Data Privacy & Security Practices FAQ
What is Nametag?
Nametag is a cloud-based identity verification platform that uses mobile devices to quickly and securely verify people by matching their government-issued ID to their selfie photo. People who verify themselves through Nametag retain ultimate control over who uses their identity, while the requesting company has no need to store personal identifiable information (PII).
Who are end-users of Nametag?
End-users are the people who use Nametag to verify themselves with your company. These can be your customers or your employees, depending on how you’ve deployed Nametag.
What is Nametag’s privacy approach, summarized?
Nametag believes that privacy is a human right. Protecting your data is our most important responsibility. We also believe that consent is fundamental to building trust. We’re committed to being radically transparent about our security and privacy practices.
Nametag goes above and beyond industry-standard best practices to ensure the security and privacy of your company’s data and the data of your end-users. We collect only the minimum data required to complete identity verifications and prevent fraud. We further protect privacy by sharing only the data you request during a verification. At every step, we obtain explicit, informed consent before collecting, processing, or storing any data. And we enable end-users to revoke your company’s access or delete their data entirely, at any time.
Data Collection, Storage & Consent
What data does Nametag collect?
Nametag collects, analyzes, and compares three sources of primary data to perform identity verification and fraud prevention. Nametag may also collect additional information based on your company’s policies or to further enable our fraud detection and prevention efforts.
Primary data (required for verification):
Information from the government-issued photo ID
Selfie photograph of the end-user’s face
Telemetry data collected by the end-user’s device
Additional data (optional, based on company request or for fraud prevention):
Contact details like telephone number and email address
Device type and telemetry
Version of the Nametag app in use
How do I choose what data to ask for?
Your company chooses what data you ask end-users to share when they verify themselves with you. You also decide what data to retain or not, in alignment with audit and compliance requirements. This information is explicitly communicated to your end-users and we obtain their informed consent before collecting their data and sharing it with your company.
What is the difference between end-user and customer data?
End-user data is the information that a person provides to Nametag when using our service, such as the scan of their government-issued ID. End-users own their own data, must grant explicit consent before Nametag collects or shares their data, and can use our app to revoke your company’s access or delete their information from Nametag entirely.
Customer data is the non-public information your company provides to Nametag to utilize our services. Your company owns and controls this data. Importantly, customer data does not include end-user data, which your end-users retain full control over.
What end-user data does Nametag store?
Nametag stores only the essential data that is necessary to verify an end-user and detect fraud:
Photos of their identity document
Their selfie photograph
Some associated technical information.
We analyze, but do not retain, biometric identifiers from end-user selfies. We only preserve the data we require to prevent bad actors from impersonating others, and we discard the rest.
What is Nametag’s approach to consent?
Consent is critical to the Nametag product and end-user experience. Our policy is to obtain explicit, informed consent before collecting or sharing an end-user’s information.
How does Nametag collect consent from my end-users?
End-users are shown the following information and then asked to consent to the stated terms––none of their data is collected or shared until they consent:
Details about your company
The time period during which your company intends to use their data
The exact information that will be shared with your company
Your company’s purpose for collecting this information
Nametag uses clear, explicit language to ensure that everyone can understand what they’re being asked to share, why they’re being asked to share it, and how their data will be used.
What is Nametag’s policy for end-user data deletion?
Nametag deletes end-user information when we no longer need it to provide our services to them, or within three years of their last interaction with us, whichever occurs first. Additionally, end-users can view, manage and delete their own data at any time through our app.
How can my end-users delete their own data?
Your end-users can use our mobile application to view the information they have provided Nametag, with whom they are sharing their data (e.g. your company), and exactly which data they are sharing.
At any time, end-users can revoke sharing permissions or delete their account and all of their information that is stored in Nametag. If they haven’t downloaded our full app, they will be invited to do so at the end of their iOS App Clip or Android Instant App experience, with a note that our full app affords them the ability to manage and delete their data.
What is Nametag’s policy for customer data deletion?
If you terminate your contract with Nametag, unless otherwise prohibited by applicable law, we will make all of your company data (“customer data”) available for electronic retrieval for a period of thirty (30) days. Nametag will then delete this data from our systems.
How does Nametag protect the privacy of my end-users?
When your company uses Nametag to verify someone, we share only the minimum data required to fulfill your request, such as name and birthdate. This minimizes unnecessary data exposure and reduces the amount of information your company has to process and store.
How does Nametag protect the ID documents and selfies of my end-users?
Once your end-users consent to share their information with Nametag and your company, we actively enhance their privacy by concealing irrelevant personal details. This includes intentionally blurring their selfie and ID photos in your agent console to safeguard end-user identities.
Fig. 1 – An example of an end-user’s photo ID in their Nametag verification record.
How does Nametag’s express re-verification protect my end-user’s privacy?
Nametag offers an express re-verification process that brings enhanced speed and security for your end-users who have previously completed a Nametag verification and are using the same mobile device. This expedited process eliminates the need for them to rescan their government-issued ID during subsequent verifications.
Express re-verification draws on our patent-pending security innovation called “Selfie Chaining” that compares an end-user’s newest selfie with their previous selfies. This requires an end-user’s explicit consent to allow Nametag to retain their data. End-users must agree to both the storage of their data and its use in each re-verification instance, even in the streamlined process.
If an end-user chooses not to permit data storage by Nametag, or if they switch to a different mobile device, they simply go through the “first-time” verification process each time.
How do my end-users know that it’s really my company using Nametag to request their information?
To protect our end-users, Nametag carefully verifies every company that signs up with our service. If a fraudster tries to create a Nametag company account, the false “verification” requests they send are tagged with large banners telling the end-user that the fraudster’s organization has not been verified by Nametag.
What is Nametag’s policy towards regulatory compliance?
Nametag complies with all applicable laws and regulations in connection with providing our services, including all applicable data privacy laws and regulations. Nametag’s Data Processing Addendum (DPA) governs our responsibilities with respect to personal information,
Where will my data reside?
Nametag is built to align with your data residency requirements.
By default, personal information received from end-users in Asia, North America or South America is stored and processed in the United States. Personal information received from customers or end-users in Europe or Africa is stored and processed in Ireland or Germany.
In case these defaults don’t work for you, we can accommodate boutique data residency requirements. For more information, refer to our Data Processing Addendum (DPA).
California Consumer Privacy Act of 2018 (CCPA) and California Privacy Rights Act of 2020 (CPRA)
Nametag has been certified CCPA/CPRA compliant and continuously monitors the state of our compliance. We also deliver CCPA/CPRA training to all Nametag employees.
General Data Protection Regulation (GDPR)
Nametag has appointed Prighter Group and its local partners as our privacy representatives and your point of contact for privacy-related requests in accordance with the European Union’s General Data Protection Regulation (GDPR). Please visit our Compliance Landing Page on Prighter for more information and to submit a request.
Nametag has been certified GDPR compliant and continuously monitors the state of our compliance. We also deliver GDPR training to all Nametag employees.
Illinois Biometric Information Privacy Act (BIPA)
According to the Illinois Biometric Information Privacy Act (BIPA), a photograph is not considered a biometric identifier (section 10 of 740 ILCS 14/10). The statute does consider “face geometry” to be a biometric identifier, which means that face geometry must receive special handling under BIPA. Nametag stores end-user selfie photographs, but we do not store face geometry. Out of an abundance of caution, we treat both the selfies and derived face geometry as if they were both covered under the law.
BIPA also requires organizations to obtain end-user consent before collecting biometrics, and to tell end-users how long their data will be stored and how it will be used. Nametag exceeds these standards by obtaining explicit in-app consent from your end-users to collect their information, and separate in-app consent to share their personal information. We never share their selfie, face geometry, or any other biometric information with you. If an end-user does not use Nametag, or if they do not not specifically consent to sharing at a given moment, their photograph is not captured, analyzed, or used..
Line-Item Responses to BIPA Section 15 Components
- (a): Nametag has developed a written policy, publicly available, which establishes a clear retention schedule and guidelines for how we handle biometric identifiers and information. Additionally, end-users are able to permanently delete their photograph and any other stored information immediately, at any time, with a self-service “delete my data” button in the Nametag mobile application.
(b): Nametag requires end-users to provide explicit consent for their information to be stored. At the beginning of every verification, we clearly explain which information will be shared with whom, and for what time period. Please see our Commitment to Consent for more details and visuals of this experience.
(e): Nametag adheres to stringent security standards, external audits, and other measures as summarized in this document and outlined in our Cloud Services Agreement, including maintaining a SOC 2 Type II audit attestation.
Health Insurance Portability and Accountability Act (HIPAA)
Nametag does not process or store any health-related information covered by the United States Health Insurance Portability and Accountability Act (HIPAA). However, we understand that working with our customers may expose us to such information. Because of this, we have undergone a HIPAA audit and have implemented practices and infrastructure that would support handling of PHI (protected health information). We educate all of our employees about HIPAA practices and handling data that might fall under HIPAA.
How does Nametag ensure the security of its own data, my company’s data, and my end-users’ data?
Nametag maintains physical, administrative, and technical safeguards that exceed applicable industry-accepted practices designed to protect the confidentiality, integrity, and availability of customer data. We adhere to the security measures which are outlined below and further expanded upon in our Trust Center. Nametag also maintains its SOC 2 Type II audit attestation. These attestations and documents are also available in our Trust Center.
Nametag’s service is hosted on infrastructure operated by third-party cloud providers. This infrastructure provides secure deployment of services, secure storage of data with end user privacy safeguards, secure communications between services, secure and private communication with customers over the internet, and safe operation by administrators.
The security infrastructure is designed in progressive layers starting from the physical security of data centers, continuing on to the security of the hardware and software that underlie the infrastructure, and finally, the technical constraints and processes in place to support the operational security of data stored with Nametag.
Data Flow and Architecture Diagrams are available in our Trust Center.
All data are encrypted both at rest and in transit. Specifically, data are protected by modern encryption.
At rest on an end-user’s phone in our app (we use the app to send and receive data for end-user enrollment, verification, and sharing, not for permanent storage).
Over the public internet from an end-user’s phone to Nametag’s servers.
At rest in cloud storage (databases and object storage buckets).
From Nametag services to your company when an end-user consents to share their information with you.
Security Vulnerability Prevention
As a security company ourselves, Nametag takes proactive steps to ensure the security of our own product architecture. We have implemented numerous measures to make vulnerabilities more difficult to introduce, and periodically review and refresh these measures to stay ahead of bad actors. Examples of security measures we have implemented include:
The identity and privilege level of a remote user is threaded throughout the application, all the way to the datastore, which enforces access rules in a testable, auditable place.
Our peer-code review process serves as a backstop against intentional or accidental vulnerabilities.
We use automated static analysis tools that alert us to potential security problems in the code, and those checks must pass in order for code to get deployed.
We have automated tools that monitor for security vulnerabilities in the third-party code dependencies and automatically propose patch updates.
We rely on cloud providers’ mature vulnerability management practice for patching known vulnerabilities at the operating system, virtualization, and hardware layers.
We divide our systems into separate environments for development, staging and production. Each environment is an independent domain with respect to network access control, service account credentials, and secrets.
- No access to the production, staging or development environments is allowed except on known protocols and ports.
All access to our services from user devices, or between our client software and our service is encrypted by Transport Layer Security (TLS) version 1.2 or higher.
Our public endpoints, (for example, nametag.co) receive an A+ rating from Qualys SSL Labs.
To minimize the risk of data exposure, Nametag adheres to the principle of least privilege. Employees are only authorized to access data that they reasonably must handle in order to do their job: all engineers have access to their development environments, fewer engineers have access to the staging environment (only those who need access to perform their jobs), and far fewer have access to the production environment. All internal systems require our employees to authenticate with unique user accounts and hardware-backed multi-factor authentication.
All Nametag employees complete mandatory recurrent security training. In addition to general resistance to online threats, we teach our staff to resist social engineering attacks through our support channels. All employees are trained in protecting the identities and confidential information of our clients. Although we do not handle protected health information (PHI), all employees are trained to identify and report any incidental contact with it.
Nametag collects logs from all our servers. We routinely examine these logs for suspicious activity and operational issues. We scrub logs of personal data and operational secrets before archiving them.
All of the data that Nametag stores for you is regularly backed up. We regularly simulate the backup and recovery process to make sure it works smoothly. Copies of backups are stored in multiple data centers in different regions and are encrypted in transit and at rest.
What is Nametag’s insurance coverage?
Nametag consistently upholds extensive insurance coverage from top-tier providers, each with a minimum “A” rating and belonging to size category “VIII” or higher. This ensures that our insurance types and limits substantially exceed the potential risks associated with our average contract sizes, thereby offering robust protection to our customers from potential losses.
Evidence of our comprehensive insurance portfolio, including workers’ compensation, commercial general liability, commercial auto liability, umbrella and excess liability, professional liability (E&O), and cyber liability policies, is readily accessible through our Trust Center. This commitment to maintaining high-level insurance safeguards reflects our dedication to customer security and trust.
Where can I learn more about Nametag’s data security and privacy practices?
For more information on how Nametag handles user data and personal information, please refer to the following resources:
Trust center (include SOC 2, HIPAA, penetration test, and more)
Legal center (includes DPA, SLA, CSA, and more)
In addition, please feel free to contact us by emailing firstname.lastname@example.org.