Articles in this section

Information on ID.me

Avatar
Joe Essling
  • Updated
Follow

 

For ID.me’s full privacy policy, please click HERE 

ID.me Privacy Policy

This Privacy Policy describes how ID.me and its affiliates (collectively "ID.me") collect, use and disclose certain information, including your Personal Information, both online and offline, and the choices you can make about that information. We respect your concerns about privacy, and value our relationship with each of our users, it is for this reason that ID.me will never sell, rent, or trade your Personal Information, and why we take measures to safeguard your Personal Information as we work to become the identity verification layer of the internet.

When you verify yourself using ID.me, through our mobile and online applications, use our in-person verification tools or other products and services, visit our websites, view our content, or contact our customer service (collectively, the "Services"), we may collect information from or about you. There may be additional notices about our information practices and choices for certain ID.me levels of verification, including our Biometric Information Privacy Policy. By using any of the Services, you acknowledge the data collection practices and purposes outlined in this Privacy Policy. You can learn more about ID.me and our affiliates by visiting the About ID.me section of our website, or by reviewing any of our whitepapers.

 

Privacy Policies of Third Parties

This Privacy Policy applies only to ID.me and our Services. This Privacy Policy only addresses the use and disclosure of information we collect from you on www.ID.me. Other websites, including third party websites, may be accessible through this Website have their own privacy policies and data collection, use and disclosure practices. If you link to any such website, we urge you to review such website's Privacy Policy. We are not responsible for the policies or practices of third parties.

 

Protecting Your Information

We use reasonable security measures. We are committed to protecting your information. We have adopted technical, administrative, and physical security procedures to help protect your information from loss, misuse, unauthorized access, and alteration. Please note that no data transmission or storage can be guaranteed to be 100% secure.

To safeguard certain sensitive information (such as biometric information and government-issued identification information), we implement security measures such as encryption, firewalls, and intrusion detection and prevention systems.

In addition, the following are examples of security measures that are used to safeguard all types of Personal Information we maintain about our consumers:

  • Procedures for the identification and classification of Personal Information and implementation of safeguards appropriate to the sensitivity of the information;
  • access control procedures designed to verify a business need before access to Personal Information is granted, and procedures for the periodic review of access permissions;
  • procedures for termination of access to Personal Information designed to curtail access to the information by terminated personnel or when there is no longer a business need for access;
  • personnel security controls designed to reduce the risk of human error, theft, fraud or misuse of facilities; and
  • physical and environmental security procedures designed to prevent unauthorized access, damage or interference to business premises and information.

Data Retention

Personal Information will be retained until we have fulfilled our legal, contractual and policy obligations. ID.me stores your Personal Information for as long as needed, or permitted, based on the reason why we obtained it (consistent with applicable law and contractual obligations). This means we may retain your Personal Information even after you close your account with us, for up to three (3) years. Users may request that ID.me delete certain Personal Information at any time at account.ID.me or through our Privacy Rights Center, where applicable. We acknowledge all such requests, however we reserve the right to retain data tied to certain high-risk transactions, particularly in government and healthcare settings, exclusively for fraud prevention and government audit purposes.

ID.me aligns to the National Archives recommended guidelines for data retention when supporting government agencies. Personal Information provided by users in connection with a public sector agency as part of their verification may be retained for up to three (3) years after account closure, unless applicable regulations require a shorter retention period.

Selfie Image and Associated Biometric Information. Certain pieces of Personal Information, such as a selfie image and the associated Biometric Information submitted by users for certain types of verification Services, are retained in line with ID.me's obligations to our partners, with the specific retention periods determined by the first partner with whom a user first verifies their identity (e.g., IRS, Dept. of Veterans Affairs, etc.) Certain partners may require this information to be purged within twenty-four (24) hours following a successful verification, other partners may require a longer retention period, but under no circumstances will ID.me retain this information for longer than thirty-six (36) months absent a subpoena, warrant, or other legally compelling justification.

While we store your Personal Information, we use approved industry-recognized encryption methods to protect it from unauthorized access. Likewise, when we destroy your Personal Information, we use industry-recognized methods to affect such destruction.

Your Choices, Rights, and Controls

You have certain choices about how we use your information, including how your Personal Information is shared.

Close your ID.me Account. You may close your ID.me account at any time, by choosing to close your ID.me account you are directing ID.me to deactivate your identity credential and to purge the associated data from active use in our databases. Please note, however, that ID.me does retain account history (e.g., events, logins, and transactions) as well as verification history (e.g., community, vaccine, or identity details including documentation and data elements used for verification) for up to three (3) years.

  • Please Note: Use of your ID.me credential to verify your identity with state or federal government agencies will be stopped in the event you delete your ID.me account. Please check with the specific state or federal government agency associated with your particular use case to confirm whether periodic or ongoing identity verification is required.

Deleting your selfie image and Biometric Information. Users who have created an account requiring submission of a selfie image, and who consented to the collection of the associated Biometric Information, may request the deletion of both the selfie image and Biometric Information by submitting a request through the ID.me "Privacy Rights Center" which is accessible via a link at the bottom of our Website, or under the "Privacy" setting in your account. Deletion of the selfie image and associated Biometric Information may take up to seven (7) days and will not impact the validity of your credential or verified status. ID.me reserves the right to retain this information as needed to comply with our legal obligations or to help prevent fraud

Having technical issues? 

Please go to the ID.me Help Center.  If you continue to experience issues with support, please contact our HR Department at support@eightelevengroup.com.  

ID.me is aligned with the National Institute of Standards and Technology (NIST) SP 800-63-3 guidelines. 

 

Comments

0 comments

Please sign in to leave a comment.