Privacy Policy

Effective Date: 29/11/2024 
 

Who We Are 

Welcome to ID Exact (IDX). We provide a verification application which leverages RFID chip reading as well as liveness and likeness detection to help a user verify their identity to a requesting business without compromising privacy and security. Our website address is: https://idexact.com/ .

We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 – ensuring that personal information processed through our application is handled securely and transparently. 

How we Process Your Information
The IDX app is powered by our own API suite; One Click Services. The application communicates to the API via secured and encrypted channels and follows the same privacy standards as IDX.

One Click Services privacy policy found at https://oneclickservices.com.au/privacy-policy/ .

Personal Information We Process

Using the application, we may collect and process the following types of personal information: 

  • Data provided by IDX for processing: name, dob, issuing country, the document signing certificate as stored on the chip, document expiry, passport image.
  • User agent
  • Logs and analytics data to monitor API usage and ensure operational efficiency. 
  • Usability information: how long the different steps take if a user managed to go through all steps and usage frequency.

 
We do not collect or store any sensitive document details such as your passport number, and the personal information we process is redacted after the identity journey is complete or expired.

 
IDX uses servers and systems hosted within Australia under its own control. Azure is leveraged to complete liveness and likeness testing who does not store any of the data that is processed.  

How We Collect Personal Information 

We receive your personal data through an identity verification we conduct for a customer service that you use. The customer has contractually authorised us to process your data on behalf of them in the context of a certain service.
 

Purpose of Collecting Personal Information 

We process your personal data as a processor for the benefit of the customer to safely and securely provide identity verification through E-Passports. The lawful basis for the processing of the data thus stems from the customer and the service it is providing to you. So, please consult the privacy policy or statement of the customer as well for this purpose. 

Disclosure of Personal Information 

Your data is your data and we, nor any third party required for the service, will ever use it in a way not directly stated. Data is only disclosed to those necessary to provide the service. 

  • to the customer leveraging the IDX to verify your identity 
  • to Microsoft’s Azure who assist in operating our liveness and likeness service 
  • when required by law or regulatory bodies to comply with legal obligations.  

Data Retention 

  • Data processed through IDX or the related API is retained only as long as necessary to fulfill its purpose or comply with legal obligations. 
  • Document details extracted from e-passports; including name, date of birth, expiry, and biometric data, is removed when the invitation token expires (generally around 7 days).  
  • API request logs, including metadata, are stored securely for operational and auditing purposes for up to 7 years. 

Your Rights 

As a SaaS provider, we typically act as a processor for data provided by our clients. However, individuals whose data is processed through our IDX have the following rights: 

  1. Access: Request information about data processed through IDX. 
  2. Correction: Request corrections to inaccurate or incomplete data. 
  3. Deletion: Request deletion of data, subject to legal and operational requirements. 

Requests can be directed to the client company that owns the data, or to us directly for technical support. We will assist within the bounds of our role as a processor. 

How We Protect Your Data 

We employ robust security measures, following the Information Security Manual (ISM) to protect data processed through our APIs: 

  • Encryption of data in transit and at rest using industry-standard protocols. 
  • Secure access controls to restrict unauthorized access. 
  • Regular security audits and vulnerability testing. 

Cookies and Tracking 

While our primary focus is the IDX application service, our website may use cookies for: 

  • Authentication and session management. 
  • Tracking website traffic and performance analytics. 

You can manage cookies through your browser settings. Note that disabling cookies may impact website functionality. 

Client Responsibilities 

Clients leveraging IDX is responsible for: 

  • Ensuring that personal information provided to our IDX complies with all relevant privacy laws and regulations. 
  • Providing notices and obtaining appropriate consents from individuals whose data is processed via IDX.

Complaints and Contact Information 

If you believe we have breached the APPs or mishandled personal information processed through our IDX app, please contact us: 

We will investigate and respond to your complaint within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC). 

Changes to This Policy 

We may update this policy periodically to reflect changes in laws, services, or practices. Updates will be published on this page with a revised “Last Updated” date. 

Accessibility of This Policy 

This policy is available free of charge. If you require it in an alternative format, please contact us. 

IDX is a platform powered by One Click Services, a division of Mobile Business Devices Pty Ltd (ABN 17 602 368 945).

For Users

Privacy Policy

Terms & Conditions

For Businesses

Pricing

Register

API

Assets