PRVEN Privacy Policy

0. Data Controller

PRVEN is the data controller responsible for the processing of personal data described in this policy.

PRVEN is operated by a sole trader based in England and Wales.

For the purposes of applicable data protection laws, PRVEN determines how and why personal data is processed.

1. Privacy by Design

PRVEN is built on the principle of minimal data retention.

The system is designed to:

• confirm that a real human identity completed a verification event
• generate a verification record confirming that event
• avoid storing unnecessary identity or biometric data

PRVEN does not operate as a biometric database and does not store long-term identity archives.

Verification records exist to confirm that an event occurred, not to store personal identity histories.

2. Information Collected

To use PRVEN, certain information is required.

This may include:

• email address (for account creation and access)
• password (stored securely in encrypted form)
• reference image (used for verification comparison)
• live capture data during the verification process

This information is used only to complete verification and operate the platform.

3. How Verification Works (Data Use)

During verification:

• a live capture is compared to a submitted reference image
• biometric analysis is performed to confirm similarity
• a verification result is generated

This process is automated and occurs in real time.

PRVEN does not use biometric data for profiling, tracking, or identification outside the verification event.

4. Reference Image Handling

A reference image is required to complete verification.

After verification:

• the full-resolution reference image is deleted
• a SHA-256 cryptographic hash of the image is generated and stored
• a reduced-size watermarked thumbnail may be stored (if enabled by the user)

The thumbnail is used only to provide visual confirmation on a verification page.

PRVEN does not retain full-resolution reference images after verification.

5. Biometric Data Handling

PRVEN uses biometric data only during the verification process.

Biometric data used during verification may be considered special category data under applicable data protection laws.

PRVEN processes this data solely for the purpose of identity verification and only for the duration of the verification event.

PRVEN does not:

• store biometric templates
• maintain facial recognition databases
• retain liveness capture data
• create searchable biometric indexes

Biometric processing is temporary and limited to the verification event.

PRVEN is designed to avoid long-term storage of biometric identifiers.

6. Verification Records

Verification records confirm that a verification event occurred.

Records may include:

• verification ID
• timestamp
• region
• similarity score
• confidence score
• human verification status
• reference image hash
• thumbnail (if enabled)

These records are used to generate verification pages.

7. Public Verification Pages

Verification pages allow others to confirm that a verification event occurred.

Depending on user settings, pages may be:

• Public — accessible and potentially indexed
• Unlisted — accessible via direct link
• Private — accessible only to the user

Users control visibility settings.

PRVEN cannot control how publicly accessible data is copied, indexed, or stored by third parties.

PRVEN recommends users consider visibility settings carefully based on their intended use.

8. What PRVEN Does Not Store

PRVEN is intentionally designed to minimise sensitive data storage.

PRVEN does not retain:

• full-resolution reference images after verification
• liveness capture video or frames
• biometric templates
• facial recognition databases

The system verifies identity without creating a persistent biometric identity store.

9. Account Data

Account data is required to operate the service.

This may include:

• email address
• encrypted password
• account creation timestamp
• verification status

This data is used only for account management and platform functionality.

10. Third-Party Processing

PRVEN uses trusted third-party providers to operate the platform.

These may include:

• cloud infrastructure providers
• biometric processing services
• secure data transmission systems

These providers process data on behalf of PRVEN.

PRVEN does not control their internal systems but selects providers based on security and reliability.

11. Data Security

PRVEN uses standard security measures to protect data.

These include:

• encrypted communication (HTTPS)
• secure authentication systems
• restricted access to system data

PRVEN aims to protect user data but cannot guarantee absolute security.

12. Legal Basis for Processing

PRVEN processes data on the following legal bases (where applicable):

• performance of a contract (providing the verification service)
• legitimate interests (maintaining platform integrity and security)
• user consent (particularly for biometric processing)

Where biometric data is processed, such processing is based on explicit user consent.

Users provide this consent by initiating and completing the verification process.

13. Data Retention

PRVEN retains only the data necessary to operate the service.

• account data is retained while the account remains active
• verification records are retained to maintain verification references
• biometric data is not retained beyond the verification event

PRVEN aims to minimise retention wherever possible.

14. Your Rights

Depending on your jurisdiction, you may have rights including:

• access to your personal data
• correction of inaccurate data
• deletion of your data
• restriction of processing
• data portability

Users may request deletion of their account and associated data.

Where deletion is requested:

• account data will be removed
• verification records may be retained where necessary to maintain system integrity or legal obligations
• publicly accessible verification pages may persist where already shared or indexed

Requests can be made via: support@prven.org

PRVEN will respond in accordance with applicable data protection laws.

15. International Data Transfers

PRVEN may use infrastructure that processes data outside your country of residence.

Where this occurs, PRVEN takes reasonable steps to ensure appropriate safeguards are in place.

16. Changes to This Policy

PRVEN may update this Privacy Policy to reflect:

• system changes
• legal requirements
• improvements to privacy practices

Updated versions will be published on the PRVEN website.

17. Contact

For privacy-related enquiries:

support@prven.org

18. Automated Processing

PRVEN uses automated systems to perform biometric verification.

These systems assess similarity between a live capture and a reference image.

Verification results are generated automatically based on this process.

PRVEN does not use automated decision-making for profiling, behavioural analysis, or broader identity evaluation.

Verification outcomes reflect technical analysis and may not be error-free.