Privacy Policy

Scope

This Privacy Policy applies to all users of Zyphe's services, including our business clients (B2B customers) and the individuals who undergo identity verification through our platform. It covers the personal data submitted when using Zyphe's decentralized KYC solution and any related services. By using our services or providing your information for verification, you acknowledge that you have read and understood this Policy. This Policy does not apply to any third-party websites or services that integrate with Zyphe; those parties are responsible for their own privacy practices.

Personal Data We Collect

We only collect personal data necessary to perform identity verification and compliance checks. The types of personal data we may collect include:

• Contact Information: Your email address and possibly other basic contact details.
• Identity Documents: Government-issued identification documents such as passports, driver's licenses, national ID cards, or other forms of ID you provide. These documents typically include personal details (e.g. full name, date of birth, photograph, document number).
• Biometric Data: Biometric identifiers used for verification, such as a facial image or selfie (for face match with your ID) or other biometric information. This is used to confirm that you are the legitimate holder of the provided identity document.

We obtain this information directly from you when you (or your organization) use our platform to verify your identity. We do not collect personal data that is not relevant to the KYC process, and we do not collect any sensitive personal data beyond what is needed for identification purposes. We also do not knowingly collect any personal data from children, as our services are intended for adult use in business contexts.

Data Processing and Storage

Zyphe's platform processes your personal data solely for the purpose of identity verification and compliance with KYC requirements. Uniquely, Zyphe does not retain your personal data on centralized servers. Instead, all personal data is stored in a decentralized manner, meaning your information is encrypted, split into fragments, and distributed across a secure network that the final user controls.

In other words, you (the end user) retain ownership of and access to your identity data at all times. Zyphe's systems facilitate verification by accessing the necessary data fragments with your authorization during the KYC process, but we do not maintain a complete personal dataset in any single location on our side.

Because of this decentralized, user-centric storage design, Zyphe only processes your data as a transient intermediary to perform the verification and then does not store your complete personal information afterwards. Any personal data processed through our service remains under your ownership and control. We do not create copies of your identity documents or biometrics for our own records. In practice, this means that once your verification is complete, your data stays with you (or on the decentralized network nodes you authorize) rather than in Zyphe's possession. We will retain minimal information only as necessary to log that a verification was completed (for audit and compliance evidence), but these logs do not contain the sensitive personal data itself, or they are stored in a privacy-preserving manner (e.g. cryptographic proofs of verification).

All processing of personal data through Zyphe is done in accordance with applicable law and with your consent (or another valid legal basis, such as fulfilling a contract with our business client on your behalf). We do not use your personal information for any purpose unrelated to KYC/identity verification. We never use your data for marketing or profiling, and we do not make any automated decisions about you that could significantly affect you, outside of the verification result.

Third-Party Sharing

Zyphe does not share, sell, or disclose your personal data to unrelated third parties. We value your privacy and have built our business model around not exploiting personal data. In particular:

• No Sale of Data: We do not and will not sell your personal information to data brokers or marketers. This includes not selling information as defined under the CCPA.
• No Unnecessary Disclosure: We do not provide your personal data to third parties for their own independent use.
• Service Provision: The only parties that may receive some of your personal data are the business or service provider that requested your KYC verification. In such cases, your data is provided to them at your direction to fulfill the KYC requirement, and the data exchange is under your control via the decentralized platform.
• Legal Compliance: We would only disclose personal data to outside parties if required by law or a valid legal process (for instance, a court order or regulatory requirement). If we ever are compelled to disclose data in this way, we will, when possible, inform you and only share the minimum necessary information.

Data Security Measures

We take data security extremely seriously. Zyphe follows the highest industry standards for data protection and security to safeguard personal information during processing. Our security measures include:

• Encryption: All personal data handled by Zyphe is protected using strong cryptographic encryption (such as AES-256). Identity data is encrypted both in transit and at rest.
• Decentralized Architecture: By decentralizing data storage, we eliminate any single point of failure or attractive target for attackers. No single database contains all of your personal information.
• Access Controls: We implement granular access controls and strict authentication measures for all system interactions. Our employees and contractors do not have direct access to your sensitive personal data.
• Industry Standards Compliance: Zyphe's security program adheres to internationally recognized standards such as ISO 27001 and maintains GDPR-compliant data handling practices.
• Additional Safeguards: We employ firewalls, intrusion detection systems, continuous network monitoring, secure coding practices, and regular penetration testing.

User Rights and Data Management

Because of Zyphe's user-centric approach, you have full control over your personal data. You are able to:

• Access and Review: You can view the personal data you have provided for verification at any time through our interface or your decentralized identity wallet.
• Correction: If any of your personal data changes or is inaccurate, you can update it.
• Deletion (Right to be Forgotten): You may remove your personal data from the Zyphe platform whenever you wish. Once removed, Zyphe no longer has any access to your information.
• Data Portability: You can export or retrieve a copy of your verified credentials or personal data in a portable format.
• Consent Management: Where we rely on your consent to process data, you have the right to withdraw that consent at any time.

In addition to the above capabilities, you are entitled to all rights provided under applicable data protection laws. For individuals in the European Economic Area (EEA) under the GDPR, this includes rights such as the right to be informed, the right to object to or restrict processing, and the right to lodge a complaint with a Data Protection Authority. For California residents, the CCPA provides you the right to know what categories of personal information we collect, to request deletion, and to not be subject to discriminatory treatment for exercising your privacy rights.

If you need assistance with accessing, correcting, or deleting your data, or if you wish to exercise any privacy rights, please contact us (see Contact Information below). We will respond to your request in accordance with applicable law (generally within 30 days for GDPR requests, and 45 days for CCPA requests).

International Operations and Data Transfers

Zyphe is based in Delaware, USA, but we operate globally. One of the advantages of our decentralized approach is that we do not generally need to transfer your personal data across international borders. Zyphe's platform keeps data regionalized: personal data remains stored within your region or locale. For example, if you are an EU-based user, the fragments of your identity data will reside on secure nodes within the EU (or EEA) to satisfy data residency requirements.

In rare cases where an international data transfer might be necessary, we will ensure that proper safeguards are in place, such as the use of Standard Contractual Clauses or other approved transfer mechanisms under GDPR.

Cookies and Tracking

Our website uses cookies and similar tracking technologies to provide and improve the user experience. We use the following categories of cookies:

• Essential Cookies: Necessary for the website to function correctly, enabling core features such as security, network management, and accessibility.
• Analytics and Performance Cookies: Used to gather data on how visitors navigate our site, which pages are viewed most often, and whether users encounter errors.
• Preference Cookies: Remember your choices (like region or language) to personalize your experience.

You have the option to manage or disable cookies at any time through your web browser settings. We do not use cookies to serve targeted advertising. For more details, please see our Cookies Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our technology, operational practices, or legal obligations. If we make material changes, we will notify users through our website or via email prior to the change becoming effective. The "Effective Date" at the top of this Policy indicates when the latest revisions were made.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, please contact us at privacy@zyphe.com.

Zyphe Inc.
Attention: Privacy Team
2140 S Dupont Hwy, Camden, DE 19934, USA