legal Privacy Policy
Launch Nametag Get help

Privacy Policy

Download PDF

Privacy Policy

Effective April, 2025

We do not sell your information nor will we ever do so. Protecting your privacy is why we exist. We want to empower you to make informed choices about how you share personal information. .

What This Policy Applies To

This Privacy Policy applies to visitors to our website and our App (available for downloading on Apple App Store and Google Play or from our website at https://nametag.co/install) or accessed via App Clip or Instant App, and other online properties and associated services that display this Privacy Policy. This Privacy Policy is incorporated into and governed by our End User License Agreement (EULA).

Information We Collect and How We Use It

When you use Nametag

When you use Nametag and create an account to access our services, you will be asked to provide certain personal information, for example your name, telephone number, a scanned government photo ID (such as a valid driver’s license) and a scanned photo of your face (which will be matched with your photo ID to verify it’s you), and possibly other information. We only share this information (and information derived from it) as described in this Privacy Policy and with your permission. We do not share selfie or ID photos except with our service providers as described elsewhere in this Policy.

If you provide your phone number or email address, we use it as a convenient way to introduce yourself to companies and friends. We may also use it to communicate with you (via text, email, or in-app notifications) about your use of the websites, App and services (we do not use it for marketing purposes). If you don’t want to provide your phone number, you can use a QR code instead.

You can then build out your profile by accepting (or not) incoming requests for identity confirmation and data sharing. You are free to refuse any request for your personal information, with the understanding that we may be unable to provide you with some of our services.

Facial Matching Information Collection, Use, and Retention

With your consent, we collect and use personal information (including biometric information) and facial matching technology to verify your identity by comparing your government photo ID with a selfie photo of your face, or with previous photos of your face you have already shared. (The comparison provides a % match of the two or more photos.) We do not share this information (except with our service providers, as described below) or use it for any other purpose (e.g., we will not sell, lease, trade, or otherwise profit from your biometric information). We will request your prior consent to use your photographs and related information (including biometric information) for using the facial matching technology in this manner.

We use commercial facial recognition technology provided by Amazon Web Services (AWS) to verify and authenticate user identities. This technology allows us to compare photographs you submit with an authoritative image (e.g., with the identity document you provide, with a photograph you previously provided, or with an image provided to us by our customer). AWS processes biometric data derived from your image. You can review the AWS Service Terms available at https://aws.amazon.com/service-terms/ for more information about how AWS uses and protects your biometric information.

By providing your photograph for facial recognition purposes, you explicitly consent to our collection, use, and storage of biometric data as described in this Privacy Policy. You have the right to withdraw your consent at any time by contacting us directly.

We retain this information only as long as we need it to provide the App and our services to you, to detect and prevent fraud, to maintain compliance with applicable laws (such as the Illinois Biometric Information Privacy Act and applicable data privacy regulations), and to meet other defined operational obligations. Unless otherwise required under applicable law or regulation, we will permanently destroy this information in a secure, irrecoverable, and confidential manner in compliance with applicable laws when we no longer need it to provide the App or our services to you (e.g., when you stop using our App), or within three (3) years of your last interaction with us, whichever occurs first.

Use of Artificial Intelligence

Our AI models are trained with a strong focus on anonymization and non-identifiable information, ensuring user data is never misused or reconstructed. The resulting model stores and uses only anonymized data. We are committed to non-discrimination, ensuring our models treat all individuals fairly regardless of their demographic profiles. We continuously refine our systems to address emerging threats and enhance performance, ensuring our technology remains at the forefront of security and reliability.

We also collect and use such information to maintain and improve the functionality, accuracy, quality, safety, and security of our products and services, including to train machine learning algorithms, enhance artificial intelligence models, detect and correct product errors, and develop enhanced solutions and services, as further described below.

Nametag employs a robust and secure approach to training our machine learning models, utilizing a combination of synthetic data (generated internally), commercially purchased data, and user data collected during the operation of our services. These models are crucial for verifying the authenticity of evidence we collect, such as ensuring the legitimacy of IDs and selfies. We responsibly source commercially purchased data from verified and legally compliant vendors, ensuring adherence to all applicable privacy laws and ethical standards.

Although our models are trained on images (for example, your driver’s license) that may contain personally identifiable information (PII), we ensure that PII is not captured in any model. Our models are trained on and look for characteristics of your driver’s license or other ID card (fonts, spacing, backgrounds, distorted watermarks, and other irregularities) rather than the PII in or on the card. Our models produce a single numerical output to indicate authenticity and are incapable of generating arbitrary text or images.

The models cannot reproduce any of the PII present in the training materials. The resulting model stores and uses only anonymized, generalized characteristics data, and does not store or retain PII, providing an additional layer of security and privacy during inference. No sensitive data is ever reconstructed or reproduced during model inference.

Any personal information obtained from your driver’s licenses or other ID card is used solely for the specific purpose of identity verification for which it was collected, consistent with applicable laws. We do not sell, lease, share, or otherwise use your ID personal information for any unrelated purposes—including marketing, advertising, or training artificial intelligence systems—without your explicit informed consent. As noted above, our AI models only analyze general characteristics of ID documents (such as fonts, layouts, backgrounds, watermarks, and security features) and do not process, store, or retain personally identifiable information (PII) from your ID. By using our service, you consent to our use of your ID documents and related personal information consistent with these purposes.

If at any time you wish to withdraw your consent, or request deletion of information obtained from your ID card, you can do so by contacting us or using the “Delete my Data” feature in our App, after which such data will be promptly excluded from all subsequent processing and training activities.

Web Logs and Online Trackers

We log activity on our websites and services to help us manage and improve them. On our main website, getnametag.com, we deploy tracking technologies (e.g. web beacons or pixels) for marketing purposes. On our product website (nametag.co) and our App, we use tracking technologies for technical purposes, such as debugging and performance monitoring, however we do not use these for marketing purposes.

App Information

Our App generates and stores technical information including device identifiers, the type of device you are using, your IP address, which language you prefer, and encryption keys. When you scan your ID or take a selfie, we collect images of your ID document or your face. In some cases, we may collect intermediate images along with other technical information to assist us in protecting your account and to improve your experience. We collect and store some of this information to operate the App and services.

Unique identifiers

Each company you decide to share with also gets its own randomly-generated identifier for you. Because each company gets a different identifier, companies cannot use Nametag to cooperate with each other to get more information about you than what you’ve shared. We also generate a unique identifier only for our internal use, but this identifier is not shared.

End User Information

Any and all information you post to your account and/or profile is considered “End User Information,” which is defined and governed by our End User License Agreement and the included Acceptable Use Policy. You retain control of your End User Information at all times; you decide what information to share – or not share – with companies and other users, and companies only have control of data that users explicitly consent to share. Nonetheless, think carefully before posting any End User Information or agreeing to share it, especially if that includes your personal information. You also are responsible for ensuring that all posting and shared End User Information is accurate and complete.

Technical Support

We want to help you use the Nametag App and we are here to talk. Contact us via email at help@nametag.co. Information you share with us when we are providing technical support will be kept for purposes of diagnosing and solving your problem and contacting you to help you. To assist with technical support, we may collect your city and country location from your IP address; however, we do not use this location data for any other purpose.

Application Metadata

For participating companies that integrate with Nametag, we collect and store the name of the application, the icon you share with us, and other metadata.

Information We May Share and With Whom

With companies using Nametag

Companies use Nametag to request that you share information with them. For example, your employer would invite its employees to use Nametag to verify their identities and to access their account. We check to make sure that the companies are who they claim to be, and they are required to adhere to certain privacy and data handling practices. It is up to you to decide to whether you accept requests from participating companies.

You can revoke a company’s access to your information at any time. When you do so, we immediately stop sharing your data and tell the company that you’ve revoked access. However, they may have stored the information you’ve shared. As you may expect, your use of other companies’ services is governed by their respective privacy policies.

Service providers

We work with designated third-party vendors to support our services and may disclose your personal information (including biometric information) to a third party for one or more business purposes. For example, we use a vendor to store and process your photos and facial information for our identify service, and a vendor to send text messages to our users. In the course of verifying your phone number or email address, our vendor will have access to your phone number or email address. That being said, we encrypt everything and everywhere we can: when we store it and when we move it between the parts of the system that comprise Nametag, it is always encrypted. In addition, we may deploy third-party cookies to learn how a website is used. All our service providers are required to protect your information and not disclose it to others unless we have authorized them to do so. Specifically, when we disclose personal information (including biometric information) for a business purpose, such as to service providers, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. Any resale or secondary use of your personal information by such third parties is contractually prohibited, consistent with state and federal privacy laws.

If we receive a legal or official demand from a government or court (e.g., a subpoena or court order), we may be required to share your data. We will try to let you know about the request before we comply so you can object. But keep in mind that we may not be allowed to let you know of the demand, or we may be required to comply with the demand before you have time to respond. We will carefully scrutinize each demand before we comply in an effort to protect your legal rights and comply with our obligations to the extent legally permissible. We may preserve or share your personal information to enforce our EULA and any other agreement, terms and conditions relating to your use of the App and services. We also may preserve or share information as needed to ensure the safety and security of our App and services, and our users, and to detect, prevent, or otherwise address fraud, security, or technical issues.

Business transfers

We may share your personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users are among the assets transferred. In the event of such a transfer, we will require the successor entity to adhere to privacy standards and data protection practices that are at least as protective as this Privacy Policy. If the successor’s privacy practices differ materially from ours or if your rights under this Privacy Policy could be affected, we will provide you with notice of such changes, and you will be given the opportunity to opt out or request deletion of your Personal Information.

Your Access, Choices and Other Rights

You control your information that you provide to us. You have the right to request from us a copy of what personal information that we have collected or to ask to correct or update the information we maintain. Our full App includes a “Delete my Data” option (My Vault > Settings > Delete my Data) that enables you to delete your account information (including User Content and any personal information.

Retention of Personal Information

We will retain your photos and other personal information (including biometric information) only as long as we need this information to provide the App and our services to you, to detect and prevent fraud, to maintain compliance with applicable laws (such as the Illinois Biometric Information Privacy Act and applicable data privacy regulations), and to meet other defined operational obligations. Unless otherwise required under applicable law or regulation, we will permanently destroy this information in a secure, irrecoverable, and confidential manner in compliance with applicable laws when we no longer need it to provide the App or our services to you (e.g., when you stop using our App), or within three (3) years of your last interaction with us, whichever occurs first.

We may send you in-App notifications, text messages, or email (if you give us your phone number or email) about your use of our App and services. If we want to send you any messages about any new products or services that may be of interest to you, we will first ask for your permission.

Google provides website visitors the ability to prevent their data from being used by Google Analytics. To opt out of Google Analytics, install the Google Analytics Opt-out Browser Add-on.

Your State Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:

  • Confirm whether we process their personal information.

  • Access and delete certain personal information.

  • Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.

  • Data portability.

  • Opt-out of personal data processing for:

    • targeted advertising;

    • sales; or

    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).

  • Either limit (opt-out of) or require consent to process sensitive personal information (including biometric information). We may obtain your consent through various user interactions, including but not limited to clicking a button, checking a box, or other clear affirmative actions that indicate your agreement to the processing of your personal information.

Under certain laws (such as the GDPR, the California Privacy Rights Act (CPRA), and other state privacy laws), our identity verification processes and procedures can constitute “automated decision-making” or “profiling,” as they involve automatic processing of sensitive personal data to determine your eligibility or access rights to our services. We are committed to fair and transparent processing. You have the explicit right to challenge, contest, or seek human review of decisions made solely through automated means, such as identity verification results. If our automated systems deny your request or limit your access to our services, and you believe this is incorrect or unfair, please contact us as described below. Upon your request, a human reviewer will assess your case, revisit the automated decision, and promptly communicate the outcome and rationale of that human review process.

The exact scope of these rights may vary by state. To exercise any of these rights please contact us as described below. You may also contact us to appeal a decision regarding a consumer rights request. More information about state privacy laws can be found at the US State Privacy Legislation Tracker available on the website operated by the International Association of Privacy Professionals (IAPP). (We are not responsible for content found on the IAPP website or any other third-party websites)

Users in California

For users in California, please click on this link for further information, including how to submit “Requests to Know” or “Requests to Delete” in accordance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Users in Europe and in the UK

We have appointed Prighter Group and its local partners as our privacy representatives and your point of contact for privacy-related requests in accordance with the General Data Protection Regulation (GDPR). Please visit https://prighter.com/q/11923048432.

Security

Data security is at the heart of all we do. All the data you share with us is encrypted, both at-rest and in transit. We use advanced encryption and up to date security practices to protect the data you share, and we are audited to maintain industry standard certifications. Where required by law or otherwise necessary, we will apply enhanced security measures to sensitive or special categories of personal information.

Children

Our websites, App, and services are not intended for children under 16 years of age. We do not knowingly collect or sell personal information from children under the age of 16. If you are under the age of 16, do not use or provide any information on or to the websites or App or through any of their features. You must be 16 years old or older to use our websites, App and services. If you become aware that we have inadvertently collected information about children younger than 16, please notify us and we will delete it right away. If you are the parent or guardian of a child under 16 years of age whom you believe might have provided us with their personal information, you may contact us (as described below) to request the personal information be deleted.

Changes to Our Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our privacy practices, applicable laws, and evolving best practices. When we make changes, we will update the “Effective” date at the top the Privacy Policy at https://nametag.co/privacy (or another publicly accessible location).

If the changes are material—for example, if they affect what personal information we collect or how we use it—we will highlight them at the top of the policy or in a banner or notice on our website. We encourage you to review our Privacy Policy regularly to stay informed about how we protect your information.

If you would like to be notified directly when we make material changes, you may contact us at privacy@nametag.co to request notification.

Contact Us

We love talking about privacy, so if you have any questions about how we handle user data and personal information, feel free to contact us at privacy@nametag.co.

Or if letters are more your thing, write us at:

Nametag Inc.
520 East Denny Way
Seattle, WA 98122

Download Privacy Policy PDF