Legal

Privacy Policy

Last updated: April 26, 2026

CleerWayID ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights in relation to it. By using our website or services you agree to the practices described here.

1. Who We Are

CleerWayID is an AI-powered identity verification platform. Our registered contact for data inquiries is privacy@clearwayid.com. We act as a data controller for information collected through our website and waitlist, and as a data processor for identity data processed on behalf of our developer customers.

2. Data We Collect

2.1 Waitlist & Contact Data

When you submit your email address to join our early-access waitlist, we collect:

  • Email address
  • Submission timestamp
  • Referral source (page URL, if applicable)

2.2 Developer Account Data

When you register for API or SDK access, we collect:

  • Name and email address
  • Company name and website
  • Billing information (processed by our payment provider — we do not store card numbers)
  • API usage logs (endpoint calls, timestamps, error codes — no payload content)

2.3 End-User Identity Data (processed on behalf of developers)

When a developer integrates CleerWayID into their application, we process the following on their behalf under their instruction:

  • Images of identity documents (passports, national IDs, driver's licences)
  • Facial biometric data captured during liveness verification
  • Derived identity attributes (name, date of birth, document number, nationality)

This data is processed transiently during the verification session. We do not store raw biometric data or document images after a session completes unless explicitly configured by the developer and consented to by the end user.

2.4 Website Usage Data

We collect standard web server logs including IP address, browser type, referring URL, and pages visited. This data is used solely for security monitoring and aggregate analytics.

3. How We Use Your Data

  • Waitlist communications — to notify you of early access availability and product updates.
  • Service delivery — to authenticate API requests, process verifications, and generate usage reports.
  • Billing — to calculate and collect payment for verifications and subscriptions.
  • Security & fraud prevention — to detect and prevent abuse of our platform.
  • Legal compliance — to meet obligations under applicable law.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases for processing are:

  • Consent — for waitlist sign-up and marketing communications.
  • Contract performance — for processing data necessary to deliver the API and SDK service.
  • Legitimate interests — for security monitoring, fraud prevention, and service improvement.
  • Legal obligation — where required by applicable law.

5. Data Sharing & Sub-processors

We share data with the following categories of third-party service providers, each bound by appropriate data protection agreements:

  • Cloud infrastructure — for hosting and compute (servers located in the EU and US).
  • Payment processing — for billing and subscription management.
  • Transactional email — for sending waitlist and account notifications.
  • Error monitoring — for detecting and diagnosing service issues (no identity data is included in error reports).

We do not share identity document data or biometric data with any third party except as strictly required to deliver the verification service.

6. Data Retention

  • Waitlist emails — retained until you unsubscribe or request deletion.
  • Developer account data — retained for the duration of the account and for 7 years thereafter for tax and legal compliance.
  • Biometric & document data — deleted within 24 hours of session completion unless the developer has configured longer retention and obtained appropriate consent.
  • API logs — retained for 90 days for debugging and billing reconciliation, then deleted.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your data where we have no legal obligation to retain it.
  • Restriction — ask us to limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@clearwayid.com. We will respond within 30 days.

8. Cookies

Our website uses only technically necessary cookies (session management, CSRF protection). We do not use advertising or tracking cookies. No consent banner is required.

9. International Transfers

If you are located in the EEA, your data may be transferred to and processed in countries outside the EEA. Where this occurs, we ensure appropriate safeguards are in place — including Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our platform and waitlist are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify waitlist subscribers of material changes by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests: