PRIVACY POLICY
(Date of Last Revision: April 22, 2025)
The website https://trinsic.id/ (the “Site”) and the available software and platform accessible through the Site (the “Application”) are owned and operated by Trinsic Technologies, Inc, a Delaware corporation (“Trinsic”, or “Company”) headquartered in Salt Lake City, Utah.
Trinsic provides the Site and Application to advance its mission to make the world more accessible to people everywhere by providing digital identity verification services (collectively, the “Services”). As such, privacy is a first-order priority for us. The Services are designed to minimize the amount of information we collect about you (“you” or “Customer”). In order to interact with you via the internet and improve the Services, we do collect some information. This Privacy Policy (“Policy”) describes how we collect, use, and share your personal information (“User Information”) in connection with the Services. For information about our use of cookies and similar technologies, please see our Cookie Policy.
Should you have any questions in relation to any of the foregoing, or should you wish to exercise your rights, please contact legal@trinsic.id.
REGISTERING WITH, ACCESSING, DOWNLOADING OR OTHERWISE USING OUR SERVICES (AS DEFINED BELOW) INDICATES THAT YOU HAVE READ AND ACKNOWLEDGE THE NOTICES AND PRACTICES SET FORTH IN THIS PRIVACY POLICY. IF YOU DO NOT WANT TO US TO COLLECT AND USE YOUR PERSONAL INFORMATION AS SET FORTH IN THIS PRIVACY POLICY, DO NOT ACCESS, DOWNLOAD OR OTHERWISE USE THE OFFERINGS.
2. WHEN USER INFORMATION IS COLLECTED.
Trinsic collects your information during your access or use of the Services, including (i) any websites or web application provided, published, developed or made available by the Company; (ii) any mobile or online applications provided, published, licensed, developed or made available by the Company; and (iii) any feature, content, software, hardware, services or other products available on or through the Services or otherwise provided by the Company. Your access and use of the Services is conditioned on your providing us with any requested User Information.
3. WHAT USER INFORMATION IS COLLECTED.
3.1 Personally Identifiable Information. Company may collect any personally-identifiable information that you provide in connection with any Services, including, without limitation: your name, email address, mailing address, phone number, photograph, birthdate, passport, driver’s license, government-issued identification numbers, and other similar information provided with respect to your business or its employees, officers, representatives or affiliates, and certain historical, contact, and demographic information about you.
3.2 Device and Network Information. Company may access, collect, monitor, and/or remotely store information about your device or connection when you access any Services, including hardware model, operating system and version, unique device identifier, mobile network or internet service provider network information, and information about the device’s interaction with the Services.
3.3 Payment Information. Company utilizes a third-party service provider, Stripe, to process payments through the Service, and this may include the collection of information in connection with you making, accepting, requesting or recording payments, credits or money transfers through any Services, including payment card numbers, bank accounts information, when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions. Your use of Stripe will be governed by Stripe’s Terms and Privacy Policy which are referenced in the payment interface.
3.4 Usage Information. Company may collect information and data about how you use the Services, including access time, Services accessed, browser type and language, Internet Protocol (“IP”) address, webpages and applications viewed and used, time spent on webpages and applications, links clicked, and conversion information (e.g., transactions entered into). For more details on how we use cookies and similar technologies, please refer to our Cookie Policy.
3.5 Aggregated Data. Company may collect aggregated data about you or your use of Services, or any other aggregated form of the other types of User Information set forth above. Aggregated data that we collect cannot be specifically associated with you individually.
3.6 Data from Customers. When we offer our Services to our customers, we receive data relating to our customers, their customers (when applicable), and the end users of our customers (or their customers) services. When we process data on behalf of our customers, we act solely in their direction, subject to applicable regulations and our contracts with them. For further information, please see Section 8 below.
4. HOW USER INFORMATION IS COLLECTED.
4.1 Given by You. You provide certain User Information when you register for your account with the Services, as you use the Services, or as you engage with Company through its Services.
4.2 From Third Parties. User Information may be provided to us by third parties that already have access to certain of your User Information, including third-party verification services, mailing list providers, and publicly available sources. User Information may also include your data and content contained within a third-party service links or integrates with the Services. This Privacy Policy does not apply to, and Company is not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. Company continually evaluates analytics services to use in addition to its own, and Company may update this policy in the future to reflect Company’s ongoing use of said services.
4.3 Do Not Track. Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the website does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.
4.4 Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies or other tracking technologies to help us analyze how users interact with the Site and Services, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website. The technologies used by Google Analytics do not gather information that personally identifies you. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt-out of tracking of analytics by Google, click here.
5. HOW USER INFORMATION IS USED.
5.1 Providing Services. User Information is stored and processed so that you can authenticate to the Services. User Information is also used to save your preferences, user profile and information in connection with creating, using and accessing your account with the Services, and to deliver, maintain, enhance, tailor and facilitate your use of the Services.
5.2 Improving Services. User Information is also used to develop new products and Services, provide optimization, statistical analysis, and improvements for existing Services, and to improve web design and functionality.
5.3 Communication Purposes. User Information is used to deliver technical notices, security alerts, support messages, administrative notices and alerts, and communications relevant to your use of the Service, as well as to inform you about software compatibility issues, send news or information, conduct surveys, and collect feedback in connection with your experience with the Services.
5.4 Promotional Purposes. Where you have provided us with consent, User Information is also used to communicate with you about products, services, contests, promotions, discounts, incentives, gift cards, loyalty programs, and rewards. You may unsubscribe from these communications at any time, by clicking the link contained in the relevant email, or by contacting us directly.
5.5 Facilitate Transactions. Pursuant to your use of the Services, we will store your User Information to process payment or generate invoices. User Information is also stored so that the Services can track historical transactions, payments, invoices, receipts, and past order information. User Information is also used to display current, ongoing, pending or requested transactions or orders.
5.6 Legal Compliance. User Information is stored so that we can comply with applicable laws and regulations, including, but not limited to, taxation, privacy, and anti-money laundering laws.
5.7 Aggregated Data Collection. User Information is collected and aggregated to monitor aggregate usage and web traffic routing of all users of the Services, as well as to generate aggregated statistics about user behavior of different populations.
5.8 Dispute Resolution; Contract Enforcement. User Information may be used to resolve disputes; collect fees; provide assistance with problems with Services; protect Company rights or property or the security or integrity of the Services; enforce the Terms of Service and other terms and conditions that govern use of the Services; and investigate, detect and prevent fraud, security breaches, and other potentially prohibited or illegal activities.
5.9 Use for New Purposes. We may use User Information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis and provide you with an opportunity to opt-out.
6. HOW USER INFORMATION IS SHARED.
6.1 Facilitate Third Party Services. We engage third parties to perform certain business-related functions and will share certain User Information to enable the third party to perform such functions. These third-party services may include anonymous site metrics, analytics services, payment processing, task management services, order fulfillment, mailing services, maintaining databases and other features or services included in or necessary for the Services. When we employ another party to perform a function of this nature, we:
6.2 For Legal and Safety Purposes. User Information may be shared for legal protection, and safety purposes, such as to comply with laws, respond to lawful requests and legal processes, protect the rights and property of Company against competitors or claimants, and enforce our agreements, policies, and terms of use.
6.3 Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, User Information may be part of the transferred assets.
6.4 Affiliated Entities. We may also share your User Information with our affiliated entities for purposes consistent with this Policy.
7. HOW USER INFORMATION IS PROTECTED.
7.1 Protective Measures. Company takes appropriate measures, including administrative, technical, and physical safeguards, to (i) protect User Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction, (ii) ensure the security, confidentiality, and integrity of the User Information, (iii) protect against any anticipated threats or hazards to the security or integrity of the User Information, (iv) protect against unauthorized access to, or unauthorized use or disclosure of, the User Information, and (v) take such security measures required by any applicable privacy laws.
7.2 Third Party Partners and Employees. Company may, by itself or using third-party service providers, hold, process and store User Information, including in the United States, Japan, the European Union and other countries. Company restricts access to User Information to those employees, contractors, and agents who need to know that information for purposes of performing their obligations to Company or to you, and who are subject to contractual confidentiality obligations, and who may be disciplined or terminated if they fail to meet these obligations. Company third-party service providers store and transmit User Information in compliance with appropriate confidentiality and security measures.
7.3 Security Breach. We maintain sufficient technical safeguards to protect the security, integrity and privacy of your User Information. However, no method of internet transmission or electronic storage is 100% secure or error-free, so it is never possible to guarantee absolute security. If required by law, and in the event of a high risk to your personal data, Company shall give prompt notice to you of any unauthorized access to User Information and shall immediately commence a thorough investigation into any such incident.
7.4 Company Not Liable for Breach. Company will not be liable for any damages, claims, liability, or causes of action that arise as a result of any unauthorized access, disclosure, or use of User Information resulting from circumstances beyond our reasonable control, including but not limited to force majeure events, or user negligence.
8. TRINSIC AS A DATA PROCESSOR
8.1 We Process at the Instruction of a Controller. As part of the delivery of our services, Trinsic may act as a data processor on behalf of our customers who are data controllers (or who are acting on behalf of data controllers). In this role, we process personal data solely in accordance with our customer’s instructions and for purposes defined by them, such as identity verification, storage, technical support, and service delivery.
8.2 Personal Data Processed. When acting at the instruction of a controller, we process personal data as may be provided by the controller, including but not limited to identity attributes, contact information, ID document information, ID document images, identification numbers, bank account numbers and selfie images. We may also process sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) (“Sensitive Information”).
8.3 Compliance with Regulation. All such processing is conducted in compliance with the General Data Protection Regulation (GDPR) and any other applicable laws. We implement strict technical and organizational safeguards and ensure that any personnel with access to personal data are subject to confidentiality obligations. Our processing arrangements are governed by contracts which contain all necessary provisions mandated by law, and which ensure that any personal data provided to us has been collected in accordance with a valid legal basis, including where required, any necessary consents from data subjects.
8.4 Exercise of your rights. If your data is being processed by Trinsic on behalf of a third party, you should refer to that organization’s privacy notice for more information on how your data is used and your rights under data protection laws. Trinsic is not authorized to respond directly to such requests in its role as a processor.
9. EXCLUSIONS
We ask that you do not submit personal data or confidential information in the information posted by you to any public areas of the Services, such as bulletin boards, chat room, community pages or comment areas. Information shared in public areas of the Services is inherently visible to others and may be accessed, collected, or used by third parties over whom we have no control.
In addition, this policy shall not apply to (i) any ideas for new products or modifications to existing products, and (ii) other unsolicited submissions (collectively, “Unsolicited Information”). Unsolicited Information shall not be considered User Information and by submitting Unsolicited Information to us, you hereby grant us a license to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution. Notwithstanding, if Unsolicited Information includes any Personal Data, such information will be processed in accordance with any applicable data protection laws.
10. RETENTION; CHILDREN.
10.1 Data Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
10.2 Children. Our services are not directed to children and/or persons under the age of majority in their respective jurisdictions and are intended for use by adults and/or persons at or over the age of majority only. We do not knowingly collect personal data from individuals under eighteen (18) years of age. If you are under the age of eighteen (18), please do not submit any information through our Services or other offerings and do not provide your consent for the use of your data unless your parent or guardian has approved.
11. NOTICE TO RESIDENTS OF EUROPE AND THE UNITED KINGDOM.
11.1 General Information. Trinsic recognizes the importance of protecting the privacy of our customers and the users of the Services. As such, we will always ensure that we have a lawful basis for processing your Personal Data, in accordance with the GDPR, and any other applicable legislation. The data controller for all Personal Data collected from residents of the European Economic Area (EEA) or the United Kingdom is:
Trinsic Technologies Inc.
2261 Market Street #4395
San Francisco, CA 94114
Under Article 27 of the General Data Protection Regulation (GDPR), we have also appointed an EU representative. If you have any questions about this Privacy Policy, your data protection rights, or how we process your Personal Data, you may contact our EU representative at:
Company Name: Privacy Power (Brightspark SRL)
Contact Person: Anne-Michèle Goris
Contact Details: amgoris@privacypower.eu
11.2 Our Legal Basis for Collecting and Processing Your Personal Data. We will collect and process your Personal Data based on one of the following legal bases:
11.3 Your Legal Rights. Under the GDPR and the UK GDPR, you have the following rights related to Trinsic’s use of your Personal Data. If you wish to opt out of Trinsic’s use of your Personal Data, or exercise any of your rights under this Agreement, you may email us at legal@trinsic.id.
Right | Description of your right |
Access | A right to access Personal Data held by us about you, as well as information about how we are using your data. |
Rectify | A right to require us to rectify any inaccurate Personal Data held by us about you. |
Delete | A right to require us to erase Personal Data held by us about you, and where the Personal Data has been made public, for other controllers processing the Personal Data to also erase links to, or copy or replication of, such Personal Data. This right will only apply where (for example): we no longer need to use the Personal Data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your Personal Data based on your consent; or where you object to the way we process your data (in line with the right to restrict use below). |
Restrict Use | A right to restrict our processing of Personal Data held by us about you. This right will only apply where (for example): you dispute the accuracy of the Personal Data held by us; or where you would have the right to require us to erase the Personal Data but would prefer that our processing is restricted instead; or where we no longer need to use the Personal Data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims. |
Data Portability and Transfer | A right to receive Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal data to another organization, at your request. |
Object to Processing | A right to object to our processing of Personal Data held by us about you (including for the purposes of sending marketing materials to you). |
11.4 International Data Transfers. Trinsic is located in the United States and, as such, your Personal Data may be processed by us or our service providers in the United States. In such cases, we have implemented appropriate safeguards for EEA residents, in accordance with Article 46 GDPR. For any transfer of Personal Data from the EEA, Switzerland, or the United Kingdom that we make, we use appropriate safeguards to ensure the lawful processing and transfer of the Personal Data. When appropriate, we may use standard contractual clauses approved by the European Commission. Please contact us through one of the methods provided in the “Contact Us” section below and put “Safeguards” in the subject line to receive more information on the safeguards we have put in place.
If you have any concerns or complaints regarding our processing of your Personal Data, you may contact our Data Protection Officer directly using the details provided below.
We also comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
We certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
If we transfer your personal data to a third party, we will remain liable under the DPF Principles if this recipient processes your personal data in a manner inconsistent with the DPF Principles, unless we were not responsible for the event giving rise to the damage.
11.5 Complaints and Independent Recourse. If you have any concerns regarding our processing of your Personal Data or are not satisfied with our handling of any request by you in relation to your rights, you have the right to make a complaint to your local supervisory authority (EU Data Protection Authorities, Information Commissioner’s Office).
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact us at: legal@trinsic.id.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Trinsic commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS ADR, an alternative dispute resolution provider based in the United States of America. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS ADR are provided at no cost to you.
Trinsic are also subject to the investigatory and enforcement powers of the Federal Trade Commission.
11.6 DPF Arbitration.
In addition to the recourse mechanisms described above, under certain conditions, you may have the option to invoke binding arbitration for residual complaints regarding our compliance with the DPF Principles that have not been resolved by other means. This option is available only as set forth in Annex I of the DPF Principles and is subject to specific pre-arbitration requirements, including utilizing the independent recourse mechanism (JAMS ADR) and engaging with the U.S. Department of Commerce via your Data Protection Authority.
This binding arbitration is administered by the International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA) and has the authority to impose individual-specific, non-monetary equitable relief (such as access, correction, deletion, or return of your data) to remedy proven violations of the DPF Principles. Monetary damages are not available through this mechanism.
For detailed information on the conditions and procedures for invoking binding arbitration under the DPF, please refer directly to Annex I of the EU-U.S. Data Privacy Framework Principles, available on the Data Privacy Framework website at: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
Please note that this DPF Annex I binding arbitration mechanism is a separate process specifically for addressing unresolved DPF compliance complaints and is distinct from the general dispute resolution procedures applicable to contractual disputes outlined in Section 17 of our Terms of Service.
12. NOTICE TO RESIDENTS OF CALIFORNIA, NEVADA AND UTAH.
12.1 Notice to California residents. If you are a California resident, and you use our services, you may have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to:
We do not sell or share personal information for third-party direct marketing purposes. To exercise your rights, please contact us using the information provided above.
12.2 Notice to Nevada Residents. Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to a person for the person to license or sell the information to additional persons. We do not currently sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and we will record your instructions and incorporate them in the future if our policy changes. Opt-out requests may be sent to us through one of the methods provided in the “Contact Us” section below and put “Nevada Opt-Out” in the subject line.
12.3 Notice to Utah Residents. We do not disclose your personal information to any third party for such third party’s direct marketing purposes.
13. CHANGES TO THIS PRIVACY POLICY.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on our Services and, where required by law, by sending a notice to your registered email address (if provided). Changes will become effective 15 days after posting or immediately for new users. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.
The first identity acceptance network. Augment identity verification with acceptance of 500+ million user across dozens of eID providers.
Keep up to date with what we’re doing at Trinsic.
Sign up for our monthly newsletter.
