Yoti US Biometrics Policy

1. Introduction

1.1.  This Policy describes how Yoti processes Data where that Data may include Biometric Identifiers or Biometric Information, including the retention, collection, disclosure, and destruction of any images of the face taken for age estimation of identity verification purposes.

1.2.  This Policy is to be read with our existing Yoti Privacy notices, Privacy Policies, Terms of Use, and Terms and Conditions that can be found on www.yoti.com.

1.3.  This Policy applies where US laws relating to Biometric Identifiers or Biometric Information may apply, including in the state of Illinois, Texas or Washington and is in compliance with the Illinois Biometric Information Policy Act (“BIPA”), 740 ICLS § 14/1, et seq.

2. Definitions

2.1.  ‘Biometric Identifiers‘ and ‘Biometric Information‘ have the same meaning as given to them under BIPA.

2.2.  ‘Client‘ means the third-party entity that has directed you to Yoti to carry our and age estimation or identity verification.

2.3.  ‘Data‘ means the personal data collected by Yoti, that may include (in certain circumstances and depending on legal interpretation in the relevant jurisdiction) Biometric Identifiers and Biometric Information, if any, collected for the purposes described in clause 3.

2.4.  ‘Digital Map‘ is a map of the face which is created for the uses described under clause 4.

2.5.  ‘Liveness Test‘ is the process carried out by our software to determine if the person performing the age or identity verification check is a real person.

2.6.  ‘Policy‘ means this Yoti Biometric Policy

2.7.  ‘Selfie‘ means an image of your face submitted by you to Yoti

2.8.  ‘Yoti‘, ‘we’ or ‘us’ means the Yoti Group, including Yoti Ltd., Yoti (USA) Inc. and its affiliate companies.

3. Purpose of Data Collection

3.1.  Yoti’s age estimation and identity verification software analyses photographs, stills from videos and/or Selfies while performing Liveness Tests; and/or facial age estimation to determine a person’s age; and/or to create and compare a Digital Map of a face to that in a corresponding image on ID documents. During that process, to achieve these purposes, it is possible that Data may be collected and used by Yoti.

3.2.  Additionally, it is possible that the Client will first collect Data (such as a photograph, video and/or selfie) and provide it to Yoti for the purposes mentioned in clause 3.1.

4. Product Specific Summary

Product Name Collection and Usage Retention and Destruction
Age Estimation We collect and image of your face to estimate your age and perform a Liveness Test. This data is deleted immediately after the age estimation is done, and we do not store it.
Identity Verification We collect and use the Selfie an your ID Documents (including the image in the ID Document):

  1. to create a Digital Map of the Selfie and the image on the ID document;
  2. to compare the Digital Maps to ensure nobody is trying to use your ID documents without your permission.
  3. to perform a Liveness Test;
  4. to detect fraud by comparing it to other images submitted for this Client.
Any Data collected is stored in an encrypted format.

Yoti deletes the image of your face as soon as the ID Verification algorithm is finished.

The Client may instruct us to store the Data for longer. The image and digital map are stored for a maximum of three years after the date the image was collected as set by the Client. Yoti has no access to this Data and it is held in accordance with the biometric policy of the Client,

Digital ID (Yoti App) https://www.yoti.com/privacy/app/ We collect and use the image of your face;

  1. to create a Digital Map of your face (this data does not always identify you);
  2. to perform a Liveness Test.
This data is stored securely for up to 3 years until you withdraw consent or delete your account.

Accounts that have been inactive for three years are deleted.

5. Data Storage

5.1.  Yoti maintains a reasonable standard of care to store, transmit, and protect from disclosure of any Data collected.

5.2.  We ensure that the Data is collected, stored, transmitted and protected from a disclosure in a manner that is the same as more protective than how we handle other confidential and sensitive information.

6. Retention of Data

Yoti respects and protects every person’s confidential and sensitive information. As part of these protections,

6.1.  Yoti retains the Data as per the above schedule in clause 4.

6.2.  If Yoti ever ceases to supply the above-listed services, all Data ever collected from any person, if not already done, will be permanently destroyed.

6.3.  Absent a valid warrant or subpoena issued by a court of competent jurisdiction, Yoti will comply with this retention schedule and the below destruction guidelines.

7. Disclosure Guidelines

7.1.  Yoti does not sell, lease, trade, or otherwise profit from any Data and, expressly, biometric information and/or biometric identifiers.

7.2.  Unless there is a valid warrant, subpoena or other similar notice issued by a court of competent jurisdiction or other competent authority, Yoti will not disclose, redisclose, or otherwise disseminate any Data collected or otherwise obtained from a person’s photograph, video and/or selfie.

8. Destruction Guidelines

All Data is destroyed as per the schedule in clause 4.