Inverid provides ReadID Me apps through the Play Store and the App Store. We provide these apps free of charge to you to read and verify your identity documents. The publicly available apps run client-only, below we explain what this means for your privacy.
What personal information is processed and stored
Inverid thus does not collect personal information. We do not know nor want to know who the users of our ReadID Me app are and whose identity documents are scanned.
The app however does need to process the personal information that is on the chip of the identity document, including privacy-sensitive information like name, date of birth, personal number and document number. In addition, the app scans via Optical Character Recognition technology (or alternatively via manual entry) the date of birth, date of expiry and document number, since these are needed to get access to the information on the chip. This is a security feature of the chip, to avoid unauthorized access to its contents.
The app processes this information locally on the smartphone, i.e., the app does not send personal information to a server for processing. The personal information that is processed is not stored on the smartphone.
What non-personal information is collected and why?
The ReadID Me app is for your personal use. For performance improvement we need to collect the app’s usage information as well as user analytics to collect anonymous usage information. This usage information does not contain personal information. Moreover, Inverid cannot directly or indirectly relate the usage information to a specific person. Usage information will only be used for improving the quality of the app and not for other purposes. Inverid will only retain the information for as long as is necessary to fulfil the specified purpose.
Inverid collects the following usage information:
- Phone details, including phone type, Android version, iOS version, memory size. We do not collect information that is unique for a certain phone.
- What type of identity document was scanned and read: was the scan successful, was the chip read successfully, what country issued the identity document, the document signing certificate as stored on the chip and the date of expiry. We collect the date of expiry since this allows us to determine the version of the scanned identity document.
- Usability information: how long the different steps take, if a user managed to go through all steps and usage frequency.
Inverid uses servers under its own control and user analytics data hosted by a third party (Matomo).
How is the personal information secured?
Since all the processing of personal information is done on the phone (client only), the confidentiality of this information depends on the security of the phone. The app uses encrypted network connections for the communication of usage information.
What information can be shared by the user?
The app provides two options to allow you to share the read information. The Android app uses the built-in sharing feature of the mobile operating system, where explicit action from the user is needed and the user selects an external app (e.g. an email client) to share the information with. Typically, within the external app selected for sharing, you can see and redact the information before actually sending it off through the Internet. The iOS app does not have this option for sharing.
This first sharing option allows you to share the photo and personal information details, e.g., emailing these to him or herself. Inverid has implemented this feature due to popular demand from users. Inverid recommends you to use this feature with caution, since the information includes privacy-sensitive personal information such as name and personal number. Sharing this information on a social network is possible but Inverid strongly discourages this.
The second sharing option allows you to share debug logging information with Inverid. In case there is a technical issue sending this debug information can help us fix this issue. This log does not contain privacy-sensitive information, e.g., no personal number or name. In the Android app in the settings the logging of debug information can be switched on or off. In the iOS version this is always enabled. You can inspect the exact log that is sent to Inverid yourself.
For some ReadID Me apps one or both of these options are not available.
Changes in this privacy statement
This privacy statement may change from time to time. If the changes are significant or reduce the rights of users, then Inverid will provide a prominent notice.