ID Verification Privacy Notice - ID Verification - Alibaba Cloud Documentation Center

This ID Verification Privacy Notice ("Privacy Notice") applies to Customers who use the ID Verification service. A "Customer" is a registered user of Alibaba Cloud services. This notice explains how we process data for this service for the purposes outlined here and as permitted by applicable law.

In what roles does Alibaba Cloud process data?

This product provides our ID verification service to Customers. When we provide the service, we act as a processor or service provider for our Customer. We only process data that we receive from and on behalf of our Customer. We do not act as a controller of any data.

Data that ID Verification collects and processes

At the Customer's request, ID Verification collects, uses, and processes certain data to provide the service. The Customer must obtain all necessary authorizations from their end users.

ID Verification collects, uses, and processes the following data from the Customer's end users:

Data description	Source
Device data collected from the Customer's end user's device. This includes: Basic device information: Device manufacturer, device brand, device type and model, device name, device operating system, device memory and storage size, battery and power information, baseband information, boot time, screen brightness and resolution, CPU information, system time zone, system language, charging status, system kernel information, sensor list, light sensor information, Boot ID, MEDIA ID, IDFV (optional for iOS only), and CookieUID (optional). Device Network Information: carrier information, network type, SIM card status, and LAN and DNS IP addresses (optional). Device application information: Information about the SDK's host application, such as its name, version, and installation time. A list of installed applications (optional).	The SDK directly collects data at the customer's request.
(2) Network information of the device: carrier information, network type, SIM card status, LAN IP, and DNS IP (optional)
(3) Device application information: The name, version, and installation time of the SDK host application.
(4) Installed applications (optional).
Face images and identity documents or ID cards uploaded by the Customer's end user After the Customer's end user provides consent and enables camera permissions, we ask the user to capture images of their ID card. We then use Optical Character Recognition (OCR) to extract data, such as their name and ID number. We also collect face images and video streams for real-time face detection and identity verification. When an end user uses the ID_NFC function of ID Verification, we read the document using the Near Field Communication (NFC) permission on their device.	Received from the Customer or collected directly by the SDK at the Customer's request.
Device permission data To support the product's features and ensure secure and stable operation, ID Verification requests or uses certain permissions from the end user's operating system. For more information about the specific permissions required, see the developer guide.	Collected directly by the SDK at the Customer's request.
Log data When you use the ID Verification service, we automatically collect and save detailed data about your use of the service in operation logs. This includes your operation parameters, operation time, service response time, operation steps, verification results, and reasons for any errors.	Received from the Customer or collected directly by the SDK at the Customer's request.

We retain the collected data for 30 days to troubleshoot and resolve service-related issues. After this period, we permanently delete the data. Within this 30-day period, the Customer can request to delete this data.

We do not comply with requests made directly by a Customer's end users or their authorized agents. The Customer is responsible for responding to requests from end users who are exercising their rights under applicable laws, such as the right to know, opt out, limit, or delete data. We provide necessary support to the Customer as required by applicable law.

Changes to this Privacy Notice

We may update this Privacy Notice to reflect changes in legal, regulatory, technical, or business developments. We will communicate any changes to this Privacy Notice by posting an amended version on this website. The new Privacy Notice is effective immediately after it is posted or on a date specified by Alibaba Cloud. If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by a notice on this website before the change becomes effective.

To the extent permitted by law, you agree to be bound by the current version of this Privacy Notice. Check this page regularly for updated information about how we handle your data.