Effective Date: February 04, 2025
Zyphe Inc. (“Zyphe,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect personal data in our decentralized KYC (Know Your Customer) identity verification services. We comply with applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to ensure your personal information is handled lawfully and transparently.
This Privacy Policy applies to all users of Zyphe’s services, including our business clients (B2B customers) and the individuals who undergo identity verification through our platform. It covers the personal data submitted when using Zyphe’s decentralized KYC solution and any related services. By using our services or providing your information for verification, you acknowledge that you have read and understood this Policy. This Policy does not apply to any third-party websites or services that integrate with Zyphe; those parties are responsible for their own privacy practices.
We only collect personal data necessary to perform identity verification and compliance checks. The types of personal data we may collect include:
We obtain this information directly from you when you (or your organization) use our platform to verify your identity. We do not collect personal data that is not relevant to the KYC process, and we do not collect any sensitive personal data beyond what is needed for identification purposes. We also do not knowingly collect any personal data from children, as our services are intended for adult use in business contexts.
Zyphe’s platform processes your personal data solely for the purpose of identity verification and compliance with KYC requirements. Uniquely, Zyphe does not retain your personal data on centralized servers. Instead, all personal data is stored in a decentralized manner, meaning your information is encrypted, split into fragments, and distributed across a secure network that the final user controls.
In other words, you (the end user) retain ownership of and access to your identity data at all times. Zyphe’s systems facilitate verification by accessing the necessary data fragments
with your authorization
during the KYC process, but we do not maintain a complete personal dataset in any single location on our side.
Because of this decentralized, user-centric storage design, Zyphe only processes your data as a transient intermediary to perform the verification and then does not store your complete personal information afterwards. Any personal data processed through our service remains under your ownership and control. We do not create copies of your identity documents or biometrics for our own records. In practice, this means that once your verification is complete, your data stays with you (or on the decentralized network nodes you authorize) rather than in Zyphe’s possession. We will retain minimal information only as necessary to log that a verification was completed (for audit and compliance evidence), but these logs do not contain the sensitive personal data itself, or they are stored in a privacy-preserving manner (e.g. cryptographic proofs of verification).
All processing of personal data through Zyphe is done in accordance with applicable law and with your consent (or another valid legal basis, such as fulfilling a contract with our business client on your behalf). We do not use your personal information for any purpose unrelated to KYC/identity verification. We never use your data for marketing or profiling, and we do not make any automated decisions about you that could significantly affect you, outside of the verification result.
Zyphe does not share, sell, or disclose your personal data to unrelated third parties. We value your privacy and have built our business model around not exploiting personal data. In particular:
Aside from providing verification results back to the organization you are signing up with, we treat your personal data as strictly confidential. Zyphe acts as a secure conduit between you and the requesting business. We do not allow any third-party access to your information, and we do not even have full access to your data ourselves outside of the verification transaction. In summary, your personal data is never shared with third parties for their own use, and it remains private within the verification ecosystem.
We take data security extremely seriously. Zyphe follows the highest industry standards for data protection and security to safeguard personal information during processing. Our security measures include:
These measures are designed to protect the integrity, confidentiality, and availability of your data. We strive to not only meet but exceed the security standards required by law. By using multi-layered defenses and cutting-edge privacy technology, Zyphe aims to ensure that your personal information remains secure at every step of the verification process.
Because of Zyphe’s user-centric approach, you have full control over your personal data. Our platform is built to empower you to manage your information independently. This means you can determine what data to share, who can access it, and you can update or revoke that access as needed. In practical terms, you are able to:
In addition to the above capabilities, you are entitled to all rights provided under applicable data protection laws. This includes, for individuals in the European Economic Area (EEA) under the GDPR, rights such as the right to be informed, the right to object to or restrict processing, and the right to lodge a complaint with a Data Protection Authority. For California residents, the CCPA provides you the right to know what categories of personal information we collect about you, to request that we delete any personal information we have collected (subject to certain exceptions), and to not be subject to discriminatory treatment for exercising your privacy rights. Note that Zyphe does not sell personal information, so the CCPA right to opt-out of sale is not applicable – we automatically respect that by our business model.
If you need assistance with accessing, correcting, or deleting your data, or if you wish to exercise any privacy rights that our platform does not enable you to do directly, please contact us (see Contact Information below). We will respond to your request in accordance with applicable law (generally within 30 days for GDPR requests, and 45 days for CCPA requests, with the possibility of extension if necessary). We may need to verify your identity before fulfilling certain requests to ensure security.
Zyphe is based in Delaware, USA, but we operate globally to serve clients and users around the world. Regardless of where you are located, we are committed to protecting your data in line with this Privacy Policy and applicable regulations. One of the advantages of our decentralized approach is that we do not generally need to transfer your personal data across international borders. In traditional systems, if a company operates globally, personal data might be transferred to servers in different countries (which can raise compliance challenges under GDPR for EU data, for example). Zyphe’s platform avoids this by keeping data regionalized: personal data remains stored within your region or locale.For example, if you are an EU-based user, the fragments of your identity data will reside on secure nodes within the EU (or EEA) to satisfy data residency requirements.If you are in another jurisdiction, we ensure your data stays within appropriate geographic boundaries as required.
Because of this design, using Zyphe does not typically involve the “international transfer” of your personal data in the way that other services might. We do not move your information from one country to another, and thus your data enjoys the protection of local privacy laws without needing complex cross-border transfer mechanisms. In rare cases where an international data transfer might be necessary (for instance, if you explicitly choose to share your data with a service provider in another country), we will ensure that proper safeguards are in place. Such safeguards could include the use of Standard Contractual Clauses or other approved transfer mechanisms under GDPR, or compliance with any applicable requirements under other regional laws.
Zyphe also ensures that all our operations, whether in the United States, Europe, or elsewhere, follow a consistent level of data protection. We train our staff on global privacy requirements and implement internal policies to maintain compliance. So, no matter where you use our service from, you can be confident that your privacy is respected and protected.
Our website (and related online services) uses cookies and similar tracking technologies to provide and improve the user experience. Cookies are small text files placed on your device when you visit our site. They help us remember your preferences, understand how you use our site, and customize your experience. For example, cookies may keep you logged in during your session or recall your chosen language settings. We may also use cookies (or similar tools like pixel tags) to collect analytics information about site traffic and interactions, which helps us improve our website’s performance and content.
Here are the categories of cookies we may use:
By using our website, you consent to the use of cookies as described in this Policy (unless you utilize opt-out features). When you first visit, you will see a cookie notice or banner that lets you know we use cookies; where required by law, we will obtain your consent before using non-essential cookies. You have the option to manage or disable cookies at any time through your web browser settings. Please note that if you disable certain cookies, some functionalities of our services may be limited. Our site may also honor any applicable “Do Not Track” settings on your browser, though currently, there is no universal standard for DNT signals. We do not use cookies to serve targeted advertising, and any tracking is solely for our internal usage and to provide the service effectively.
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, please contact us at privacy@zyphe.com. You can also reach out to this email address to exercise your data protection rights or to request further information about our privacy practices. We are here to help and will respond as promptly as possible.
Zyphe Inc. is a Delaware-based company, and you can also contact us by mail at our corporate headquarters:
Zyphe Inc.
Attention: Privacy Team
(Delaware, United States – 2140 S Dupont Hwy, Camden, DE 19934, USA)
We will endeavor to resolve any issues or questions you have about your personal data to your satisfaction. If you are an EU/EEA resident and you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your country’s supervisory authority (data protection regulator). If you are a California resident and have a complaint, you may contact the California Attorney General or the California Privacy Protection Agency. We encourage you to contact us first so we can try to address your concerns directly.
We may update this Privacy Policy from time to time to reflect changes in our technology, operational practices, or legal obligations. If we make material changes, we will notify users through our website or via email (if you have provided one for contact) prior to the change becoming effective, in accordance with applicable laws. The “Effective Date” at the top of this Policy indicates when the latest revisions were made. We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of Zyphe’s services after any changes to this Policy constitutes acceptance of the updated terms.