1. What Data We Collect
HVID collects a minimal set of data required to operate the identity system:
- Account data: Email address or phone number used to create your HVID account
- Identity verification data: Documents or face-capture representations submitted during verification — stored only for the duration of the review process, then permanently deleted
- Linked account identifiers: Account handles, URLs, or identifiers you choose to link to your HVID (stored as references only, not their content)
- System activity logs: Match queries, login events, and enforcement actions — retained for security and abuse prevention
We do not collect: your real name (unless provided voluntarily), financial information, location data, or browsing history outside the HVID platform.
2. Encryption of Sensitive Data
All sensitive identity data is encrypted in transit and at rest. This includes:
- Verification documents — encrypted during transmission and immediately queued for deletion after review
- Contact information (email, phone) — encrypted at rest; displayed only in masked form within your dashboard
- Face capture representations — stored as an encrypted hash only. The original image is never stored.
- Identity records — protected by access controls; only you and authorised HVID systems can read your record
3. How We Use Your Data
Data collected by HVID is used only for the following purposes:
- Security: Detecting and preventing unauthorised access, account takeovers, and identity fraud
- Abuse prevention: Identifying misuse of the match engine, false reports, and system manipulation
- System integrity: Maintaining accurate identity records, ownership continuity, and enforcement actions
- Service operation: Providing the identity verification, match, and dashboard features
4. Match Query Logging
When someone performs a search using the HVID match engine, the query is logged for the following reasons:
- Detecting bulk scraping or abuse of the match system
- Maintaining rate limits and system stability
- Investigating reports of misuse
Query logs are retained for a limited period and are not used to build profiles of searchers. Logged queries are not associated with identities unless required to investigate abuse.
5. What We Do Not Do
- We do not sell personal data to third parties
- We do not share data with advertisers or data brokers
- We do not use identity data for profiling, targeting, or classification beyond system integrity
- We do not expose verification documents, face data, or contact details publicly
- We do not disclose reporter identities in the reports system
6. Data Retention
- Verification documents: Permanently deleted after review is complete
- Identity records: Retained while your account is active. Revoked identities retain a non-identifiable record for system integrity
- Query logs: Retained for up to 90 days, then automatically deleted
- Report submissions: Retained for the duration of the review process and associated enforcement period
7. Third-Party Disclosure
HVID does not share your personal data with third parties except:
- Where required by a valid legal order, court subpoena, or law enforcement request
- Where necessary to protect the safety of the system or its users from imminent harm
- With infrastructure providers under strict data processing agreements (e.g., encrypted storage, CDN)
All law enforcement requests are directed to: legal@hvid.io
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the data HVID holds about your identity
- Request correction of inaccurate data
- Request deletion of your identity record
- Request restriction of processing in specific circumstances
To exercise these rights, contact: privacy@hvid.io
9. Changes to This Policy
HVID may update this Privacy Policy over time. The effective date at the top of this page will reflect the latest version. Continued use of HVID following an update constitutes acceptance of the revised policy.
10. Related Policies