Privacy Policy – ID Cloud (Pty) Ltd

Effective Date:25 June 2024

1. Introduction

ID Cloud (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act (POPIA) and other applicable privacy laws, including the General Data Protection Regulation (GDPR) where applicable.

This Privacy Policy explains how we collect, use, disclose, and secure your information when you use our Services, including:

  • Website: www.idcloud.co.za

  • API services and SDKs

  • Biometric and AML compliance tools

By using our Services, you consent to the practices described in this policy.

2. What Information We Collect

a) Personal Information (from Clients or End Users)

  • Full Name

  • Email Address

  • Mobile Number

  • IP Address & Location

  • Device/browser info

  • Government-issued ID (e.g., ID book, passport, driver’s license)

b) Biometric Information

  • Facial recognition templates

  • Liveness detection signals

  • Photo/selfie or video data for KYC

🔐 Biometric data is encrypted and stored securely. It is only processed with informed consent and for lawful identity verification purposes.

c) AML & Compliance Data

  • Sanction/PEP list matches

  • Risk scores

  • Fraud signals from third-party databases

3. How We Use Your Information

We use personal and biometric information for the following lawful purposes:

  • To verify identities and detect fraud

  • To comply with AML and KYC regulatory requirements

  • To provide clients with secure onboarding services

  • To generate identity and risk scores

  • To improve our services and user experience

  • To comply with legal obligations

4. Legal Basis for Processing

We process information based on:

  • Informed consent (e.g. biometric KYC)

  • Legal obligations (e.g. AML laws)

  • Contractual necessity (e.g. for platform access)

  • Legitimate interest (e.g. fraud prevention, API monitoring)

5. Sharing of Information

We do not sell your personal or biometric data.

We may share limited data with:

  • Regulatory authorities (if required by law)

  • Credit bureaus or watchlist services (for AML compliance)

  • Technology providers or cloud infrastructure partners (e.g. AWS/Azure) under strict data processing agreements

  • Our affiliates and subcontractors, solely for service delivery purposes

6. Data Retention

We retain personal and biometric data only as long as necessary for:

  • The purpose it was collected

  • Legal and regulatory retention periods

  • Contractual obligations with clients

Data no longer required will be securely deleted, anonymised, or archived according to industry best practices.

7. Data Security

We implement industry-leading security standards, including:

  • AES-256 encryption for biometric data

  • HTTPS/TLS for all API and portal traffic

  • Strict access controls and audit logs

  • POPIA/GDPR-compliant data processing agreements

8. Your Rights (Under POPIA & GDPR)

You have the right to:

  • Access your personal information

  • Request correction or deletion

  • Withdraw consent (where applicable)

  • Object to certain forms of processing

  • Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us at privacy@idcloud.co.za.

 

9. Cookies & Analytics

We use cookies and similar technologies to:

  • Track user behavior for analytics

  • Improve user experience

  • Detect potential abuse of the platform

You can adjust cookie preferences in your browser settings.

10. International Data Transfers

We may store or process information outside South Africa (e.g. in Europe or the US) using trusted cloud providers. When doing so, we ensure adequate protections under Data Processing Agreements and Standard Contractual Clauses (SCCs).

11. Third-Party Services

Our platform may link to or integrate with:

  • Credit bureaus

  • Sanctions screening databases

  • Facial recognition engines

Each third-party provider is bound by strict privacy and security agreements. We are not responsible for their privacy practices beyond the scope of integration.

12. Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors without lawful guardian consent.

13. Policy Updates

We may update this policy from time to time. Updates will be posted on our website and, where appropriate, notified to clients directly. Your continued use of our Services constitutes acceptance of any changes.

14. Contact Us

For privacy-related questions, data access requests, or to lodge a complaint:

ID Cloud (Pty) Ltd

Address: Johannesburg, South Africa

E-mail: privacy@idcloud.co.za

Website:  www.idcloud.co.za