ZOLOZ™ Core Privacy Principles and Privacy FAQs

Effective Date: October 2020


ZOLOZ Core Privacy Principles

ZOLOZ makes it simple to be known, trusted and safe in the digital world. We use biometrics to answer the question “Who are you?”  We do this by transforming your face, eyes, voice and how you act into a digital identity. We then protect, enhance and connect that digital identity to all the apps and services asking “Who are you?”

ZOLOZ commits to honoring your privacy and building a deep relationship of trust with all of our users. Below are the ZOLOZ Core Privacy Principles.  To learn more, link to our more detailed Privacy FAQs, ZOLOZ Services Terms of Use, or ZOLOZ Services Privacy Notice

We may change our Terms of Use and Privacy Notice from time to time and, when we do, we will let you know by appropriate means. We encourage you to periodically review our website at www.zoloz.com for the latest information on our privacy practices.

1. Why should I use ZOLOZ Services?

By collecting and using your personally identifiable information to verify your online identity, we make it easy and safe for you to use your mobile device to sign up for and sign in to mobile apps, websites, and online platforms.  Our Services may not be available to people of every country in every country, so if you are not able to register to use this ZOLOZ Service, the reason might be that this Service is not available in your area. For example, this ZOLOZ service is not available in the United States. Learn more here.

2. What kinds of information about me does ZOLOZ collect, and how is it used and processed?

We use the term “Personal Data” for all types of personally identifiable information collected from any source, and that includes Biometric Data and Behavioral Data. We only use transfer, disclose and otherwise process your Personal Data to provide the Services you have requested, manage our relationship and communicate with you, improve our Services, operate our business, comply with legal and other requirements, and to contact you about the Services and other products and services in which you may be interested that are offer ed by us, our affiliates, or our customers.  We will always try to give you appropriate notice of what data will be collected and how it will be used and processed, whether through our Privacy Notice or otherwise. Whatever happens, we will only use and process that data if it is lawful to do so, and we have obtained your consent as required by the applicable data privacy laws and regulations. Learn more about how we use and process your Personal Data here, and about how we protect it here.

3. How is my Personal Data stored and protected?

ZOLOZ understands that the privacy and security of your Personal Data is very important, so we take appropriate steps to protect it, including using financial grade spoof detection, system security, data encryption, digital signatures and other best-in-class technologies.  ZOLOZ or our affiliates may access your Personal Data remotely from other countries to operate the Services.  However, the ZOLOZ standard policy is to store your Biometric Data only in the country in which we collect it, which is usually your home country.  Exceptions may be made if necessary for data security or Services performance reasons, if storage outside the country is permitted by applicable data privacy laws and regulations.  ZOLOZ does not store or share any U.S. Citizen Personal Data ouside the U.S. We will follow the local privacy laws and guidelines relating to privacy and security of personally identifiable information in any country in which your Biometric Data may be stored.  If you have a question about where your Biometric Data is stored, please contact us at info@zoloz.comLearn more here.

4. What are Biometric Data and Behavioral Data?

Your Biometric Data is information about your physical characteristics, such as your face, voice, and other physical features.  Your Behavioral Data is information about your behavior that we collect from your mobile device, such as the way you type. Learn more here.

5. How is my Biometric Data protected?

We take appropriate steps to protect your Biometric Data, including using financial grade spoof detection, AES256 data encryption, digital signatures and other best-in-class technologies.  In addition, when ZOLOZ collects Biometric Data, only a digital template of the original Biometric Data is used to provide services. Learn more here.

6. In what circumstances may ZOLOZ share my information?

ZOLOZ does not sell your Personal Data, or permit any marketing companies to do so.  ZOLOZ does not share any Personal Data of U.S. citizens outside the U.S. Learn more here. ZOLOZ may share your Personal Data, but only for the limited purposes described in our Privacy Notice. Learn more here.

7. What happens when ZOLOZ receives a legal request for information about me?

We will comply with these requests to the extent it is consistent with international standards and we have a good faith belief that we are required to do so. Learn more here.

8. What are my rights?

You are also entitled to know whether we hold Personal Data about you and, if we do, to have access to that Personal Data, require it to be corrected or deleted, to object to or restrict the processing of your Personal Data, and to request a copy of your Personal Data, subject to applicable personal data protection laws.  If, despite our commitment and efforts to protect your Personal Data, you believe that your data protection rights have been violated, you have the right at all times to lodge a complaint with the appropriate government authority.  Contact us at info@zoloz.com or otherwise as described below to exercise any of your rights.  Learn more here.

9. How can I withdraw my consent and how long does ZOLOZ keep my Personal Data?

If you wish to withdraw your consent for us to use your Personal Data, you may do so by deactivating your ZOLOZ account, or by terminating your ZOLOZ account by contacting us at info@zoloz.com or otherwise described below as described below.  You must notify ZOLOZ – notifying our customer or another third party services whose apps offers our Services will not result in ZOLOZ deleting your Personal Data from our systems.  We will retain your Personal Data only for as long as is necessary or required by law. Learn more here.

10. How do I contact ZOLOZ?

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to (1) CEO/General Counsel, ZOLOZ US HQ, 1740 Main Street, Ste. 100, Kansas City, Missouri, 64108 USA, (2) ZOLOZ China HQ, 1 Danling Street, International Finance Center, Floor 23, Zhongguancun, Haidian District, Beijing, China 100080, or (3) info@zoloz.com 

 

Privacy FAQ

1. Why should I use ZOLOZ Services?

By collecting and using your personally identifiable information to verify your online identity, we make it easy and safe for you to use your mobile device to sign up for and sign in to mobile apps, websites, and online platforms.  We collect information about you from you, or through your mobile device when it sends information to our systems.  Our Services use that information to validate that you are you when you want to sign up for a mobile app, a website, or an online platform offered by businesses operated by our customers and other third parties.  We also use that information to assist our customers and other third party digital services to authorize your use of their mobile apps, websites, or platforms whenever you sign in later. 

We have a separate service that helps you verify your identity when you need to because of government regulations or industry requirements.  We do this by verifying the evidence you present to prove your identity – for example, a government-issued ID, driver’s license, or passport – is genuine, correct, and valid when compared with the official sources. 

Our Services are limited to authenticating your identity or credentials so you can access or use our customers’ and other third party services.  We are not responsible for their services. Please make sure to read the terms of use and privacy policies for their services carefully.

Our Services may not be available to people of every country in every country, so if you are not able to register to use this ZOLOZ Service, the reason might be that this Service is not available in your area. For example, this ZOLOZ service is not available in the United States.

2. What kinds of information does ZOLOZ collect, and how is it used and processed?

We use the term “Personal Data” for all types of personally identifiable information that collected from any source, which includes Biometric Data and Behavioral Data. ZOLOZ does not collect more Personal Data from you than is necessary for us to provide you the Services you have requested and take other actions described in Section 6 of this FAQ (and explained in more detail in our Terms of Use).  We will always try to give you appropriate notice of what data will be collected and how it will be used and processed, whether through our Privacy Notice or otherwise. Whatever happens, we will only use and process that data if it is lawful to do so, and we have obtained your consent as required by the applicable data privacy laws and regulations.

ZOLOZ does not offer any of its services in the United States, or share outside the U.S. any Personal Data that may be collected for research to improve our anti-spoofing capabilities. ZOLOZ's technology that is in use in the U.S. is sold as licensed software, which clients incorporate into their own product.  They then store and process the data internally.  ZOLOZ does not process or see any of Personal Data when this technology is used. 

We may collect Personal Data about you from various sources, for example, directly from you or your mobile device, or through others such as our affiliates, customers, other third parties whose services you choose to use with our Services, government agencies if we are providing Services to verify your identity, and providers.  If you register for your ZOLOZ account through a mobile app, website, or online platform of one of our customers or other third parties using our Services, you also granted your consent for that customer or third party to share your Personal Data with us in order to register your ZOLOZ account, provide Services to you, and as otherwise permitted in Section 6 of this FAQ and explained in more detail in our Terms of Use and Privacy Notice

We also collect information about your mobile device, such as identifiers, settings, software names and types, operating system and hardware version, and connection information such as the name of your mobile operator, browser type, language and time zone, mobile phone number and IP address.  We use and process this information to help us provide the Services, for example as part of our fraud detection activities.  Some of this information may be considered Personal Data, and some of it may not identify you at all.  

By using the Services, you are consenting to ZOLOZ collecting and processing information from or about you or your device that does not identify you or has been de-identified or aggregated so that it can no longer identify you.  Because it does not identify you, we may use and share this information to improve our existing services, develop new services, perform data analytics, and for our other business purposes. We may collect some de-identified information by using cookies or pixel tags, so that we can recognize your mobile device when you save your preferences and when we provide information to you.  Cookies are text files saved to the mobile device you use to access the Services.  A pixel tag, also known as a web beacon or clear GIF, generates a notice of the visit and permits the website to save or read cookies. 

3. How is my Personal Data stored and protected?

We understand that the privacy and security of your Personal Data is very important. We take appropriate steps to protect your Personal Data, including using technical, administrative and physical safeguards to protect your Personal Data stored in our databases from loss, misuse and unauthorized access, disclosure, and alteration.  We also use financial grade spoof detection, system security, data encryption, digital signatures and other best-in-class technologies to protect your Personal Data, although we cannot guarantee that our safeguards will always be successful.  

ZOLOZ or our affiliates may access your Personal Data from other countries to operate the Services.  However, our standard policy is to store your Biometric Data only in the country in which we collect it, which is usually your home country.  Exceptions may be made if necessary for data security or Services performance reasons, if storage outside the country is permitted by applicable data privacy laws and regulations. However, no Personal Data of U.S. citizens is stored outside the U.S. We will follow the local privacy laws and guidelines relating to privacy and security of personally identifiable information in any country in which your Biometric Data may be stored, as well as those governing any transfer of Personal Data outside the country.  If you have a question about where your Biometric Data is stored, please contact us at info@zoloz.com or otherwise as described below

In the event that we have a data breach of our systems, we will follow local laws and guidelines, and industry best practices, to quickly address the breach. We will notify you of a data breach in writing, or in other forms as permitted by law and agreed by you, within the time frames required by the law.

4. What are Biometric Data and Behavioral Data?

Biometric Data and Behavioral Data are types of Personal Data.  Your Biometric Data is information about your physical characteristics that the Services collect and translate into digital information, such as your face, eyeprints, and voice prints. Your Behavioral Data is digital information about your behavioral characteristics that your mobile device provides and which we use to provide our Services.  Behavioral Data may include information about the way you type or write, your speech patterns, your geographic location, and your usual wifi networks.  All this digital information is sent by your mobile phone to our systems for storage in our databases and use by us and our affiliates in providing our Services. This information helps ZOLOZ offer you a better user experience and financial grade security.

Biometric Data may be considered to be “sensitive personal data” or “confidential personal data” under certain data privacy laws or regulations. The term "sensitive personal data" or “confidential personal data” refers to the various categories of personal data requiring special treatment, as identified in the applicable data privacy laws, and may include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities). When collecting this type of Biometric Data, we will do so in accordance with local data privacy law requirements, which may in some circumstances require that we obtain your separate consent in addition to the consent you are providing through your agreement to Terms of Use and Privacy Notice.

5. How is my Biometric Data protected?

We understand that the privacy and security of your Biometric Data is very important. We take appropriate steps to protect your Biometric Data, including encrypting transmissions and using digital signatures to ensure it is sent securely, and encrypting Biometric Data using AES256 before it is stored.  In addition, when ZOLOZ collects Biometric Data, only a digital template of the original Biometric Data is used to provide services.  To enhance security, original Biometric Data is stored on servers separate from production servers, and is only accessed when needed to improve performance of the services - updated templates are then generated for use in providing the services and updated Biometric Data is again encrypted and stored separately.

We also guard against “spoofing” - attempts by other people to give us information that looks like your actual Biometric Data - to gain unauthorized access to your accounts.  For example, if we detect that someone is trying to use a photo or video of you to try to pretend they are you, our Services will reject the fraudulent request.  

6. How does ZOLOZ use and process my Personal Data?

ZOLOZ does not collect more Personal Data from you than is necessary for us to provide the Services and take the actions described below (and explained in more detail in our Terms of Use and Privacy Notice).  By agreeing to our Terms of Use you are consenting to our using, transferring, disclosing and otherwise processing your Personal Data (including your mobile device location, your Biometric Data and your Behavioral Data) for the following purposes:

  • providing you with a personalized user experience when you use the Services, including managing our relationship and communicating with you and monitoring your use of our systems;
  • providing our Services and other related services to you, our affiliates and customers, and other third parties whose services you choose to use with our Services;
  • protecting your ZOLOZ account;
  • responding to your questions, feedback, claims or disputes;
  • improving the Services and other products and services offered by ZOLOZ and our affiliates;
  • research and development and data analytics;
  • protecting our reputation;
  • assessing, detecting, investigating, preventing, or remediating fraud or other prohibited or illegal activities, or violations of industry standards, or where necessary to protect the vital interests of any person;
  • contacting you by telephone, text (SMS), e-mail, post or fax about the Services, and other products and services that may be of interest to you that are offered by us, our affiliates, and our customers;
  • ensuring our Services, systems and information are secure; and
  • processing your Personal Data where we have a specific legitimate interest under law to do so, and complying with our legal and regulatory

ZOLOZ and our affiliates may combine and enhance your Personal Data with information we receive from third parties, and if the combined information can identify you it will still be protected as Personal Data.  We also may use or process your Personal Data in other ways for which we have provided specific notice to you, or for which you have specifically consented.

Except for certain information that is required by law, your decision to provide any Personal Data to us is voluntary. However, if you do not do so, we may not be able to (1) allow you to use the Services or access our customers’ mobile apps, websites, or platforms, or those of third parties whose digital services you choose to use with our Services; or (2) verify your identity as part of the Services.

7. In what circumstances may ZOLOZ share my Personal Data?

ZOLOZ does not sell your Personal Data, or permit any marketing companies to do so. We may share your Personal Data with our affiliates, customers, other third parties whose services you choose to use with our Services, providers, advisors, and others, but only for the purposes described in Section 6 of this FAQ (and explained in more detail in our Terms of Use and Privacy Notice). Before we do so, we take steps to ensure that your Personal Data will be given adequate protection as required by relevant data protection laws and ZOLOZ’s internal policies.  For example, during transfer we use data encryption technology to protect the security of your Personal Data – and enhanced data encryption and digital signatures to protect your Biometric Data - and we require that those with whom we share Personal Data or remotely access Personal Data do so as well.  We also require that they use technical, administrative and physical safeguards to protect your Personal Data stored in their databases from loss, misuse and unauthorized access, disclosure, and alteration. 

By agreeing to our Terms of Use, you are consenting to our sharing your Personal Data with the following parties, which may be located inside or outside the country in which you live: 

  • our affiliates, but only so that they can help us provide and improve our products and services, including the Services;
  • each customer or other third party whose services you choose to use with our Services, but only so that they can help us improve our Services, and provide products and services that you request after you have been authenticated by our Services;
  • our providers and advisors, but only so that they can help us provide, develop and improve the Services, and help us provide you with information about other products and services that may be of interest to you that are offered by us, our affiliates, or our customers;
  • government agencies and industry associations, when necessary to verify your identity through official sources, but only after you have consented to having your identity verified by the Services;
  • companies to whom or through which payments are made by you after you have been authenticated by our Services, such as card associations, payment networks, financial institutions, or the companies to which you have authorized payments, but only for purposes relating to those payments;
  • companies involved in any merger, acquisition, financing transaction or joint venture with us, but only subject to our Privacy Notice; and
  • professional advisers, law enforcement agencies, insurers, government and regulatory authorities or any other organizations to which ZOLOZ is under an obligation to make disclosure under applicable law or regulation

We also may share your Personal Data in other ways for which we have provided specific notice to you, or for which you have specifically consented. ZOLOZ does not share any Personal Data of U.S. citizens outside the U.S.

8. What happens when ZOLOZ receives a legal request for information about me?

We may get requests to disclose your Personal Data through a subpoena, court order, search warrant, or under other legal, governmental authority, or industry association requirements in any country applicable to us, our affiliates, our customers, or third parties whose digital services you choose to use with our Services, including anti-money laundering and counter-terrorist financing reporting requirements.  We will comply with such requests to the extent consistent with international standards and when we have a good faith belief that we are required to do so.  We may also need to disclose your Personal Data in any matter involving national security, or to: prevent any harm or financial loss; report any suspected illegal activity; deal with any claim or potential claim brought against us, our affiliates, or our customers; protect our rights or property, or those of our affiliates, our customers, or our users; enforce any terms and conditions associated with our Services, including the Terms of Use and Privacy Notice; or otherwise comply with law, legal process, investigations, or litigation.

9. What are my rights?

You are entitled to know whether we hold Personal Data about you and, if we do, to have access to that Personal Data, require it to be corrected or deleted, to object to or restrict the processing of your Personal Data, and to request a copy of your Personal Data, subject to applicable personal data privacy laws.  If, despite our commitment and efforts to protect your Personal Data, you believe that your data privacy rights have been violated, you have the right at all times to lodge a complaint with the appropriate government authority.  Contact us at info@zoloz.com or as described below to exercise any of your rights.

10. How can I withdraw my consent and how long does ZOLOZ keep my Personal Data?

If you wish to withdraw your consent for us to use your Personal Data for any reason, you may do so by terminating your ZOLOZ account on the app, or by contacting us at info@zoloz.com or as described below. We will retain your Personal Data only for as long as is necessary, which shall include at a minimum retaining your Personal Data (1) while your ZOLOZ Account is active or for as long as needed to provide Services to you, (2) as long as we have an ongoing relationship with you, and (3) as needed for us to comply with our legal, regulatory and contractual obligations.

You must notify ZOLOZ that you wish to terminate your ZOLOZ Account – notifying third parties offering ZOLOZ Services will not result in ZOLOZ deleting your Personal Data from our systems. Disabling the collection of Biometric Data offered in a third party app will also not result in deactivation or termination of your ZOLOZ Account or deletion of your Personal Data.  In addition, you must notify others that have your Personal Data directly of your wishes; any withdrawal of consent you send to us will only result in ZOLOZ terminating your ZOLOZ Account and deleting your Personal Data as described above.

11. How do I contact ZOLOZ?

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to (1) CEO/General Counsel, ZOLOZ US HQ, 1740 Main Street, Ste. 100, Kansas City, Missouri, 64108 USA, (2) ZOLOZ China HQ, 1 Danling Street, International Finance Center, Floor 23, Zhongguancun, Haidian District, Beijing, China 100080, or (3) info@zoloz.com.