Privacy policy.

Disclaimer for the download/accept screen of the App:  By installing or using Oneproof Verification Applications, you are agreeing to the terms of our current Privacy Policy and the accompanying Terms of Use. We encourage you to read, revisit, and use these documents to help you make informed decisions.

Effective as of September 15, 2024.

ONEPROOF LLC

Privacy Statement for ONEPROOF Mobile Drivers License/ID Verification Applications

This Privacy Statement applies to the Oneproof LLC  (“ONEPROOF”) Mobile Drivers License/ID Verify mobile,web services and, web-based and cloud-hosted commercial product applications (the “Services”) and governs the collection and use of data in connection with the Services. ONEPROOF is committed to protecting the personally identifiable information (“PII”) and other non-PII data (“Data”) of its customers and end-users (collectively “Users”) as well as of the credential and mobile ID holders (“Individuals”) that is collected and used in connection with the Services. It does not apply to any information an entity collects for its own use. Use of the Services constitutes agreement and consent to the practices described in this statement. 

The Services provide a way to securely authenticate identification documents and verify user identity and/or interact with third-party websites or applications (“Websites”). However, this policy does not cover any Websites of third parties. ONEPROOF encourages Users to review the privacy statements of other Websites that the User interacts with when using the Services to understand how those Websites collect, use, and share personal information and other data. ONEPROOF is not responsible for the privacy statements or other content on Websites outside of the Services or the practices of any third-parties with which a User interacts in using the Services.

1.  PII and Data Collected

ONEPROOF Services may collect PII and Data of Users which may include the following: 

  • Data about a User’s use of the Services, including crash logs, proximate geolocation and usage statistics.

  • Analytics and statistics, such as the number of identity documents processed within a given time interval, the pass/fail rate of a type of identity document or of a document authentication process, pass/fail codes, and date and/or location of document issuance.

ONEPROOF Services may collect PII and Data of Individuals whose credentials are being verified which may include the following: 

  • PII from the mobile ID of such individuals including name, address, date of birth, and related information, as well as biometric information (e.g., images provided for purposes of mobile ID verification.

  • Data about such individuals' device and its interaction with the Services, including the type of mobile device, unique user ID, IP address and operating system, and type of browser(s) in use.

1.1 Face Data Collected for Mobile Driver's License (mDL) Verification

For the purpose of verifying Mobile Driver's Licenses, ONEPROOF may collect face data (biometric information) from individuals to:

  • Match the photo provided with the individual presenting the Mobile Driver's License.

This face data is only used during the verification process and is immediately discarded after verification. It is not stored or shared with any third parties.

2.  Retention and Use of PII and Data

ONEPROOF may use the information collected through the Services in the following way: 

2.1  Retention and Use of  PII

Stateful Services deliver value through the long-term storage of User PII. An example of a stateful Service is the storage of biometric information to perform 1:1 and 1:N matching for User identification and verification. Stateless Services provide Users value without the need for long-term storage of PII. An example of a stateless product and/or service is the process of determining if a presented document is authentic (e.g., determining the authenticity of a US Driver’s License).

PII for Stateful Services will be retained until one of the following events occurs:

  • The User manually deletes PII stored in connection with the Service.

  • The User cancels the Services, in which case, PII will be retained for 90 (Ninety) calendar days to support a potential re-activation of the Service. After the re-activation period expires, all PII related to the User will be purged from our system(s) during the next scheduled purge of PII.

PII for Stateless Services will be used as follows:

  • During the 90 (Ninety) day retention period, the PII data could be used to improve the overall service (reduce fraud and user friction)

  • In general, PII for Stateless Services will be stored for a 90-calendar day period and purged on a monthly basis. PII older than 90 days will automatically be purged from the system during the next scheduled Data purge.

  • For User support purposes, PII will remain in the system until either 90 days from the date on which the support request is resolved, or the next scheduled purge process after the support request is resolved.

2.2  Use of  PII and Data

 ONEPROOF may use Data and PII to: 

  • Perform Services;

  • Verify identities;

  • Authenticate credentials;

  • Monitor and improve quality of Services;

  • Improve or develop functionality;

  • Provide anonymized analytics and statistics on the Services;

  • Share anonymized data with third parties;

  • Comply with or enforce legal requirements and policies, including without limitation this Privacy Statement and ONEPROOF’s Terms of Use.

2.3 Retention and Use of Face Data

Face data collected for Mobile Driver's License verification is used solely for the purpose of matching the photo with the person presenting the ID. This data is:

  • Not stored, retained, or shared after the verification process.

  • Immediately discarded once the identity has been verified, ensuring that no face data is retained or used for any further purposes.

3.  Security of PII

ONEPROOF secures PII by encrypting PII data at rest and in transit. All PII is protected on computer servers in a controlled, secure environment protected from unauthorized access. When PII is transmitted, it is protected through the use of encryption, such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols to protect against unintended recipients obtaining access to PII.  

4.  How to Contact Us

Questions or comments regarding this Privacy Statement should be directed to ONEPROOF at privacy@oneproof.com. ONEPROOF will use commercially reasonable efforts to promptly understand and address the issue. 

5.  How to Opt Out 

Users may opt out of the collection of PII or Data by ONEPROOF by canceling the Services and uninstalling the applications from all User devices.

6.  Changes to this Statement 

ONEPROOF will occasionally update this Privacy Statement. The latest version of the Privacy Statement can be found at Privacy Policy | ONEPROOF. Downloading or using the Services after any changes to this Privacy Statement constitutes consent to the revised Privacy Statement.