Privacy Policy

1. Introduction

Sniip Pty Ltd ("Sniip Identity", "we", "us", or "our") operates the Sniip Identity platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you create a tenant account, we collect your name, email address, company name, and a hashed password. We never store passwords in plain text.

2.2 Biometric Data

When end users complete identity verification through our API, we may process:

• Facial images captured during liveness detection
• Identity document images (e.g., driver's licence, passport photos)
• Face comparison results and confidence scores
• Liveness detection results

All biometric data is encrypted at rest using AES-256-GCM encryption and stored in SOC 2 compliant cloud infrastructure.

2.3 Usage Data

We collect API usage data including endpoints called, response status codes, and request timestamps. This data is used for billing, analytics, and service improvement.

2.4 Technical Data

We automatically collect IP addresses, browser type, and device information when you access our web interfaces. This data is used for security monitoring and service optimisation.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the identity verification Service
• Process identity verification requests on behalf of our tenants
• Manage your account and subscription
• Generate invoices and process billing
• Send service-related notifications
• Monitor and improve the security and performance of our Service
• Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data with:

• Cloud infrastructure providers (Google Cloud Platform, Amazon Web Services) for hosting and processing
• Our tenants who initiate verification requests — they receive verification results for their end users
• Law enforcement when required by law or valid legal process

5. Data Retention

Biometric data retention periods vary by plan tier:

• Free plan: 7 days
• Starter plan: 30 days
• Pro plan: 90 days
• Enterprise plan: Custom retention as agreed in your service agreement

Account data is retained for the duration of your account plus 30 days after deletion. Billing records are retained for 7 years to comply with tax and accounting requirements.

6. Data Security

We implement industry-standard security measures including:

• AES-256-GCM encryption for all biometric data at rest
• TLS 1.3 for all data in transit
• API key authentication with SHA-256 hashed key storage
• SOC 2 Type II compliant infrastructure
• Regular security audits and penetration testing

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing of your data
• Request data portability

To exercise these rights, contact us at privacy@sniip.com.

8. International Transfers

Our Service uses cloud infrastructure located in Australia and the United States. If you are accessing the Service from outside these regions, your data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers.

9. Children

Our Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact

For privacy-related questions or requests, contact our Privacy Officer at privacy@sniip.com.