Privacy Policy

Last updated: January 1, 2025

At Xident Technologies Inc. ("Xident," "we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our age verification services.

1. Information We Collect

Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, and password when you create an account
  • Verification Data: Selfie images, ID documents, and date of birth for age verification
  • Payment Information: Billing address and payment details (processed by our payment provider)
  • Communications: Information you provide when contacting our support team

Information We Collect Automatically

When you use our services, we automatically collect:

  • Device Information: Browser type, operating system, device identifiers
  • Usage Information: Pages visited, features used, timestamps
  • Log Data: IP address, access times, referring URLs

Biometric Information

For age verification, we process facial images to extract mathematical representations called "face embeddings." These embeddings are numerical vectors, not photographs. We retain embeddings only as long as necessary and delete original images after processing.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our age verification services
  • Process and complete transactions
  • Verify your age and identity
  • Detect and prevent fraud and abuse
  • Respond to your requests and support inquiries
  • Send technical notices and security alerts
  • Comply with legal obligations

3. How We Share Your Information

We may share your information in the following circumstances:

  • With Partner Sites: We share verification results (age confirmed/not confirmed) with sites where you choose to verify
  • Service Providers: Third parties who perform services on our behalf (hosting, analytics, payment processing)
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information or biometric data to third parties.

4. Data Retention

We retain your information as follows:

  • Account data: Until you delete your account
  • Face embeddings: Until you delete your Xident ID or request deletion
  • Original images: Deleted immediately after processing (not stored)
  • Verification logs: 90 days for debugging and fraud prevention
  • Aggregated analytics: Retained indefinitely in anonymized form

5. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Opt-out: Opt out of certain data uses
  • Withdraw Consent: Withdraw consent for biometric processing

To exercise these rights, contact us at privacy@xident.io.

6. Security

We implement appropriate technical and organizational measures to protect your information, including encryption at rest and in transit, access controls, and regular security audits. See our Security page for more details.

7. International Transfers

Your information may be transferred to and processed in countries other than your own. We use appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission.

8. Children's Privacy

Our services are designed to verify that users meet age requirements. We do not knowingly collect personal information from children under 13 (or applicable age in your jurisdiction). If we learn we have collected such information, we will delete it promptly.

9. California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information we collect and how it's used, the right to delete, and the right to opt-out of sales. We do not sell personal information.

10. European Privacy Rights

If you are in the European Economic Area, UK, or Switzerland, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal bases for processing include contract performance, legitimate interests, legal obligations, and consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or our practices, contact us at:

Xident Technologies Inc.
548 Market St, Suite 95234
San Francisco, CA 94104
Email: privacy@xident.io

For data protection inquiries in the EU, you may also contact our EU representative at eu-representative@xident.io.