Search Icon

[Last updated December 2022]
Versión en español

Effective Date: December 23, 2022

Our purpose.

Socure Inc. and our subsidiaries and affiliates (collectively, “Socure,” “we“, “us” or “our“)  provides products for the purposes of identity verification and fraud prevention. When you interact with the digital economy by, for example, applying for goods or services online, our customers will use Socure’s products to answer the following questions:  (1) Are you a real person? (2) Are you who you say you are? (3) How risky is it to complete this transaction?  At Socure, we’re proud that our products help consumers access online products and services and help protect them from various types of fraud.

Our practices.

Our products are powered by artificial intelligence and machine learning. We collect, use, disclose, retain, and otherwise process consumer and/or business information on behalf of our customers in connection with our identity verification and fraud prevention solutions, including but not limited to:  Socure ID+ Platform, Sigma Identity Fraud, Sigma Synthetic, RiskScores, KYC, Global Watchlist, DocV, DeviceRisk, and our Admin Dashboard, DevHub, and other resources. (collectively, the “Services”). Socure’s processing of personal information in connection with the Services is governed by this Products and Services Privacy Policy (the “Privacy Policy”) and by our customer agreements.

This Privacy Policy is not a substitute for any privacy notice that Socure customers are required to provide in accordance with or otherwise required by applicable law.

Personal Information We Collect

Information collected via our Services and the sources of that information. Socure may collect or derive personal information about you from our customers, from your direct engagement with the Services, from public sources of information, or from third parties who provide us with data or otherwise assist with our provision of the Services, including:

    • Identity information, such as your first and last name, email address, billing and mailing addresses, phone number, and date of birth.
    • Geographic data, such as your city, state, country of residence, postal code, IP address, and device geolocation.
    • Data from government-issued identification cards, such as national identification number (e.g. Social Security Number, tax identification number, passport number), state or local identification number (e.g., driver’s license or state ID number), and other personal  information contained in or extracted from the government-issued identification card(s) or other identity documentation that you submit (e.g., information extracted from barcodes and machine-readable zones).
    • Facial images, such as your selfie photographs and headshots from your identification card. These images may be processed to derive biometric information.
    • Transaction data, such as metadata about the identity verification transaction sent over by our business customers (e.g., IP address), and information relating to your application and account with our business customers including fraud labels and account details. 
    • Device data, such as the following categories of data collected from and about devices and their operating systems and web browsers: (i) ip addresses and geolocation, (ii) device level identifiers, (iii) local storage mechanisms and caches, (iv) mobile carrier and network information, (v) user preferences and settings, (vi) hardware information (e.g., model, version, manufacturer, specifications and capabilities), (vii) sensor data (such as motion, gesture and environmental), (viii) interactions and user driven events from end user peripherals devices, and (ix) cryptographic keys as permitted by the device. 
  • Financial account information, such as bank account and routing numbers, as well as account history and performance information.
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Notice re Opt-Out: If you would like to opt-out of the processing of your sensitive information or of the use of your information for automated decision making, or if you otherwise would like to exercise an opt-out right provided to you by law, please review Exercising Your Rights.

How We Use Information

Our products are designed to use as little personal information as possible to return highly accurate results as quickly as possible, so that you can get access to the products and services you need and our customers can operate their businesses according to their compliance needs and risk tolerance.

 

We use the information we collect for several purposes, including: 

  • to provide the Services at the instruction of and pursuant to agreements with our customers;
  • to measure performance of and improve the Services;
  • to develop new products and services, including by training and testing our models and validating their performance; and
  • to respond to, and to help our customers respond to, inquiries, complaints, and consumer requests relating to the exercise of their data rights.

We may also use information necessary or appropriate to (a) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; (b) comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; (c) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (d) audit our internal processes for compliance with legal and contractual requirements and internal policies; and (e) enforce the terms and conditions that govern the Services.

We also use personal information for our business purposes, such as research and development of our existing and new identity verification and fraud prevention products.

How We Share Information

Socure uses personal information for our identity verification and fraud prevention purposes. Socure does not use personal information for marketing purposes and does not sell personal information to third parties.  Socure does not share biometrics with our customers, vendors, service providers, or any other non-affiliated third parties.

We may share the information we collect:

  • With the relevant business customer that sent you to Socure in connection with the Services;
  • With certain third parties, such as auditors, sponsor banks and regulators, as the relevant business customer may direct;
  • With third-party service and information systems providers, such as our cloud computing platform, that help us provide and improve the Services; 
  • With professional advisors such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us; and
  • With Socure subsidiaries and corporate affiliates for the purposes described in this Privacy Policy or in the relevant agreement.

We may also share information with government, law enforcement officials or private parties as required or otherwise permitted by law, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. 

We may sell, transfer or otherwise share some or all of Socure’s business or assets, including information that we process as part of the Services, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy.

Special Notices and Policies re Biometrics

To the extent any data is generated or derived from a photograph of your face, it is not done in order to identify you as a specific individual. Instead, such information is used for such features and functionality as detection of occlusions (e.g. mask detection) and matching of a document headshot with a selfie photograph. 

To the extent Socure derives biometric information from an image of your face, we will permanently destroy the images and any information derived therefrom within three years from the date the images were captured, unless otherwise specified in this Privacy Policy.

Notice to Illinois Residents: Socure will retain your biometric information for no longer than three years after the last date on which you interact with the Services and will permanently destroy the images of your face and any information derived therefrom within that time period. 

Notice to Texas Residents: Socure will retain your biometric identifiers for a time reasonably necessary to provide the Services, but not later than the first anniversary of the date the purpose for the collection expires.  Socure will permanently destroy the images of your face and any information derived therefrom within that time period. 

Data Security 

Socure uses commercially reasonable physical, electronic, and procedural safeguards to protect information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction, in accordance with applicable law, and we recommend that our customers do the same. In fact, our customer agreements generally include data access and security guidelines.  We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security incident.  

Exercising Your Rights

Socure is either a “service provider” or a “data processor” pursuant to applicable privacy laws. This means that our customers (the “business” or “data controller”) are legally responsible for responding to requests to exercise your data rights.  In order to exercise your rights, you must contact the customer that used the Services. If you reach out to Socure directly, we will notify our customer, and our customer will complete the process with you. Socure respects consumer privacy, and we work with and at the direction of our customers regarding consumer data rights requests. 

Data Retention

Except as otherwise provided in this Privacy Policy, Socure may retain information for up to seven years, as permitted by applicable law. If you provide Socure with images used in an attempt to commit fraud, we will retain the images and any information derived therefrom, and you waive your rights to that data and to pursuing any legal or other action against Socure. 

Third-Party Systems

The Services are often integrated with our business customers’ websites, platforms, or other systems, which are governed by our customers’ privacy notices and terms of use.  Please review those notices carefully, as Socure does not control and cannot be responsible for the privacy and information security practices or terms associated with non-affiliated third parties.

Changes to this Privacy Policy

Socure reserves the right to modify this Privacy Policy at any time.  Socure’s Services, as well as laws, regulations and industry standards may evolve, which may result in changes to this Privacy Policy.  Socure will post the changes to this page and notify our customers via our agreed upon communication channels.  

Socure encourages you to review this Privacy Policy from time to time to stay informed.  In accordance with applicable law, Socure will notify you of any material changes in its collection, use, or disclosure of your information by posting a notice on its website.  Any material changes to this Privacy Policy will be effective immediately.

Contact Privacy @ Socure

If you have any questions about this policy, you can contact us at privacy@socure.com or call 1-888 690-3709.