legal FAQ
Launch Nametag Get help

Data Privacy and AI Overview

About Nametag

Nametag provides end-to-end solutions for secure account recovery and helpdesk verification by matching government-issued IDs to selfies, ensuring the identities of employees and customers are verified accurately and securing access to their accounts. We are committed to responsible, transparent technology use, managing data, and developing AI models to high ethical standards.

Our Principles

At Nametag, we are dedicated to upholding the highest standards of privacy, security, and transparency in our AI-driven solutions. These guiding principles define our approach to data handling and underscore our commitment to our stakeholders:

  1. We Are Stewards of Data, Not Owners

    Our primary duty is to safeguard the privacy and security of our stakeholders’ information. We will never collect or store more data than we absolutely, positively need to. We commit to using data solely to provide the most accurate and secure identity verification experience.

  2. We Ensure Informed Consent and Transparency

    Informed consent is paramount. End-users must fully understand the implications of their privacy decisions when using Nametag. We are committed to clearly and effectively communicating how their data will be used, stored, and shared, ensuring complete transparency about our data practices.

  3. We Uphold Privacy as a Fundamental Right

    Privacy is a fundamental right. Authenticity is vital for building trustworthy communities and experiences. We provide essential services that protect our stakeholders and maintain the integrity of their interactions, both online and in-person.

  4. We Prioritize Multi-Layered Security

    Security is our top priority. We employ a comprehensive, multi-layered security approach, integrating device cryptography, biometrics, and advanced AI to protect against sophisticated threats such as deepfake and social engineering attacks. We apply the same rigorous measures to protect the data we collect and store, ensuring its security and integrity at all times.

  5. We Commit to Ethical Data Use and Continuous Improvement

    We use data ethically and responsibly. Our AI models are trained with a strong focus on anonymization and non-identifiable information, ensuring user data is never misused or reconstructed. The resulting model encodes only anonymized data. We are committed to non-discrimination, ensuring our models treat all individuals fairly regardless of their demographic profiles. We continuously refine our systems to address emerging threats and enhance performance, ensuring our technology remains at the forefront of security and reliability.

Frequently Asked Questions

End-User Questions

This section answers frequently asked questions by people using Nametag to verify their identity and recover their accounts.

What data does Nametag collect from me when I verify my identity?

We collect and process data from end-users at the request of our customers. To validate your identity, we collect:

  • Pictures of your government-issued ID.
  • Pictures of your face.
  • Technical information captured during the scanning process.
  • Your location (if requested by a company).
  • Anonymous usage information, such as:
  • The make and model of your phone (e.g., “iPhone 13 Pro”).
  • The version of the Nametag app you’re using.
  • Which web browser you are using.
  • How long it took to capture your ID and selfie.

We use the information to derive the following additional information:

  • Your name.
  • Your birth date.
  • Your address.
  • Identification numbers from your identity document.

We may augment and cross-check this data with information from third parties, such as governments and commercial databases, to verify your identity.

What information does Nametag share with companies?

We share some of the information you provide with companies, which may include:

  • Your name
  • Your birthdate
  • Your address
  • The kind and ID number of your government ID
  • Your profile photo
  • Your location
  • Redacted images of your ID document and selfie for diagnostic purposes

We do not share unredacted images of your government ID or selfie with companies.

Where is my data stored?

For end-users in the EU or the UK, data is stored in the EU. For end-users in the United States, data is stored in the United States. For all other end-users, data is stored in one of our regional data centers, whose locations may change due to operational considerations.

How long does Nametag keep my data?

We store data for up to three years to prevent fraud and ensure identity verification. If you are an employee of a company using Nametag, we store the information on behalf of your employer who may have specified a more restrictive policy.

How can I delete my data?

You can delete all of your data at any time via the Nametag app or by contacting privacy@nametag.co.

Not if we can help it. We exist to protect your privacy. However, there are rare situations, such as court orders, where we might have to share information, as outlined in our privacy policy.

I’m a fraudster, does this apply to me?

No. Our data handling practices apply only to legitimate end-users. Nametag retains data related to fraud indefinitely, even if deletion is requested.

Company Questions

This section answers frequently asked questions from companies using Nametag for account recovery and identity verification.

How does Nametag train its machine learning models?

Nametag employs a robust and secure approach to training our machine learning models, utilizing a combination of synthetic data (generated internally), commercially purchased data, and end-user data collected during the operation of our services. These models are crucial for verifying the authenticity of evidence we collect, such as ensuring the legitimacy of IDs or selfies.

Although our models are trained on images that may contain personally identifiable information (PII), we ensure that PII is not captured in any model. Our models produce a single numerical output to indicate authenticity and are incapable of generating arbitrary text or images. This guarantees that the models cannot reproduce any of the PII present in the training materials. The resulting model encodes only anonymized data, providing an additional layer of security and privacy during inference.

Moreover, if you or the end-user removes data from Nametag, it is promptly excluded from any further training processes.

Do you train generative AI models with customer data?

No. While we do leverage generative AI models for specific components of our product, we do not train these models using any customer data. Our generative AI models operate in private, confidential settings and do not retain any customer data.

What choices do customers has regarding data storage with Nametag?

Customers have control over how long data is stored by Nametag. You can choose to retain data for audit and security purposes or configure Nametag to automatically delete end-user data after verification. However, reducing data storage may limit our ability to audit, investigate fraud, and provide the best identity assurance.

How long does Nametag store data?

Nametag stores data for up to three years by default to ensure effective fraud prevention and identity verification. However, customers can configure the duration based on their specific needs and compliance requirements. If configured, data can be automatically deleted after the verification process, though this may reduce the ability to audit and investigate potential fraud cases.

Is Nametag compliant with GDPR, CCPA, Illinois BIPA, Texas CUBI, and other data protection regulations?

Yes, Nametag is fully compliant with all applicable data protection regulations, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier (CUBI) law, and other global privacy laws. We are committed to protecting user data and ensuring that our practices meet the highest legal standards. This includes providing end-users with rights to access, delete, or opt-out of data collection as required by law, and ensuring that biometric data is handled in strict accordance with regulations such as BIPA and CUBI.

How does Nametag govern customer data?

Nametag’s direct customers (companies) govern how we handle data about their employees and end-users. We ensure that data is used only as permitted by these companies, providing them with full control over the information. For end-users, Nametag adheres to the permissions set by the company and ensures that data handling complies with the company’s policies, as well as relevant privacy laws and regulations.

We are fully transparent with end-users about how their data is used. End-users must provide explicit consent before their data is used to verify their identity or shared with a customer. Nametag also collects consent for the use of biometric face matching. End-users can delete their data or revoke their permission to share their data at any time.

What privacy measures does Nametag implement by design?

Nametag is built to minimize data collection. We collect and retain only the essential information needed for verification. We apply strict privacy filters to protect end-user information, ensuring compliance with global data protection regulations.

What multi-layered security measures does Nametag employ?

Our first priority is the security of the data to which we are entrusted. We employ an industry-leading, multi-layered security approach that includes:

  • Integrated device cryptography and biometrics to protect against sophisticated threats such as deepfakes and social engineering attacks.
  • Proprietary models and mobile cryptography to ensure high levels of security and accuracy in identity verification and account recovery.
  • Continuous learning from data to enhance security and prevent advanced fraud attempts.

How does Nametag handle biometric data?

Nametag does not store biometric data. We use facial matching biometrics for identity verification purposes, but the biometric data is discarded after verification, ensuring that we do not retain any biometric information.

How does Nametag handle data segregation and retention?

Nametag’s AI models operate on a shared tenant basis but ensure complete data segregation. Customer data is processed in isolated, stateless environments, holding data only for the duration of the inference process. In the uncommon event when a customer contract ends, all customer data, including training data, is removed from our systems. This guarantees that the intelligence gained from specific customer data is not retained, maintaining the confidentiality and integrity of customer information.

How does Nametag ensure encryption and network security?

All network traffic involving Nametag components is encrypted using TLSv1.3 or equivalent standards, ensuring secure communication and data protection.

What access control and authorization measures are in place?

Access to Nametag’s AI models is controlled via strict IAM policies, ensuring secure and authorized access. Our models do not interact with external services during inference, adding an additional layer of security.

How does Nametag ensure compliance and undergo audits?

Nametag’s AI inference and training processes are subject to SOC-2 Type II audits and adhere to rigorous security policies, including access control, network segmentation, and vulnerability management.

How does Nametag continuously improve its systems?

We continuously refine our AI models to address emerging threats and improve performance. Our ongoing investments in AI research and benchmarking ensure that our technology remains at the forefront of security and reliability.

What are the Terms of Service for different users?

  • Employees of a Company: When an employee uses Nametag, they may be subject to different terms of service as agreed upon by the company.
  • Customers of a Company: For end-users of a company using Nametag, the Nametag End-User License Agreement (EULA) generally applies.

Does Nametag adhere to a privacy policy?

In all cases and for all users, Nametag adheres to our privacy policy and commits to protecting user data as outlined.

Additional Information

For more information on how Nametag handles user data and personal information, please refer to:

For any other questions, please contact us at privacy@nametag.co.