Privacy Policy

In plain language. We know that terms and conditions often include technical wording that can be hard to understand, so we put together this summary to clearly explain what you’ll find in this document:

What information we collect: Data such as your name, email, ID, biometrics, and platform usage data.

How and why we use your information: To manage your account, verify your identity (with prior express consent), comply with legal obligations, and improve our services.

Who we share your data with: Only authorized third parties, such as cloud technology providers, always under strict contracts and high international security standards.

Your rights: You can access, rectify, delete, block, or object to the use of your data, as well as request its portability or withdraw your consent whenever you wish.

The security of your information: We implement advanced measures to protect your data and have notification protocols in place in the event of incidents.

This notice is designed to ensure transparency and compliance with the new Law No. 21,719 (Chile), the GDPR, and the LGPD.

This Privacy Policy describes how Idesify SpA (“Idesify”, “we”, “the Company”) collects, uses, protects, and shares personal information through its platforms.

1. Who we are

We are a company whose goal is to bring technology closer to people safely through systems that enable the verification and authentication of your identity.

We want to do things in the best possible way. You can send any request, suggestion, or question to our Data Protection Officer (DPO) at the email address privacidad@idesify.com, and we are committed to replying as soon as possible.

2. Our DNA

Our DNA is to treat your data as if it were our own, respecting your wishes and providing transparency about how your data is used. All of this follows international guiding principles (Privacy by Design and by Default) and applicable laws. We do not knowingly collect data from anyone under 18 years of age.

3. Key Definitions

Personal Data: Any information linked to an identified or identifiable natural person.
Sensitive Personal Data: A special category that includes biometric data, racial origin, political opinions, health, among others. These require reinforced protection.
Consent: Any free, specific, unambiguous, and informed expression of will through which you authorize the processing of your data.
Biometric Data: Physical, physiological, or behavioral characteristics that allow the unique identification of a person, such as facial features.
Data Controller: Idesify, when it determines the purpose and means for processing your account data.
Data Processor (Sub-processors): Technology providers that process data on behalf of and under the instructions of Idesify.

4. What information do we collect and on what Legal Basis?

We process your data based on specific legal bases (explicit Consent, Performance of a Contract, Legitimate Interest, or Legal Obligation):

A. When creating a profile and using our services (Legal Basis: Performance of a Contract and Consent):

First names, last names, and email address.
National ID number or valid Government Identification.

B. During the identity validation process (Legal Basis: Explicit Consent):

Photograph of your Identity Document.
Biometric information (facial video/liveness check). As this is sensitive data, we will always require your explicit authorization before capturing it.

C. Web metrics and analytics (Legal Basis: Legitimate Interest): Our website uses Fathom Analytics, a privacy-first tool. It collects anonymous usage metrics to improve our services. Fathom Analytics does not track individual users, does not use intrusive cookies, and does not store identifiable information.

5. Use of the Information Collected

We use your personal information exclusively to:

Fulfill and manage the identity authentication and verification service.
Create and manage your user account.
Comply with legal obligations or respond to valid requests from State authorities.
Notify you about changes to the service or security breaches.

Automated Decisions: Our verification process compares the image of your document with your face captured on video using algorithms. If the automated system rejects your verification, you have the right to request a manual review by a human operator.

6. To whom do we transfer your information? (International Transfers)

Idesify does not sell or trade your data. We only share information under strict confidentiality agreements with:

Technology infrastructure providers (e.g., AWS): They act as Data Processors for secure storage.
Companies that integrate our API: When you explicitly consent to validate your identity with a third party (e.g., a bank or fintech), we transfer the result of the validation to that third party.

Cross-border Transfers: If our providers host data outside your country of residence (e.g., servers in the U.S. or Europe), Idesify guarantees that such transfer is carried out under valid legal mechanisms, such as Standard Contractual Clauses (SCCs), ensuring a level of protection equivalent to that of your local legislation.

You can review our provider’s policy here: AWS Privacy Policy

7. Data Retention

We will keep your personal data strictly for the time necessary to fulfill the stated purposes.

Account data: Will be kept while your account is active.
Biometric data: Will be deleted immediately once the verification purpose has been fulfilled, or retained for the minimum indispensable time required by applicable law (such as fraud prevention), after which it will be securely destroyed.

In general, we will delete or anonymize your information after the cancellation of your account, unless statutory limitation periods require us to block and safeguard the information for a maximum of up to seven (7) years for the resolution of disputes.

8. Information Security and Breach Notification

We implement high-level technical and organizational measures (encryption in transit and at rest, access controls) to protect your data. However, no system is 100% infallible.

Breach Protocol: In the unlikely event of a security breach that puts your personal data at high risk, Idesify will notify you and the competent authorities without undue delay (and within the 72 hours required by international standards), indicating the nature of the breach and the mitigation measures adopted.

9. Your Rights and how to exercise them

You have full control over your information. In accordance with Law 21,719, the GDPR, and the LGPD, you have the right to:

Access: Know what data we have about you and how we process it.
Rectification: Correct inaccurate or incomplete data.
Cancellation / Erasure (Right to be forgotten): Request the deletion of your data from our databases.
Objection: Object to specific processing (e.g., marketing).
Portability: Receive your data in a structured, commonly used, and machine-readable format, or request its transfer to another controller.
Blocking or Anonymization: Request the temporary suspension of processing or the anonymization of excessive or unnecessary data.
Withdraw Consent: Withdraw your permission at any time (without retroactive effect).

This process is completely free. To exercise these rights, send an email to our DPO at privacidad@idesify.com. We will respond within the legally established timeframes (generally less than 15 days).

By using our app and services, you must expressly accept this Notice through an affirmative action (check-box) prior to the creation of a profile. Our website does not use tracking cookies or intrusive advertising.

11. Changes to the Privacy Policy

Any substantial change to this Notice (such as new processing purposes or new sub-processors) will be proactively notified to your registered email address and through the platform, requiring your review and, where applicable, your renewed consent before taking effect.

12. Contact Us

Data Controller: Idesify SpA, Rut No. 78.348.698-9.
Data Protection Officer (DPO): Can be contacted directly and confidentially at the email: privacidad@idesify.com