End User Privacy Statement
Effective February 12, 2026
Vouched Identity, Inc. (“Vouched,” “we,” “our,” and/or “us”) values the privacy of individuals who use our identity verification and fraud detection services, which we provide on behalf of our third-party customers (collectively, our “Services”). This Privacy Statement (the “Privacy Statement”) explains how we collect, use, and disclose information from you when you use our Services. By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Statement describes. Beyond the Privacy Statement, your use of our Services is also subject to our End User Terms.
As used in this Privacy Statement, “personal information”, “information” and “personal data” means any information relating to an identified or identifiable individual. Depending on applicable law, we may process some or all of your information as a service provider to our third-party customers in order to provide our Services to them. In that context, our processing of your personal information is subject to our agreements with our third-party customers, and therefore our collection, use, and disclosure of your information will also be subject to their respective privacy policies. Please refer to the privacy policy of the customer who directed you to our Services or contact them directly for more information about how they collect, use, and disclose your personal information.
Please note that this Privacy Statement is limited to individuals who use our identity verification and fraud detection services and does not apply to our website visitors generally. Please see our Website Privacy Statement (https://www.vouched.id/company/legal/privacy-statement) for more information about we collect, use, and disclose your information when you visit our website at www.vouched.id.
Our Data Practices
Categories of Personal Information We Use and Disclose to Third Parties
How We Disclose Information We Collect
Our Lawful Bases for Processing (EEA and UK Only)
Other Details
Our Data Practices
Information We Collect
We may collect a variety of information from or about you or your devices from various sources, as described below. Where applicable, we indicate whether and why you must provide us with your personal information, as well as the consequences of failing to do so. If you do not provide your personal information when requested, you may not be able to use the full extent of the Services if that personal information is necessary to provide you with the Services or if we are legally required to collect it.
A. Information You Provide to Us
Identification Information. When you are re-directed to Vouched for identity verification purposes, we may ask you to provide the following:
Personal details (e.g., name, physical address, email address, phone number, last four digits or all nine digits of your social security number, individual tax identification number and date of birth);
Government issued identification (e.g., driver’s license, passport);
“Selfie” (i.e., a picture of your face, which we capture from the Services).
Biometric Information. If you provide us with your government issued identification or selfie (as described above), we may use that information to generate biometric information about you. Please see our Biometric Privacy Notice (www.vouched.id/company/legal/biometric-policy) for more information.
B. Information We Collect When You Use Our Services
Location Information. We may collect the geolocation data for identity verification and fraud prevention services.
Device Information. We receive information about the device and software you use to access our Services, including IP address, device type, device identifiers, web browser type and version, and operating system version.
Usage Information. We automatically receive information about your interactions with our Services, like the dates and times of your visits.
Information from Cookies and Other Tracking Technologies. We and our third-party partners collect information about your activities on our Services using cookies, pixel tags, SDKs, or other tracking technologies. Our third-party partners, such as security partners, may also use these technologies to collect information about your online activities over time and across different services.
C. Information We Receive from Other Sources
Data Brokers. We may receive additional information about you from third parties such as data brokers and combine it with other information we have about you in order to verify your identity and as otherwise described in this Privacy Statement.
Categories of Personal Information We Use and Disclose to Third Parties; and the Purposes of Processing
| Business Purpose | Categories of Personal Information Used for The Business Purpose | Categories of Third Parties to Whom We May Disclose Personal Information for Business Purposes |
|---|---|---|
| To provide, maintain, improve, and enhance our Services, including our identity verification and fraud prevention services |
|
|
|
To train, develop, and improve the artificial intelligence, machine learning, and models that we use to support our Services |
|
|
|
To understand and analyze how you use our Services and develop new products, services, features, and functionality |
|
|
|
To generate anonymized or aggregate data containing only de-identified, non-personal information that we may use for any lawful purposes such as to publish reports |
|
|
|
To send you text messages and push notifications |
|
|
|
To find and prevent fraud and abuse, and respond to trust and safety issues that may arise |
|
|
|
For compliance purposes, including enforcing our End User Terms or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency |
|
|
|
For other purposes for which we provide specific notice at the time the information is collected |
|
|
How We Disclose the Information We Collect
Affiliates. We may disclose any information we receive to our current or future affiliates for any of the purposes described in this Privacy Statement.
Vendors and Service Providers. We may disclose any information we receive to vendors and service providers retained in connection with the provision of our Services.
AI Service Providers. We may disclose information we receive to vendors that provide artificial intelligence services that provide backend support for our Services.
Analytics Partners. We use analytics services, such as Amplitude and DataDog, to collect and process certain analytics data.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or ( c) protect your, our, or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through the Services
Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. The use of your information following any of these events will be governed by the provisions of this Privacy Statement in effect at the time the applicable information was collected.
Consent. We may also disclose your information with your permission.
Security
We make reasonable efforts to protect your information by using physical and electronic safeguards designed to improve the security of the information we maintain. However, because no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.
Our Lawful Bases for Processing (EEA and UK Only)
If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), we only process your personal information when we have a valid “legal basis”, including as set forth below.
-
- Consent. We may process your personal information where you have consented to certain processing of your personal information. For example, we may process your personal information to verify your identity.
- Compliance with a Legal Obligation. We may process your personal information where we have a legal obligation to do so. For example, we may process your personal information to comply with tax, labor and accounting obligations.
- Contractual Necessity. We may process your personal information where required to provide you with the Services.
- Legitimate Interests. We may process your personal information where we or a third party have a legitimate interest in processing your personal information. Specifically, we have a legitimate interest in using your personal information for internal analytics purposes, to understand how you use our Services, and otherwise to improve the safety, security, and performance of the Services. We only rely on our or a third party’s legitimate interests to process your personal information when these interests are not overridden by your rights and interests.
Other Details
International Data Transfers
We may transfer the information we collect about you across international borders, including from the EEA or UK to the United States, for processing and storage. To the extent that the information we collect about you is transferred from the EEA or UK to territories/countries for which the EU Commission or UK Secretary of State (as applicable) has not made a finding that the legal framework in that territory/country provides adequate protection for individuals’ rights and freedoms for their personal data, we may transfer such data consistent with applicable data protection laws based on prior assessment of the level of data protection afforded in the context of the transfer, including through the use of the EU Commission-approved or UK Secretary of State-approved (as applicable) standard contractual clauses, or otherwise in accordance with applicable data protection laws, if necessary in combination with additional safeguards. For more information about the tools that we use to transfer personal information, or to obtain a copy of the contractual safeguards we use for such transfers (if applicable), you can contact us as described below.
Data Retention
We retain personal information about you for as long as reasonably necessary to provide you with the Services, or otherwise in support of our business or commercial purposes. When you request that we do so, we take measures to delete your personal information or keep it in a form that does not permit identifying you when this personal information is no longer reasonably necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When we process personal information for our own purposes, we determine the retention period taking into account various criteria, such as the type of products and services provided to you, the nature and length of our relationship with you, possible re-enrollment with products and services, the impact on the products and services we provide to you if we delete some personal information from or about you, and mandatory retention periods provided by law and the statute of limitations.
Where we process personal information as a “processor” on behalf of a customer (the “controller”), we follow the instructions of the controller regarding data retention. This means that we retain personal information for different periods of time based on those instructions. This may include, where instructed by the controller, retaining certain personal information after the end of our relationship with the controller for a limited period to maintain and improve our identity verification services (including training our AI models), to prevent fraud, to comply with legal obligations, or to establish, exercise, or defend legal claims. We retain personal information for different periods of time based on those instructions and apply strict security measures during any retention period.
Your Data Protection Rights
Depending on your jurisdiction, you have certain rights under applicable law regarding the personal data we process, which may include the right to request access or deletion.
Individuals Located in the EEA and the UK
In certain jurisdictions, including the EEA and UK, and subject to certain limitations and exceptions, you may have the right to: (i) know how we process your personal information; (ii) request access to, update, or rectification of your personal information; (iii) object to, or request that we restrict, the processing of your personal information; (iv) request that we delete your personal information; (v) request that we provide the personal information you provided to us in a structured, commonly used and machine-readable format, for transmission to another controller; (vi) revoke consent at any time and free of charge where our processing is based on your consent (we will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent); (vii) not be subject to a decision based solely on automated processing (profiling) if the processing has a legal effect on you, unless it is necessary for entering into a contract or contractual performance and is authorized by law or based on your explicit consent; and (viii) lodge a complaint with your local supervisory authority (if you’re in the EEA, please see https://edpb.europa.eu/about-edpb/board/members_en, and if you’re in the UK, please see www.ico.org.uk for contact details). Where we process personal information as a “processor” on behalf of a customer (the “controller”), you or Vouched may need to contact the controller regarding these rights.
You may exercise these rights by contacting us using the contact details at the end of this Privacy Statement. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain personal information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
U.S. Residents
Depending on your state of residence, you may have some or all of the following rights under applicable U.S. state consumer privacy laws (“U.S. State Privacy Laws”). Personal Information means the categories of information identified in the “Information We Collect” section of this Privacy Statement.
A. Your U.S. State Privacy Rights
Depending on your state of residence, you may exercise some or all of the following rights by submitting a request through one of the methods for submitting requests under the “Exercising Your U.S. State Privacy Rights” section below. You may make a request to exercise the following rights with respect to your personal data (as defined in the privacy law applicable to your state of residence):
-
- The right to confirm whether we are processing your Personal Information and to access the specific pieces of Personal Information we have collected about you in a portable and, to the extent technically feasible, readily usable format.
- The right to correct inaccurate Personal Information that we maintain about you.
- The right to request deletion of the Personal Information that we have collected about you.
- The right to opt out of the processing of your Personal Information for targeted advertising. We do not process your Personal Information for targeted advertising.
- The right to opt out of the sale of your Personal Information. We do not sell your Personal Information.
- The right to opt out of profiling in furtherance of producing legal or significant decisions concerning a consumer. We do not engage in such profiling.
- The right to be free from discriminatory treatment for the exercise of your privacy rights.
- The right to appeal any decision with regard to your privacy request.
B. Exercising Your U.S. State Privacy Rights Submitting Requests
Submitting Requests. You can submit an access, correction, deletion, and/or appeal request by sending an email to privacy@vouched.id or by calling 1-800-685-3928.
Verification. Requests for access to, deletion, or correction of Personal Information are subject to our ability to verify your identity. We will attempt to verify your identity by asking for information that we may have about you, such as your name, email address, and other information.
Changes to this Statement
We will post any adjustments to the Privacy Statement on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or disclose personal information previously collected from you through the Services, we will notify you through the Services, by email, or other communication.
Contacting Vouched
Vouched is responsible for processing your information when it acts as a controller for that information. If you have any questions, comments, or concerns about our processing activities, please email us at dpo@vouched.id.
If you are in the EEA, you may also contact our General Data Protection Regulation Article 27 representative at:
ePrivacy GmbH
Große Bleichen
21 20354 Hamburg
Germany
If you are in the UK, you may also contact our representative at:
UK Representative Service for GDPR Ltd.
7 Savoy Court
London WC2R 0EX
United Kingdom