Privacy Policy

Last updated: March 3, 2026

1. Introduction

Digital ID ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital identification service.

Please read this Privacy Policy carefully. By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password (stored as a secure hash)
  • Employee Information: Employee reference numbers, photos, job titles, and organisational unit assignments
  • Organisation Information: Organisation name, email domain, and seat allocation
  • Contact Information: Information provided when requesting access or contacting support

2.2 Automatically Collected Information

When you use our service, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, and time spent on the service
  • Verification Logs: Timestamps, verification methods (QR code, NFC, visual), and results
  • Technical Data: IP address, browser type, device information, and operating system
  • Cookies and Session Data: Information stored in cookies and session storage for authentication and functionality

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and improve our digital ID service
  • Authentication: To verify user identity and manage access to accounts
  • ID Card Generation: To create and manage digital ID cards with QR codes and NFC tokens
  • Verification Services: To enable verification of employee identity through various methods
  • Audit Trails: To maintain records of verification attempts for compliance and security purposes
  • Communication: To send account-related notifications, verification emails, and support responses
  • Security: To detect, prevent, and address security issues and unauthorised access
  • Compliance: To comply with legal obligations and respond to legal requests
  • Analytics: To understand how the service is used and improve user experience

4. Data Sharing and Disclosure

4.1 Within Your Organisation

Your information may be accessible to:

  • Organisation administrators who manage your organisation's account
  • Other administrators within your organisational unit (if configured)
  • Authorised personnel designated by your organisation

4.2 Verification

When your ID card is verified (via QR code, NFC, or visual check), verification results may be logged. Public verification allows anyone with your verification token to view limited information about your employee status.

4.3 Third-Party Services

We may share information with third-party service providers who perform services on our behalf, such as:

  • Email service providers for sending notifications
  • Microsoft Entra ID (where configured) for authentication and user synchronisation
  • Hosting and infrastructure providers

These service providers are contractually obligated to protect your information and only use it for specified purposes.

4.4 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, including:

  • Compliance with court orders or legal processes
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activity

4.5 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encryption: Passwords are hashed using industry-standard algorithms
  • Secure Tokens: QR and NFC tokens are cryptographically secure and time-limited
  • Access Controls: Role-based access control limits who can view and modify data
  • Database Security: Prepared statements prevent SQL injection attacks
  • HTTPS: Data transmitted over the internet is encrypted
  • Regular Updates: We keep our systems updated with security patches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the service to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain audit trails as required by law or organisational policy

When you delete your account or your organisation removes you, we will delete or anonymise your personal information, subject to legal retention requirements and our backup systems.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to processing of your personal information
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact your organisation administrator or email us at digital-ids@outlook.com.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your login session
  • Store CSRF tokens for security
  • Remember your preferences
  • Analyse service usage

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the service.

9. Children's Privacy

Our service is intended for use by organisations and their employees. We do not knowingly collect personal information from children under the age of 18. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We take appropriate safeguards to ensure your information is protected in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification (for significant changes)

Your continued use of the service after such changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: digital-ids@outlook.com

For data protection inquiries, you may also contact your organisation's data protection officer if one has been designated.

13. GDPR Compliance

For users in the European Economic Area (EEA), we process your personal information in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include:

  • Contract: Processing necessary to provide the service you have requested
  • Legal Obligation: Processing required to comply with legal obligations
  • Legitimate Interests: Processing necessary for our legitimate business interests (such as security and fraud prevention)
  • Consent: Where we have obtained your explicit consent
Return to Home View Terms of Service