Yoti privacy policy


Last updated on: 6 August 2018 - what's new

In this policy, we explain how we will handle your personal information when you sign up and use our app, Yoti dashboard and website www.yoti.com. Where we say 'we' and 'us' we mean Yoti. Where we say 'third party' this means anyone who is not you or us. This could be another person or organisation.

As transparency and privacy are core values, we regularly check and update this policy to reflect new features and functionality. We have a lot of new features and functionality planned, so to avoid having to issue a new privacy policy every month, there may be information about things that aren't in place yet, but they will be soon. Regularly reviewing this policy makes sure that you are always aware of what information we collect, how we use it and how we might share it.

Who we are chevron
Information collection and use chevron
Information sharing chevron
Security chevron
Your rights and choices chevron
Biometrics chevron
Other GDPR information chevron
Cookies chevron
Analytics chevron
Contact us chevron
Past versions chevron

Who we are

We are a digital identity platform and we design our software and services with privacy at their heart, guided by a set of principles.

We are monitored by a Guardian Council who make sure that we always seek to do the right thing.

We are certified as a B Corp company, meaning that we consider the impact of our decisions on employees, consumers, the community and the environment.

Learn more

chevron
expand-dismiss

Company details

expand-dismiss

We are Yoti Ltd, Fountain House, 130 Fenchurch Street, London, EC3M 5DJ (company number 08998951), but you can call us ‘Yoti’. Our general email address is hello@yoti.com.

expand-dismiss

Our principles

expand-dismiss

We take your privacy very seriously. We design our software and services with privacy at their heart, guided by a set of principles which you can read here: https://www.yoti.com/about/principles/.

We are monitored by a Guardian Council, who are respected and influential individuals who make sure that Yoti always seeks to do the right thing, and that we are transparent about what we are doing and why. Read more about them here: https://www.yoti.com/about/council.

We are also certified as a B Corp company, meaning that we consider the impact of our decisions on employees, consumers, the community and the environment. Read more about it here: https://www.bcorporation.net/

expand-dismiss

Creating an account with Yoti

expand-dismiss

What we collect

What we do with it


Your mobile number

To create your account in the app

To check you do not already have an account with Yoti – users are only allowed to have one account.

We encrypt your mobile number (which means we can’t access it) and keep it until you or we close the account and delete the information.


Your photo

To create your account in the app

We securely store a biometric template of your photo to verify that it is always you trying to access your Yoti account. A biometric template is a digital map of your face created from your photo. Yoti also securely stores the actual photos.

We keep this information until you or we close the account and delete the information.

See section on biometrics for more information.


Information from in-house and third-party analytics tools

See sections on cookies and analytics

expand-dismiss

Checking you are a real person

expand-dismiss

What we collect

What we do with it


Video of you saying aloud some words you see on the screen

This helps us to make sure you are a real live person. We delete the video after seven days, if not before.

We may use some videos within the seven-day window for internal testing to improve our security checks.

We use some sections of the video for internal research and development to improve our fraud prevention measures. See section on biometrics for more information.

expand-dismiss

Adding information to your Yoti

expand-dismiss

What we collect

What we do with it


Information from Government-issued or other official identity documents (for example, passport, driving licence)

We use the photo and your date of birth (which we hash) to check if your identity already exists. Users can only have one account.

We use the information to verify your identity and check the document is valid. You will not be able to add an expired passport or driving licence.

If your document has a date of birth we check this to make sure that it matches what you told us when you were asked about your age as part on onboarding. If you are below a certain age in some countries you need parental consent to use the app.

We check the document photo against the photo you took to set up the account, to check it’s your document. It may be sent to our Security Team for a manual check.

If you upload a CitizenCard, we will verify your name, date of birth and CitizenCard number against the CitizenCard database. When they confirm your details to us they also send us the photo and gender they have for you. We check the photo against the photo you used to set up your account to make sure it’s really you. We add your gender as an attribute.

For US driving licences we check against the AAMVA database (American Association of Motor Vehicle Administrators). We verify name, document number, issuing authority (State), gender, address, date of birth, expiry date and issue date. AAMVA sends back yes / no for each field. We then consolidate this into one or two overall yes/no answers (one general match decision, and one address match decision). Not all US States provide data to AAMVA and some that do restrict who can receive it, so we may not get a result for you. AAMVA information on participating States is here: https://www.aamva.org/DLDV/ (participants tab).

For other documents with an address we will verify this with a third party.

In the UK this is Callcredit. This will leave a footprint on your credit file, which does not affect your credit score. For other countries this is Aristotle. We check your name, address and date of birth with these providers.

We may check your information against fraud prevention databases where your document fails our internal fraud prevention checks. We keep fraud information either in line with our internal fraud and misuse policy or the retention rules set by relevant fraud prevention bodies.

While we verify your identity the information is kept securely but our Security Team can access it, and may do so for training, compliance and quality assurance purposes. We can only access this information up to seven days after verification.

Where we identify fraudulent or tampered with documents, we will keep some for up to two years as examples to use in internal staff training.

We then add the details to your Yoti account and keep this information encrypted on our servers (which means we can’t access it) until you or we close the account and delete the data.

We create general statistics and reports from some of this information to help us understand how people are using our app, and to allow us to improve the service. This information does not identify any specific user. See the sections on cookies and analytics for more information.


Information you add manually (for example, address, e-mail)

If you add an email address we will verify it by sending you a code.

If you add an address you can choose to verify it with a third party. If you don’t verify it, or the check fails, your address will be marked as ‘unverified’. You can still share it, but some organisations may only be able to accept verified addresses.

Third-party checks: In the UK this is Callcredit. This will leave a footprint on your credit file, which does not affect your credit score. For other countries this is Aristotle.

We keep the information until you or we close the account and delete the information.


Age attribute (for example, 23 or 18+)

We are able to convert your date of birth into an age attribute so that in some circumstances you won’t need to share your date of birth to prove your age or eligibility for a product or service.

expand-dismiss

Yoti Dashboard

expand-dismiss

This will let you see all your receipts from sharing your information. Individuals and organisations can also set up an account to create pages and applications to request and receive information from their customers.

For users

What we collect

What we do with it


Photo (Yoti app attribute share)

To register you for an account with Yoti Dashboard and to login after that.

As this information is a Yoti app attribute, it is part of your app account and so we keep it until you or we close the account and delete the information.


Sharing receipts

Organisations or individuals you share attributes with can download the sharing receipts they receive.

For individuals setting up pages and applications

What we collect

What we do with it


Photo (Yoti app attribute share)

To register you for an account with Yoti Dashboard and to login after that.

As this information is a Yoti app attribute, it is part of your app account and so we keep it until you or we close the account and delete the information.


Contact details

We ask for your email so that we can get in touch with you if there are changes to our services that you need to know about.

We also ask for a link to your 'contact us' page or your email so that users can get in touch with you. They will see this information on your page / application.

We are also able to view the pages and applications you set up to be able to monitor them for T&C breaches.

For organisations

What we collect

What we do with it


Photo (Yoti app attribute share)

To register you for an account with Yoti Dashboard and to login after that.

As this information is a Yoti app attribute, it is part of your app account and so we keep it until you or we close the account and delete the information.


Name, date of birth, email address and mobile number

We keep this information to register you as the person who set up the organisation account. We may use the email and phone number if we need to contact you.


Organisation details, administrator and director details, and other relevant contacts, such as for billing or technical information

To administer and update your account

To send you account information and updates

To confirm with the Director listed that the use of Yoti and the administrator are authorised.

We keep the information for five years from when you or we close the account.

We are also able to view the pages and applications you set up to be able to monitor them for T&C breaches.

expand-dismiss

Yoti Password Manager

expand-dismiss

What we collect

What we do with it


Usernames, passwords, URLs, website names, and any login specific settings you choose to set

Passwords you generate using our password generator

Information you provide to use the auto-complete feature

We store the information so you can use Yoti Password Manager (YPM) to log into websites without having to remember your login details, and so you can automatically fill in your information.

We keep the information until you or we close the account and delete the information.


Device information

We show you what devices you have logged into YPM on, and the current lock/unlock status.


Information from in-house and third-party analytics tools

See sections on cookies and analytics

expand-dismiss

Yoti Sign

expand-dismiss

Document owners: information collection and use

What we collect

What we do with it


Email address

To set up your Yoti Sign account and to log in.

We create a Yoti ID so you can easily log back in and so you can see all your Yoti Sign history in your account. This ID will not appear in your account.

The ID is unique to your Yoti account and if you delete your Yoti account you will lose your Yoti ID. If you then set up a new Yoti account you will have a new Yoti ID, but Yoti Sign will not be able to link the two IDs. See below on deleting your account.

Yoti will only use the ID to bill accurately for the information shares you receive, as it allows us to know how many shares were from unique users and how many from returning users. We have no way to link the IDs to any specific Yoti user, it simply tells us how many information shares there were for your documents.


Documents you upload

Store the document.

Send it to those you want to sign the document.


Information about recipients you enter:

Name

Role (for multiple people signing the same document)

Email address

Unique reference (for bulk signing)

To send the document to the recipients for signing.

Name and email address are mandatory.

The unique reference is optional and allows you to identify users individually, for example, if they have the same name.


Attributes of recipients you can request:

Email (compulsory)

Name

Gender

Address

Date of Birth

Phone number

ID photo

Nationality

To populate the document that you are sending to the recipient to sign.


Reminders you set

Send reminder emails to those who haven’t signed the document.


Information on when documents are sent and signed.

Information on when emails are delivered and opened.

This information creates an audit trail that the sender can access. This audit trail can be used in court if necessary.

Document recipients: information collection and use

What we collect

What we do with it


Email address

To log in to Yoti Sign and authenticate you.

Your email address is how you send and receive documents within Yoti Sign.

We create a Yoti ID for you so that if you decide to create a Yoti Sign account, all your Yoti Sign history as a recipient is available. This ID will not appear in your account.

The ID is unique to your Yoti account if you delete your account you will lose your Yoti ID. If you then set up a new Yoti account you will have a new Yoti ID, but Yoti Sign will not be able to link the two IDs. See below on deleting your account.

Yoti will only use the ID to bill companies accurately for the information shares they receive, as it allows us to know how many shares were from unique users and how many from returning users. We have no way to link the IDs to any specific Yoti user, it simply tells us how many information shares there were for each document.


Attributes (personal details) specified by document sender

To populate the document with your details and sign it.

These are stored in our database and used to update tags.

The document sender can also use your details to search for particular users in a large document, for example, to check for runners in a liability waiver document.


Information on when documents are sent and signed.

Information on when emails are delivered and opened.

This information creates an audit trail that the sender can access. This audit trail can be used in court if necessary.

Other companies’ use of your personal information

If you choose to share your information with a third party by signing documents using Yoti Sign, those third parties may choose to use that information to communicate with you or they may share that information with others. We advise you to read the privacy notices of any company you share your information with to understand how they will use your personal information.

Security

The information and documents are encrypted and stored in secure locations. We continually test our systems and we follow top industry standards for information security.

Yoti has the decryption keys but we have access controls in place to limit which staff have access to the server. Our staff may need access to troubleshoot problems and manage the server in emergency events.

We currently store your personal information in Amazon Web Services EU data centres.

Deleting your information

If you delete your Yoti Sign account this will delete the Yoti ID and prevent you being able to access your documents stored with Yoti Sign. The documents remain for the document sender and any individuals who signed them.

If you delete your Yoti without setting up the recovery key, you will no longer be able to access Yoti Sign.

We keep the documents for seven years from the date the document was uploaded. Please also see our terms and conditions for more information on this.

Analytics

We collect information about your device and your use of our products using in-house analytics and third-party tools. The information we collect is de-identified and aggregated so we can’t identify you personally. We use it to understand how our products are being used and to improve them. You can opt out of certain analytics in the app.

The information provides us with statistics on things like:

  • how many users we have;
  • the numbers of documents uploaded, sent and signed;
  • aggregate types and numbers of attributes used;
  • aggregate time taken at each stage and where users drop out of the process;
  • whether we have a lot of unsigned documents across the product or only a few senders with lots of unsigned documents;
  • aggregate numbers of emails delivered and opened;
  • aggregate time taken at each stage and where users drop out of the process;
  • percentage of users who sign after a first reminder, a second reminder and so on.

These statistics are crucial for us to understand how Yoti Sign is performing, where things are failing, and what kinds of users we have. This information helps us to understand where we need to focus our business, marketing and product development efforts and what improvements we need to make.

expand-dismiss

Recovering your account

expand-dismiss

We store a recovery file in iCloud or Google Drive so that you can recover access to your account if you lose your phone or reinstall the app.

If you lose access to your Yoti account, for example, you have lost your mobile phone, can’t log in and need to recover access to it.

What we collect

What we do with it


The recovery file from iCloud or Google Drive

We retrieve this to restore access to your account


PIN, photo and video

To verify your identity and check you are the true holder of the Yoti account and grant you access to it again or to reset your PIN.

If you forget your PIN we will ask you for your mobile number and date of birth (if you have added a document).

While we verify your identity we keep the information but our Security and Customer Support Teams can access it. We can access this information for up to seven days after verification.

expand-dismiss

Using your Yoti

expand-dismiss

What we collect

What we do with it


App login details

To log you into your Yoti


Information from in-house and third-party analytics tools

See sections on cookies and analytics


Information about issues and problems you have with the app

If the app crashes, or you have some other issue, you can contact us about it by email, from within the app or through the website.

The information you send comes to us by e-mail and, if you have an email address on your Yoti account, you will receive an acknowledgement email with a ticket number for your issue.

This creates a Yoti Customer service account for you so you can revisit your ticket(s) to see progress and contact us further about the issue or any other issue.

Once we have resolved your issue and / or closed the ticket, we will send you an email asking for feedback. We only use this information to improve our services. We delete the support tickets after six months.

You can also choose to share certain data with us, that we call a Request ID, to help us find the server logs for your phone so that we can identify and fix the issue.

On the back end, the app associates your server log information with a Request ID (for example, 3bbf6e6fe414b40bf9fed99c8d36bd2c) but we do not connect it to you personally, unless you choose to provide it to our Customer Support as part of getting help as set out in the above paragraph.

We also use Crashlytics which sends us information automatically when the app crashes or has other issues. Crashlytics create a unique user ID that they attach to crash reports and they also send the device make and model, operating system, the disk space and RAM space left, the screen orientation and whether the device is rooted. This information helps us understand what issues there are and whether they are device specific or as a result of the device setup. We do not see or have access to the unique ID. We have no way to identify any specific user. Crashlytics delete all the data after 90 days.


Anonymous information that does not identify any specific user about what types of information you have shared with third parties.

This information allows us to charge organisations for the information they get from you.

For example, we may charge an organisation more for receiving five pieces of information from you through Yoti, than we would charge an organisation who only received three.


Certain device or user information (such as location, photo)

Some uses of Yoti require us to carry out authentication or fraud prevention checks to make sure that it is really you.

expand-dismiss

Yoti website

expand-dismiss

What we collect

What we do with it


Contact details when you fill in the ‘Contact us’ form

To reply to your query


Information from in-house and third-party analytics tools

See sections on cookies and analytics

expand-dismiss

When Yoti shares your personal information

expand-dismiss

While we verify your account, for a short period of time after you register or add information, your account will be pending and Yoti will be able to access your personal information.

Yoti’s core principles are that it is not our business model to sell, transfer or share outside the company any of the personal information used to set up your account or your user activity information.

There are though some situations where we will share or will have to share some information, and we list these below.

Situation

Who we share your data with


If we suspect a registration may involve identity fraud, a national security threat, legal infringement, or a criminal offence

We may have to share a copy of your information with the appropriate authorities.


If you provide false or inaccurate information

If, after investigation, we determine that there has been fraud that meets the criteria for reporting, we will pass the details to relevant crime and fraud prevention agencies to prevent further fraud and money laundering.

You can get more information about our approach to fraud and misuse and explaining how the crime and fraud prevention agencies will use the information by emailing privacy@yoti.com.


If we get a request for user information from law enforcement or other official authority

We cannot provide your information that is encrypted in our database unless either you, or a third party you shared your information with, provides us the receipt from your sharing activity, as this contains the decryption key necessary to access the personal information you shared with that third party.

We have an internal policy and process to make sure that, where we are able to share information, the request is valid, the information requested is no more than necessary, and that we think it’s the right thing to do.

We may have a legal obligation to share the information if we receive a court or similar legal order ordering us to disclose it.


If you have provided your address

We will check this information against a third party as part of verifying your identity.

In the UK this is Callcredit and this check leaves a footprint on your credit file, which will reference an identity check by Yoti. This footprint does not affect your credit score.

For US driving licences we check against the AAMVA database (American Association of Motor Vehicle Administrators) (only for States that provide information to AAMVA that we can access).

For US driving licences for states not in AAMVA, and for other countries it is Aristotle.

If you add your address manually (instead of adding it through an ID document) you can choose whether to get the verification check.


Some companies using Yoti will request an identity check against credit reference agency or other fraud prevention data

If you agree, Yoti will send the relevant details to the credit reference agency or fraud prevention database on behalf of the company, and will send the response back to the company.

In the UK this is a check against Callcredit data. This check leaves a footprint on your credit file, which will reference an identity check by Yoti. This footprint does not affect your credit score. For other countries this is a check against Aristotle data.


We may use the services of other businesses to help us in certain areas, for example, for data storage; online payment providers; and identity providers who we use to help with identity verification

Because of how we have designed the system, in most situations we won’t need to share your information with third parties.

If we do, we will encrypt your data and / or it will be properly protected by the terms of our contract with these third parties.


If Yoti sells its assets

Yoti will only agree to the sale if the new business commits to the core Yoti principles of data privacy.

While we are negotiating with the company buying or combining Yoti with their own business, they won’t be able to access your encrypted personal information but Yoti may provide anonymised statistical information.

expand-dismiss

When you share your personal information

expand-dismiss

You alone will decide when you want to use your Yoti to identify yourself to a third party, or to swap, send and request information. You choose whether to agree or not to share the information the third party requests. If you decide to share your information with a third party, you will both receive a receipt which will contain a copy of the information that each party shared.

Yoti encourages companies to only ask for the information they actually need, for example, your age, or confirming you are over 18, rather than a full date of birth. If you choose to share your information with a third party using Yoti, those third parties may choose to use that information to communicate with you or they may share that information with others. We suggest you read the privacy policies of any organisation you share your information with to understand how they will use your personal information.

Yoti creates and encrypts a master receipt which contains the details of what information was shared and who with. This master receipt is securely stored on our servers and we cannot access it unless either you or the third party provides us with their own receipt containing the encryption key we need to access the information.

Organisations using Yoti can also receive the source of the information they request from you, such as ‘passport’, ‘driving licence’ or ‘unverified’. This is because some organisations carrying out some types of identity checks are required to evidence where they got the details from.

expand-dismiss

Yoti ID

expand-dismiss

When you allow a share, Yoti generates an ID which connects your Yoti to the third-party application / website you are sharing your personal information with. The third party can choose to store this ID along with the personal information they request from you. If they store it, the third party can use this ID to recognise your Yoti when you share with them again, so you can use different features of a third-party application / website without having to keep sharing the same information for each interaction.

For example, if you register with a site using Yoti the third party can use the ID to allow you to log in to the site, prove your age, carry out ‘know your customer’ due diligence and so on, by only asking for any required additional details, rather than asking you for all your details again. This approach is in line with Yoti’s data minimisation principle, meaning you should only share the details relevant to what you are doing.

If a third party you are sharing information with uses the ID and you do not want them to do this, you should contact the third party to delete your account with them. The ID is unique to your Yoti account, and it is different for each third-party application / website you share information with. If you delete your Yoti account you will lose your Yoti ID. If you then set up a new Yoti account you will have a new Yoti ID which will not be recognised by any application / website you previously used with your old Yoti account.

expand-dismiss

Always allow

expand-dismiss

We provide a feature to some companies, for some scenarios, where you can choose to automatically share the same information each time you interact with them. Usually, you scan a QR code to see what information the company is asking for, and you are asked whether you want to allow the sharing of your information. With ‘Always Allow’ you can cut out the approval step. This may be useful to save time for some transactions you carry out often, where the same information is requested from you each time.

expand-dismiss

Your encrypted information

expand-dismiss

Except for the biometric template and photos mentioned in the 'Information collection and use' section', we do not have access to your personal information that we have verified and stored on our servers. The only way we can access the information is if you provide us with the encryption key (which is a set of unique numbers stored securely on your device). Only you hold the keys to decrypt your account information.

expand-dismiss

Sending your personal information to other countries

expand-dismiss

We keep all the personal information you add to your Yoti in the UK in a highly secure datacentre. All the information is held separately and encrypted.

We keep YPM data encrypted in the same secure UK datacentre.

We keep YotiSign data encrypted in AWS EU datacentres.

We keep some of the information to set up Dashboard organisation accounts, pages and applications in the secure UK datacentre, and some is in AWS EU datacentres (soon to be moved to the UK datacentre).

We keep our marketing database in AWS EU datacentres.

We have a Security Team in India who carry out the same fraud prevention checks when you set up your Yoti as our UK team. The personal information does not leave the UK, the Indian Team have secure remote access to carry out their role. We have EU-approved model contract clauses in place between Yoti UK and Yoti India.

Some of the third parties we use to support our business have their servers in other countries. We have contract terms with these third parties and measures in place to cover any transfers of personal data. The measures used are EU-approved model contract clauses, Privacy Shield for some US companies, and some have Binding Corporate Rules.

In future we may send your personal information to countries outside the UK. If those countries are in the European Union, Switzerland, Iceland, Liechtenstein and Norway, there are equivalent laws on handling personal information and so your information is protected in the same way as it is in the UK.

If we send your personal information to any other countries (for example, we may have other databases and servers in other countries), some of these countries may not have equivalent laws on handling personal information. However, we will make sure that your personal information is properly protected.

In some countries, for legal or practical reasons, Yoti may have to store personal information in that country.

When we decide to send or store your personal information in another country, we will update this section to describe the protections we have put in place (unless they are already described in another relevant section).

expand-dismiss

Access rights

expand-dismiss

You are entitled to see the personal information we hold about you. We do not have access to your personal information that we have verified and stored on our servers. The only way we can access the information is if you provide us with the encryption key (which is a set of unique numbers stored securely on your device). Only you hold the keys to decrypt your account information.

You can access all the personal information in your account through your Yoti app. If you have contacted our Customer Support or had other contact with us leading to us holding information on you, you can make an access request to: privacy@yoti.com.

When you use your Yoti, we collect some information about your phone and how you are using the app, Dashboard and website. This information is collected and stored automatically through in-house and third-party tools, as set out in the sections on cookies and analytics.

Adjust analytics

As set out in the ‘Analytics’ section, we get Advertising IDs from Adjust along with event information such as ‘installed app’, ‘completed registration’ and so on. If you want to access this information about your device, you will need to provide us with the Advertising ID from your phone, as that is the only way we can search for the information.

In-house analytics

The information we collect is de-identified and aggregated and it is not possible to search or get the information using your name or your phone’s identifiers (for example, the IMEI number which is like a serial number for your phone). So we cannot provide you with this information as it is not linked to you specifically.

Google Analytics information

For each phone that is using our app Google creates and shares with us an identifier (such as, 76c24efd-ec42-492a-92df-c62cfd4540a3). The information that we collect from your phone through Google Analytics is linked only to this identifier, and so it is not possible to search or get the information using your name or your phone’s other identifiers (for example, the IMEI number which is like a serial number for your phone). So we cannot provide you with this information as it is not linked to you specifically.

You can make an access request to Google here: https://support.google.com/policies/contact/sar

expand-dismiss

Correction rights

expand-dismiss

You are entitled to correct personal information we hold about you that is inaccurate. If you think that any of the information in your Yoti account is not accurate, you can delete your account and set up a new one. We have several developments underway to improve this. These developments will let you manually add an address, archive old addresses and change your email. We are also working on the ability for you to simply replace an outdated ID document. Yoti only has access to the information in your account for up to seven days after it is first provided to Yoti.

If you change your name, you can currently only update your Yoti by adding a government-issued identity document with the new name.

If you have contacted our Customer Support or had other contact with us and want to make a correction request, please email: privacy@yoti.com.

expand-dismiss

Deletion rights

expand-dismiss

In certain circumstances you are entitled to ask us to delete the personal information we hold about you.

If you want to close your account and delete your information, please read our FAQs here:

https://yoti.zendesk.com/hc/en-us/sections/202203845-Managing-my-Yoti-account

If you have any other deletion request, please email: privacy@yoti.com.

expand-dismiss

Objection rights

expand-dismiss

In certain circumstances you are entitled to object to Yoti processing your personal information.

If you want to contact us about your objection rights, please email: privacy@yoti.com.

expand-dismiss

Restriction rights

expand-dismiss

In certain circumstances you are entitled to ask us to restrict our processing of your personal information.

You can ask us to do this if you dispute the accuracy of your personal information; if our processing is unlawful but you prefer restriction to deletion; if we no longer need the information but you need it for legal reasons; or if you have objected to our processing and we are still dealing with this objection.

If you want to contact us about your restriction rights, please email: privacy@yoti.com.

expand-dismiss

Portability rights

expand-dismiss

In certain circumstances you are entitled to receive the personal information you have provided us in a structured, commonly used and machine-readable format.

You can download the information from your Yoti account from the app settings.

If you have contacted our Customer Support or had other contact with us and want to make a portability request, please email: privacy@yoti.com.

expand-dismiss

Complain to the ICO

expand-dismiss

You can also complain to the Information Commissioner's Office (ICO) who is responsible for making sure that organisations comply with the law on handling personal information.

https://ico.org.uk/global/contact-us/

expand-dismiss

What are biometrics?

expand-dismiss

Biometrics is the measurement and analysis of your unique physical characteristics and behaviour, such as your face, your fingerprint, your voice, the way you walk, the way you use your phone and so on.

Using biometrics allows you to prove it’s really you by comparing one of these characteristics with a template you have already set up or that has been created for you automatically. The template is created and stored securely and then each time you need to prove that you are really you, your information is compared against the template to see if it matches.

For example, many smartphones allow access using a PIN or your fingerprint. To use your fingerprint you first need to provide it to your phone so it can create a template. Then every time you use your fingerprint to access the phone it compares it to the template and only lets you in when the fingerprints match. This prevents someone else from accessing your phone.

Apps like Yoti can use the phone’s fingerprint technology so you can log in to our app using your fingerprint instead of your PIN. We don’t collect or store your fingerprint to do this.

expand-dismiss

Why do biometrics provide more security?

expand-dismiss

Instead of having to remember PIN numbers, or usernames and passwords (which may be guessed or hacked), biometrics uses something unique to you that only you have, like your face or fingerprint. Many companies, such as banks, are using biometrics like voice recognition to make sure only you can access your account.

expand-dismiss

Why does Yoti use biometrics?

expand-dismiss

Yoti is a biometric identity app. It works by allowing you to set up a trusted, genuine and verified digital identity. The biometrics are a key part of making sure we keep out fake identities and documents. The biometrics also make sure that it really is you taking actions in the app.

Essentially, all our use of biometrics is to prevent fraudulent use of Yoti and protect your data.

expand-dismiss

What biometrics does Yoti use and why?

expand-dismiss

Photo

As part of registration we will ask you to take a photo of yourself. From this photo we create a template of the key points on your face. Every time we ask to take another photo to check it’s really you we compare the photo against the template to check it matches. For example, we will ask you to take a photo if you want to delete your account, or recover it on a new phone. These checks make sure that only you can take these actions.

ID document

You can also add an ID document to Yoti so that you can share verified identity details like your name, address and date of birth. When you add a document we compare the photo with the face template to make sure users only upload their own documents.

Checking you’re a real person

When you add an ID document we will ask you to record a short video of yourself saying a few words. When you take certain actions in the app, such as resetting your PIN, we ask you to move the phone in a particular way. We use the information from these actions to make sure you are a real person. We can’t give you any more details about how this works, as we don’t want people to be able to get round our checks.

Internal research

As well as preventing fraud in your everyday use of the app, we need to make sure our checks continue to work and that we constantly improve them so we stay ahead of fraudsters and others who might try to provide fake identities or might try to get into your account. We have an internal research team who are constantly testing new ways to prevent fraud, and to do their job they need real biometric data from real people. However, all they have are things like photos, or sections of the video or phone movement measurements. They don’t have any information that could identify you personally. We keep information used for R&D purposes for as long as it is relevant to the R&D project.

expand-dismiss

What if I change my mind and don’t want you to use my biometrics any more?

expand-dismiss

We hope you understand why biometrics are an essential security part of our app, but if you change your mind you can withdraw your agreement at any time by deleting your account in the app settings. There isn’t a non-biometric version of Yoti, so without biometrics the app just doesn’t work.

expand-dismiss

Lawful bases

expand-dismiss

EU data protection law requires an organisation to have a lawful basis for its personal data collection and use, and there are several lawful bases available. We are a global app and so in some cases our choice of EU lawful basis reflects the need to comply with different laws in different countries.

Performance of a contract

When you set up and use our app and associated products and services, almost all the personal data collection and use is necessary to provide the app, product or service.

If you provide us your contact details to ask us a question, request more information or contact our Customer Support, we use your details to reply and resolve any issues.


Consent

We ask you to consent to us using your biometrics. This is because biometric data is sensitive data under the EU GDPR and the lawful bases available for this data are very limited. There are also biometrics laws in other countries that require consent.

See the section on biometrics for more information about the biometrics we use and why.

In the UK we can also use a ‘preventing or detecting unlawful acts’ lawful basis, as our use of biometrics is for fraud prevention purposes.


Legitimate interests

Some personal data collection and use is in our legitimate business interests.

Identity checks: where we check your details with a third party to make sure only verified identities can get a Yoti.

Fraud reporting: some anti-fraud bodies we work with require us to report identity fraud we discover.

R&D: (non-sensitive data) to continually improve and test our fraud prevention measures.

Analytics: we de-identify and aggregate the metrics information we get from users to understand how our website and app are performing, to identify bugs, and to identify where we need to focus our efforts to improve.

Marketing campaign records: we keep information so we know who was sent what marketing information and when.

Invoice and billing: for corporate customers.


Legal obligation

If you have provided us your contact details to hear about Yoti, its products and services and you no longer want to hear from us, we are obliged by law to stop contacting you. To meet this legal obligation we will add your details to a suppression list so you no longer hear from us.

If you are a corporate customer, we are obliged to carry out some due diligence.

expand-dismiss

Retention

expand-dismiss

We provide relevant retention information throughout this privacy notice.

In most cases, the information you add to your account or provide as part of using a product or service remains until you delete the account.

It is important to note that if you delete the app before deleting your account, you just lose the connection to your data, and it remains ‘orphaned’ in our system. We delete orphaned data after three years.

If you volunteer for user testing, we will keep the related information for six months.

If you provide us with an email address to hear more about Yoti, its products and services, we will keep it for 18 months from the collection date. If you unsubscribe we will add you to our suppression list.

Corporate customer information in our business development database:

After two years of inactivity we will review your details and decide whether it is appropriate to keep or delete the information.

expand-dismiss

What’s a cookie?

expand-dismiss

It’s an online technology to collect information about you and to store your online preferences. Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page.

expand-dismiss

Types of cookie

expand-dismiss

Session cookies

These expire when you close your browser and do not remain on your computer.

Persistent cookies

These are stored on your computer until they expire or you delete them from your cache. They are normally used to make sure the site remembers your preferences.

expand-dismiss

Categories of cookies

expand-dismiss

Strictly necessary cookies

These cookies are essential for you to move around our website and Dashboard and use their features. Without these cookies we cannot provide services you have asked for, such as access to secure areas.

Performance cookies

These cookies collect anonymous information on how people use our Dashboard and website.

Functionality cookies

These cookies remember choices you make, such as your last action, language and search preferences. We can use these to provide you with a better experience based on your preferences. The information from these cookies is anonymous and they cannot track your browsing activity on other websites.

expand-dismiss

How do I delete cookies?

expand-dismiss

Go to the help and support area on your internet browser for instructions.

Information on deleting or controlling cookies is also available at https://www.aboutcookies.org/

If you delete or disable our cookies you may not be able to access certain areas or features of our site.

expand-dismiss

Yoti website cookies

expand-dismiss

Name of the cookie

Type of cookie

What we do with it


yoti_ignoreCookieBanner

Functionality cookie

Used to know that you have seen the cookie banner, and so not to show it you again.


_ga

Performance cookie

(Google Analytics and Adwords) Used to show us how users arrive at and interact with our website. It helps highlight areas where we can improve and shows us how successful our marketing campaigns are.


_gat

Performance cookie

Used by Google Analytics to prevent attacks on their servers.


_gid

Performance cookie

Used by Google Analytics to distinguish users from each other.


Visual Website Optimiser

Functionality and performance cookies

VWO anonymously tracks where people click on our website allowing Yoti to generate a diagram highlighting the most active areas, as well as count how many times users click on a certain link or button. We use this technology to understand how people use our website and to test different content, so that we can improve the website. You can find information on the specific cookies used by VWO here: https://vwo.com/knowledge/cookies-used-by-vwo/

expand-dismiss

Yoti Dashboard cookies

expand-dismiss

Name of the cookie

Type of cookie

What we do with it


_yop

Strictly necessary cookie

Stores only a session ID (no user data).


_csrf

Strictly necessary cookie

Security feature to prevent account hijack.


xsrf-token

Strictly necessary cookie

Security feature to prevent account hijack.


connect.sid

Strictly necessary cookie

Stores only a session ID (no user data).


channel_id

Strictly necessary cookie

Used to identify which mobile to communicate with.


privateKey

Strictly necessary cookie

Used for decrypting personal information - no data from this cookie goes to Yoti.


publicKey

Strictly necessary cookie

Used to encrypt personal information.


refId

Strictly necessary cookie

Used with channel_id and is also used to identify which mobile to communicate with.


signedPublicKey

Strictly necessary cookie

To prove ownership of the Public Key.


ngStorage-ageLink

Strictly necessary cookie

Used to store the URL of a Yoti Connect Page.


ngStorage-profile

Strictly necessary cookie

Temporarily stores user’s avatar, date of birth and age - no data goes to Yoti.


_ye

Strictly necessary cookie

A session cookie used to store a user ID.


_ys

Functionality cookie

Stores data about the mobile a user is using. It also stores the ID of a Yoti App being shared, data sharing between Yoti users, and the last action a user was about to perform before installing the app.


acknowledgedBanners

Functionality cookie

Hides a banner telling you to add an admin email once you have dismissed it.

expand-dismiss

What are analytics and why do we use them?

expand-dismiss

Analytics means collecting and analysing information about activity on our website and in our app. None of our analytics provide information about you personally. The statistics we get from this data allow us to understand how people are using our website or app, and things like what works and what doesn’t, how long it takes to complete critical tasks and where we have users.

All these statistics are essential to understanding how our website and app are performing and identify where we need to focus our efforts to improve.

expand-dismiss

Yoti website analytics

expand-dismiss

Pixels

These track activity on the website such as when a user completes an activity (for example, clicking through, completing a purchase, completeting a web form, downloading the app). We use this to determine which platform users come to Yoti from, to understand what actions users take once they arrive at Yoti. , and so we can attribute business leads back to ad campaigns.

For more information, please see:

Visual Website Optimiser

VWO anonymously tracks where people click on our website allowing Yoti to generate a diagram highlighting the most active areas, as well as count how many times users click on a certain link or button. We use this technology to understand how people use our website and to test different content, so that we can improve the website.

expand-dismiss

Yoti app analytics

expand-dismiss

Adjust

We use Adjust performance and analysis technology in our app. This allows us to us to track and analyse which marketing channels or sources, and which adverts, are producing the best results in directing users to download the Yoti app, and to help us understand how our users are using our app. Adjust collects information on which ad you clicked on on which site, and whether you installed the app. If you install the app, Adjust also collects information on when certain events happen (such as completing registration, successfully adding an ID document, first use of Yoti Password Manager).

To provide this service, Adjust uses two identifiers which they anonymise using a technology called ‘hashing’. One identifier is the Advertising ID that Apple or Android gives your phone (depending on which operating system your phone uses). The second identifier is your IP address which is like an address for your phone from your mobile network provider, and which may change if you take your phone to a different location. Adjust hashes these identifiers. Adjust then provide us with a list of Advertising IDs and country location (based on IP address). We filter the Advertising IDs by things like country, iOS or Android users, or events such as ‘completed registration’. We then pass relevant hashed Advertising IDs to advertising partners to be able to show our adverts to the right people on their platforms. The only information we have is the Advertising ID from your device and the events associated with that ID.

We use Adjust with different advertising networks that allow us to show Yoti adverts on these networks. Adjust also pass back the Advertising ID to these networks so they can build ‘lookalike marketing models’. This activity is how companies make sure they target their adverts at the right types of users, and users see adverts that are most relevant to their interests. The advertising networks use the Advertising ID and any associated information they have to create groups of people who share similar characteristics. They use these groups to deliver targeted ads. They use the information they have about you to determine which groups you are in, and so which adverts you see.

Yoti uses advertising networks to make sure we only show our adverts to the people who are most likely to be interested in our products and services. The advertising networks also use the Advertising IDs as a suppression list, to make sure they don’t show Yoti adverts to people who have already installed the app.

See section 2 of Adjust’s privacy notice for more information:

https://www.adjust.com/privacy_policy/

Opt out of Adjust analytics for all apps using their technology:

https://www.adjust.com/opt-out/

You can opt out of Yoti using Adjust analytics in the settings in the app.

In-house and Google analytics

Using our in-house software, and using Google Analytics, we collect some information from users and some information on when certain things happen as you use the app and its associated products and services. This information includes information about your phone. Our in-house software does not track how you personally use our app.

The information is de-identified so that it is not associated with an identifiable user. The information provides us with statistics on things like:

  • the number of people installing the app;
  • the number of accounts created successfully;
  • how long it takes on average to carry out certain actions in the app, such as taking a photo, uploading a document;
  • how many addresses are uploaded from a document and how many are manually added;
  • the number of recovery files set up, account recoveries, and account deletions;
  • the percentage of people who stop using the app at certain key points, such as accepting the terms and conditions, taking a photo and so on;
  • the number of users per country, age band, and gender.

These statistics are crucial for us to understand how our app is performing, where things are failing, and what kinds of users we have. This information helps us to understand where we need to focus our business, marketing and product development efforts and what app improvements we need to make.

expand-dismiss

Your choice for analytics

expand-dismiss

You have some control over analytics information collected through settings available in your website browser and on your phone, as well as Yoti app settings.

Website

You can clear pixels in the same way as cookies by clearing your cache or browsing history and by setting your browser to refuse cookies and pixels.

You can also get more information from the Digital Advertising Alliance and change ad settings using their ‘Your Ad Choices’ tool here: https://www.aboutads.info/consumers

Phone

Both Android and iOS phones have privacy settings to limit the collection of the Advertising ID.

Apple: https://support.apple.com/en-gb/HT202074

Android: https://support.google.com/ads/answer/2662922?hl=en-GB

Yoti app

You can opt out of Adjust and Google Analytics through the in-app settings.

What's new

Last updated on: 6 August 2018

Section

Changes


Information collection and use

Adding information to your Yoti: we have added information about checks we make when you add a document, specifically relating to CitizenCard and US driving licences, and to check the date of birth matches what you told us at onboarding about your age.

Adding information to your Yoti: we have deleted the section on adding your Aadhaar, as changes to the rules mean we cannot set it up as we had planned.

Using your Yoti: we have added information about Crashlytics, a third-party tool we use when the app crashes.

Yoti Dashboard: we have added information about some new account features and clarified the different ways to use Dashboard.

Yoti Password Manager: we have added information on a new feature that allows you to see on which browsers you are logged into YPM.

Recovering your account: following user testing we have changed the way we describe this process to refer to a ‘recovery file’ rather than a ‘recovery key’.


Information sharing

When Yoti shares your personal information: we have added in here the same information as listed above on the checks we make when you add a document.


Security

Sending your personal information to other countries: we have clarified here where we store different data and that where we use overseas third parties to help us operate our business, we have appropriate measures in place to protect personal data. We have also added information about our new Indian Security Team, who will assist our UK team (your data remains in the UK).


Your rights and choices

Access right: we have updated this section with regard to Adjust analytics. We have also made corresponding updates in the ‘Analytics’ section.


Other GDPR information

Retention: we have updated our retention of your email address when you provide it to us to hear about something specific. We updated it because some things take longer to achieve than planned, so a blanket retention period would mean we would have to delete your email before we had provided you with the update you had requested!


Other

We have deleted some parts of our privacy notice where we have not been able to develop the feature or function yet that it described, or not been able to develop it in the way we had planned.