Privacy Policy

Last updated: 2024-05-23

1. Introduction

This Privacy Policy outlines how SoLiDware AB ("we", "us", or "our") collects, uses, and protects your personal information when you use our mobile application, IDfier ("the App"). We are committed to safeguarding your privacy and ensuring the security of your personal data. By accessing or using the App, you agree to comply with and be bound by this Privacy Policy.

This Privacy Policy applies solely to information collected by the App. It does not apply to any other websites, platforms, or services that may be linked to or from the App. We encourage you to review the privacy policies of any third-party websites or services before providing any personal information. The list of third-party services that may be utilized within the IDfier app, along with links to their respective privacy policies, is provided below.

1. Data Collection

We collect various types of data to provide and improve our services. The types of data we collect include:

Personal Information: This includes your full name and Swedish personal number, which are essential for account creation and login purposes.

Technical and Usage Data: We collect data on the specific details of the ID shares and public profiles you create within the App.

Device Information: We gather information related to your device type and operating system to optimize your user experience within the App. Additionally, we may use device information for sending notifications, such as notifying the creator of an ID share when the recipient has verified it. This helps us ensure effective communication with our users and provide timely updates regarding ID shares and other relevant activities within the App.

We collect this information to deliver, sustain, and enhance our services, as well as to inform you of updates or modifications to our services. Rest assured, we handle your data with utmost care and in compliance with relevant data protection regulations.

2. Data Storage

Platform Used: All user data is stored and processed on our own secure, cloud-based servers. We utilize advanced encryption methods and implement robust security measures to ensure the safeguarding of your personal information.

Types of Data Stored: We primarily store account information, including your full name and Swedish personal number, as well as usage data such as the specific details of your ID shares and public profiles.

Security Measures: All the communication between the App and the cloud-servers incorporates multiple layers of security measures, such as end-to-end SSL encryption during data transit, as well as secure, encrypted storage solutions. The App utilizes the Swedish BankID identification infrastructure which is legally recognized and considered to be a highly secure form of online identification.

Data Location: Your data is housed exclusively in data centers located in Sweden to ensure high availability and reliability. This means your data remains stored within the jurisdiction of your residence, aligning with local laws and regulations.

3. Data Retention

At IDfier, we are committed to retaining user data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. The retention period for different categories of data may vary based on legal requirements, operational needs, or user preferences.

Personal Information: We retain personal information, including your full name and Swedish personal number, for as long as your account remains active or as required to provide you with our services. However, in cases where you have created an ID share with another user and set an expiration date for the share, the retention period may be extended to accommodate the agreed-upon duration of the ID share. For example, if you create an ID share and set it to be valid for 1 month, and someone verifies that ID share, both parties agree to share their data for one month. In such cases, a request to delete an account would be processed only after all active ID shares associated with the account have expired. This ensures fair and equitable service delivery to all users.

Usage Data: Usage data, such as the specific details of your ID shares and public profiles, may be retained for analytical purposes and to improve our services. However, we anonymize or aggregate such data whenever possible to prevent identification of individual users.

Backup and Archival Copies: We may retain backup and archival copies of your information as part of our disaster recovery and data retention practices. These copies are maintained in a secure environment and are subject to the same security measures as the live data.

Data Removal Requests: If you wish to have your data removed from our systems, you can submit a request through our designated channels or by using the “Delete Account” function within the IDfier settings. We will promptly process your request in accordance with applicable laws and regulations.

Please note that while we strive to minimize the retention of personal data, certain legal or regulatory requirements may necessitate longer retention periods for specific types of information. We regularly review our data retention practices to ensure compliance with applicable laws and the protection of your privacy.

4. Data Sharing

At IDfier, we prioritize the privacy and security of your personal information. We do not share your data with any third parties, including advertisers or marketing agencies, without your explicit consent. Your personal information is strictly confidential and is used solely for the purposes outlined in this Privacy Policy.

We may, however, share your data in the following circumstances:

With Your Consent: If you choose to share your data with third parties through the IDfier app, such as when using the ID Share functionality, we will only do so with your explicit consent. You have full control over which data is shared and with whom it is shared, including the ability to specify the duration for which the data will be shared.

Legal Requirements: We may disclose your information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or as otherwise required by applicable law, regulation, or legal process.

Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your information may be transferred as part of the transaction. We will notify you of any such event and any changes to the handling of your information.

We do not sell or rent your personal information to third parties for any purpose.

By using the IDfier app, you agree to the limited sharing of your data as outlined above. We take all necessary precautions to ensure that any sharing of your data is conducted securely and in compliance with applicable laws and regulations.

5. List of Third-Party Services

Below is a list of third-party services that may be utilized within the IDfier app, along with links to their respective privacy policies:

BankID:

LogsNag:

Sentry:

Please note that while we strive to maintain the privacy and security of your data, personal information is not sent to these third-party services. Nevertheless, we encourage you to review the privacy policies of these third-party services before providing any personal information.

6. User Rights

As a user of the IDfier mobile application, you have certain rights regarding your personal information. These rights include:

Right to Access: You have the right to request access to the personal information we hold about you. Upon request, we will provide you with information about whether we hold any of your personal information.

Right to Rectification: Please note that rectification of personal information verified through BankID should be addressed directly with BankID. Due to the integral role of BankID in the verification process and the need to maintain data consistency and integrity, IDfier does not facilitate rectification of personal data. Users are encouraged to contact BankID for any rectification requests related to their personal information. In the event that updated information reflected in BankID is not propagated to IDfier, users may contact us for assistance in resolving the discrepancy.

Right to Erasure: You have the right to request the deletion of your personal information from our systems, subject to certain limitations as outlined in applicable laws and regulations, as well as the data retention policy detailed above.

Right to Restrict Processing: You have the right to request the restriction of processing of your personal information under certain circumstances, such as when you contest the accuracy of the data or when the processing is unlawful.

Right to Data Portability: You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

To exercise any of these rights, please contact us using the contact information provided at the end of this Privacy Policy.

7. Data Use

We collect and use your personal information for the following purposes:

Service Delivery: Your personal information is primarily used to deliver, maintain, and enhance our services. This includes facilitating secure identity verification through the IDfier app, enabling the sharing of personal information between users via the ID Share functionality, and verifying ownership of public profiles on various platforms.

Notification Delivery: Device information may be used to send important service-related announcements or notifications about updates or modifications to our services. This helps us ensure effective communication with our users and provide timely information regarding the IDfier app.

Improvement of Services: We may analyze usage patterns and preferences based on the data collected to improve the functionality, usability, and overall user experience of the IDfier app. This may include identifying areas for enhancement, developing new features, and optimizing existing features.

Legal Compliance: We may use your personal information to comply with applicable legal obligations, such as responding to lawful requests from government authorities, investigating and preventing fraudulent activities, and enforcing our terms and policies.

Your personal information is processed based on legitimate interests in providing and improving our services, complying with legal obligations, and protecting our rights and interests. We do not use your personal information for purposes incompatible with the purposes outlined in this Privacy Policy without obtaining your explicit consent.

8. Data Security

We take the security of your personal information seriously and employ industry-standard measures to protect it from unauthorized access, disclosure, alteration, or destruction. Here's how we ensure the security of your data:

Secure Infrastructure: All user data is stored and processed on our secure, cloud-based servers. These servers are protected by advanced security measures to prevent unauthorized access.

Encryption: We utilize state-of-the-art encryption techniques to secure the transmission and storage of your personal information. This includes employing end-to-end SSL encryption during data transit and using encrypted storage solutions to safeguard your data at rest.

Access Control: Access to user data is restricted to authorized personnel only, and strict access controls are in place to ensure that only individuals with the necessary permissions can access sensitive information.

Compliance: Our data handling practices comply with relevant data protection laws and regulations, including the General Data Protection Regulation (GDPR) and other applicable privacy laws. We regularly review and update our security measures to ensure compliance with evolving legal requirements and industry standards.

Third-Party Services: When engaging third-party service providers for data processing or storage, we carefully evaluate their security practices and ensure that they adhere to industry best practices for data protection.

Data Location: Your personal information is stored exclusively in data centers located in Sweden. This ensures that your data remains within the jurisdiction of your residence, aligning with local laws and regulations regarding data protection.

By implementing these security measures, we strive to maintain the confidentiality, integrity, and availability of your personal information and provide you with a secure and trustworthy user experience.

9. Updates to the Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time, in response to changes in legal requirements, industry standards, or our business practices. When we make changes to this Privacy Policy, we will update the "Last Updated" date at the top of the policy and notify you by prominently posting a notice within the App or by sending you a notification via email or other means.

It is your responsibility to review this Privacy Policy periodically for any changes. Your continued use of the App after the posting of changes constitutes your acceptance of such changes. If you do not agree to the updated Privacy Policy, you should discontinue using the App.

Contact Us

If you have any questions, concerns, or feedback regarding this Privacy Policy or our data practices, please don't hesitate to contact us. You can reach out to us at:

SoLiDware AB (559432-1761)

Email: info@idfier.com

We take your privacy seriously and are committed to addressing any inquiries or issues you may have in a timely and efficient manner.