Privacy Policy

Version 2.1

Last Updated: 23 April 2026

General

This privacy policy ("Privacy Policy") applies when KNOWING ME ID LIMITED, United Kingdom Company No. 14416416, headquartered at Unit 1, Trough Head, Carlisle, United Kingdom ("KnowingMe") provides a mobile application "KnowingMe ID" ("Service").

What Personal Information is processed and stored?

KnowingMe ID allows you to scan a Passport or a National ID card using NFC. Additionally a face verification and liveness check is carried out using a selfie picture and the photo from the document to make sure you are the legitimate owner of the identity document. Within 24 hours after being onboarded, all of your personal information is deleted on any server. Your identity credentials are then stored on your mobile device, controlled only by you.

To verify the validity of the chip in the document, the Service will temporarily have access to all of the information in the chip. After validation is done on the phone, the information is sent to KnowingMe's technical partner iProov where it is validated again and proofs of correctness are created and stored. iProov is issuing certificates containing all the read information that are sent back to the KnowingMe application and being stored in the secure enclave (or equivalent) of the phone.

The following information might be processed (subject to the data available in your document):

Data that is read from the chip in the biometric identity document:

  1. Document Type
  2. Issuing State
  3. Complete Name
  4. Document Number
  5. Nationality
  6. Date of Birth
  7. Gender
  8. Date of Expiry
  9. Image file with photo of holder

Data read from the chip in the biometric document when available:

  1. Personal identification number, Tax Identification Number or similar
  2. Image file of signature
  3. Place of Birth
  4. Address
  5. Phone number
  6. Profession
  7. Title
  8. Date of Issue

Data collected by the app to verify liveness and to guard against fraud:

  1. Photos of the user
  2. Video data
  3. Geolocation data

Additional data if provided by the user:

  1. Mobile phone number
  2. E-mail address
  3. Address data
  4. Social media profiles

What Non-Personal Information is collected and why?

For the continuous improvement of the Service, we need to collect usage information. This usage information does not contain personal information. Furthermore, neither KnowingMe nor iProov can directly or indirectly relate the usage information to a specific person. Usage information will only be used for improving the quality of the app and not for other purposes. The Service will only retain this information for as long as is necessary to fulfil the specified purpose.

KnowingMe ID collects the following Usage Information:

  1. Phone details, including phone type, iOS version, and memory size. We do not collect information that is unique for a certain phone.
  2. What type of identity document was scanned and read: was the scan successful, was the chip read successfully, what country issued the identity document, the document signing certificate as stored on the chip, and the date of expiry. We collect the date of expiry since this allows us to determine the version of the scanned identity document.
  3. Usability information: how long the different steps take if a user managed to go through all steps and usage frequency.

Legal Bases for Processing

KnowingMe processes your personal data under the following lawful bases, as set out in the UK GDPR and EU GDPR:

  1. Performance of a contract — where processing is necessary to provide you with the KnowingMe ID Service you have requested.
  2. Consent — where you have given us, or a Relying Party, explicit consent to process specific categories of data, including biometric data. You may withdraw consent at any time.
  3. Legitimate interests — where processing is necessary for our legitimate interests in improving the Service and preventing fraud, provided those interests are not overridden by your rights.
  4. Legal obligation — where processing is required to comply with applicable law.

Because biometric data is a special category of personal data under UK GDPR Article 9, we rely on your explicit consent for all biometric processing.

Personal Data Controller and Data Protection Officer

  1. KnowingMe is the data controller in relation to the processing of your personal data and is responsible for ensuring that the processing takes place in accordance with applicable legislation.
  2. Technology partner iProov is acting as a Data processor towards KnowingMe as they carry the service of validating and reissuing user credentials.
  3. Any Relying Party using the Service for age, gender or full identity verification is a Data controller of your personal data, and KnowingMe and iProov are acting as Data processors towards them when supplying the Service.
  4. KnowingMe has appointed a Data Protection Officer, who is responsible for monitoring that KnowingMe processes personal data in accordance with applicable legislation. The Data Protection Officer is contactable at dpo@knowingmeid.com.

Automated Decision-Making

The KnowingMe ID Service uses automated processing to perform biometric face verification and liveness detection, matching your selfie against the photograph read from your identity document. This automated matching determines whether you are the legitimate holder of the document.

If you do not wish to undergo automated biometric verification, please do not proceed with onboarding. Where automated matching fails, you may contact us at info@knowingmeid.com for human review.

Third-Party Sub-processors

To deliver the Service, KnowingMe engages the following sub-processor:

  1. iProov Limited (United Kingdom) — provides biometric verification and document chip validation, and issues the signed credentials stored on your device. iProov operates under its own published privacy policy and biometric data retention schedule.

We do not share your personal data with any other third party except as described in the “Sharing of Personal Data” section below, or where required by law.

How we process your Personal Data

KnowingMe will process your personal data in order to carry out the service of identity verification and authentication towards contracted Relying Parties. Any data being shared is done so with your explicit consent clearly showing the name and logo of the relying party as well as their reason for collecting this data.

You can withdraw a provided consent done during onboarding towards KnowingMe at any time by providing written notification to info@knowingmeid.com or simply deleting the app. To withdraw consents done in the KnowingMe app towards Relying Parties you need to contact them directly.

How is the Personal Data secured?

All personal data is encrypted in transit using industry-standard TLS and encrypted at rest using strong cryptographic keys and asymmetric encryption.

During the time period that personal data is stored in our logs (maximum of 24 hours) it is encrypted with strong cryptographic keys using asymmetric encryption.

Your personal data is stored on your device in the secure enclave (or equivalent) of the phone, under your sole control.

Personal data is, when temporarily stored, held on servers within the United Kingdom or European Union, and handled in accordance with the UK GDPR and EU GDPR.

Access to our systems is restricted to authorised personnel bound by confidentiality obligations. We maintain procedures for detecting, investigating and, where required, notifying users and regulators of any personal data breach.

Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

  1. Server-side personal data — deleted within 24 hours of successful onboarding.
  2. Biometric verification data processed by iProov — retained in accordance with iProov’s published Biometric Data Retention Schedule.
  3. Signed credentials stored on your device — retained on your phone in the secure enclave until you delete the app or revoke them.
  4. Non-personal usage information — retained only for as long as necessary to improve the Service.
  5. Records required by law — retained for the minimum period required by applicable legal, tax, or accounting obligations.

Sharing of Personal Data

KnowingMe is sharing personal data only with third parties as part of their Service. KnowingMe will not share personal data with any other third party.

KnowingMe might share your non-personalised data with authorities for legal purposes.

International Data Transfers

Personal data is primarily processed on servers located in the United Kingdom and the European Union. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or the lawful bases set out in Article 49 of the UK GDPR and EU GDPR.

Your Rights

Under the UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

  1. Right of access — to request a copy of the personal data we hold about you.
  2. Right to rectification — to have inaccurate or incomplete personal data corrected.
  3. Right to erasure — to have your personal data deleted, subject to legal exceptions.
  4. Right to restrict processing — to limit how we process your personal data in specific circumstances.
  5. Right to data portability — to receive your personal data in a structured, machine-readable format.
  6. Right to object — to processing based on legitimate interests.
  7. Right to withdraw consent — at any time, where processing is based on consent.
  8. Right not to be subject to solely automated decisions — including profiling, where these produce legal or similarly significant effects.

To exercise any of these rights, contact us at dpo@knowingmeid.com. We will respond within one month, with the possibility of extension for complex requests. There is no fee unless requests are manifestly unfounded, repetitive, or excessive.

Deleting Your Data

You can delete the personal data held on your device at any time by deleting the KnowingMe ID application from your phone.

To request deletion of any personal data held by KnowingMe or our sub-processor, please email info@knowingmeid.com. We will confirm deletion within one month, subject to any legal retention requirements.

To withdraw any consents you have granted to Relying Parties through the app, please contact the Relying Party directly.

Children’s Data

The KnowingMe ID Service is intended for users aged 18 years and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe that a minor has used the Service, please contact us at info@knowingmeid.com and we will delete any associated data without undue delay.

Cookies

Please read our separate cookie policy for the cookies used on www.knowingmeid.com.

Changes in this Privacy Statement

This privacy statement may change from time to time. We will post any updates on this page and, where the changes are significant or reduce the rights of users, KnowingMe ID will provide a prominent notice within the app and, where appropriate, notify you by email. Please check this page periodically for changes.

Complaints

If you have a concern about how we handle your personal data, please contact us first at dpo@knowingmeid.com so we have the opportunity to resolve it.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or with your local supervisory authority if you are outside the UK.

Contact Us

If you have any questions or suggestions about our Privacy Policy, please contact us:

KNOWING ME ID LIMITED
Unit 1, Trough Head
Carlisle, United Kingdom
Company No. 14416416

General enquiries: info@knowingmeid.com
Data Protection Officer: dpo@knowingmeid.com

KnowingMe

© 2026 KnowingMe ID Limited. All rights reserved.