TrueCredential Privacy Policy

Introduction

TrueCredential (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring transparency about how we collect, use, disclose, and safeguard your information. This Privacy Policy describes how TrueCredential, powered by WhoIAM, manages your personal data through our credentialing and identity verification services, including integrations with Microsoft Verified ID and LexisNexis IDVerse.

By using TrueCredential services, you agree to the terms of this Privacy Policy.

Information We Collect

We do not retain any end user data. WhoIAM may collect data provided and process said data without retention regarding the following types of information, depending on how you interact with our service:

a. Information You Provide

• Full name, contact information (email, phone number), and authentication credentials.
• Documents or images submitted for identity verification.
• Information required for credential attestation(s), issuance or registration, as defined by our clients (e.g., employers, service providers).

b. Information Collected Automatically

• Log data (IP address, browser type, access times, pages viewed).
• Device and technical data (device ID, operating system).
• Usage information related to your interactions with our platform.

c. Information Received from Third Parties

• Verification results and relevant data from Microsoft Verified ID and LexisNexis IDVerse, when you engage in their flows within TrueCredential.

How We Use Your Information

We use your information for the following purposes:

• To verify your identity and issue digital credentials.
• To operate the TrueCredential platform and related services.
• To communicate with you about your account or support requests.
• To detect and prevent fraud, security incidents, and misuse of our service.
• To comply with operational legal obligations.

How We Share Your Information

We only share your personal information as necessary to deliver the service, and as outlined below:

• With Service Partners: To complete identity verification and credential issuance, we securely transmit attributes transcribed from your government issued identity document by LexisNexis’s IDVerse platform to Microsoft’s Entra Verified ID service so that it can be stored in your Microsoft Authenticator app. While these attributes transit through our systems, we do not store or retain any personally identifiable information about you in our systems.
• With services you interact with that accept TrueCredential as digital proof of identity: If you are using TrueCredential as part of a relationship with a service provider (e.g., employer, insurance company, bank), you are explicitly asked for consent to transmit information about you to that service provider using the TrueCredential platform. TrueCredential facilitates the transfer of your data to the service provider that you approved but does not store or retain any personally identifiable information about you in our systems.
• For Legal Compliance: We may disclose information to comply with applicable laws, regulations, court orders, or enforceable governmental requests, or to defend against legal claims.

We do not sell or rent your personal information to marketers or third parties.

Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. All sensitive data, including identity credentials, are encrypted both in transit and at rest.

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy, or as required by law. TrueCredential does not store personal information beyond the transmission of data necessary to fulfill credential processing, issuance and regulatory requirements.

International Data Transfers

If you access or use TrueCredential from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers are located. We ensure appropriate safeguards for all cross-border data transfers as required by law.

TrueCredential is hosted in the Azure EU region and complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Children’s Privacy

TrueCredential does not knowingly collect or process personal information from children under the age of 18. If you believe we have collected information from a child, please contact us immediately. All data attempted to be processed from children under 18 will be rejected and purged.

Partner Responsibilities Section

When you engage with Microsoft Verified ID or LexisNexis IDVerse services through TrueCredential, your information is processed according to their respective privacy policies, which we encourage you to review.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting an updated version on our website and updating the effective date above.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us. WhoIAM is also committed to digital accessibility. If you require this policy in an alternative format, please contact us at:

Email: info@whoiam.ai
Mail: Attention - WhoIAM @ 2018 156^th ave NE Bellevue, WA 98007