ID Verification Privacy Notice - ID Verification

This ID Verification Privacy Notice (“Privacy Notice”) applies to Customers (i.e., registered users of Alibaba Cloud services and referred to as “Customer”) using ID Verification services. This Privacy Notice explains how we process data in relation to this service, in the manner and for any of the purposes set forth in this Privacy Notice, where permitted by applicable law.

In what roles does Alibaba Cloud process data?

This product is designed to provide our ID verification service to Customers. When providing our service, we act as a processor/service provider for our Customer. We only process data received from and on behalf of our Customer; we do not act as controller of any data.

Data ID Verification collects and processes

The ID Verification, for the purpose providing ID Verification services, will, at the request of the Customer, directly collect, use, and/or process certain data. The Customer undertakes to have obtained all necessary authorizations from its end users.

ID Verification will collect, use and process the following data of our Customer’s end users:

Data Description	Source
Device Data collected from Customer’s end users’ device, including: Device Basic Information: device manufacturer, device brand, device type and model, device name, device operating system, device memory and storage size, battery and power information, baseband information, boot time, screen brightness and resolution, CPU information, system time zone, system language, charging status, system kernel information, sensor list, light sensor information, Boot ID, MEDIA ID、IDFV (optional for iOS only), CookieUID(optional); Device Network Information: carrier information, network type, SIM card status, LAN IP and DNS IP (optional); Device Application Information: SDK host APP information (including: host APP application name, host APP application version, host APP installation time); Application Installation List (optional).	Collected directly by SDK at the Customer's request.
(2) Device Network Information: carrier information, network type, SIM card status, LAN IP and DNS IP (optional);
(3) Device Application Information: SDK host APP information (including: host APP application name, host APP application version, host APP installation time);
(4) Application Installation List (optional).
Face images and identity dd/ID card uploaded by Customer’s end user After Customer’s end user consents to enable the camera permissions, we will request the user to capture ID card images and obtain data such as name and ID number through OCR recognition. We will also collect face images and video streams for real-time face detection and identity verification. When using the ID_NFC function of ID Verification, we will read the document through the end user's NFC permissions.	Received from Customer or collected directly by SDK at the Customer's request.
Terminal Permission Data To support the functionality and secure, stable operation of the product, ID Verification may request or utilize certain permissions from the Customer’s end user's operating system. For detailed information regarding the specific permissions required, please refer to the relevant documentation provided in the developer guide.	Collected directly by SDK at the Customer's request.
Log Data When you use our ID Verification service, we automatically collect detailed data about your use of our service and save it as operation logs. This includes your operation parameters, operation time, service response time, operation steps, verification results, and reasons for any errors.	Received from Customer or collected directly by SDK at the Customer's request.

We only retain the data we collected for 30 days for the purpose of troubleshooting and resolving service-related issues, after which the data will be permanently deleted. Within the 30 days, Customer has the right to actively request the deletion of such data.

We shall not be required to comply with requests directly from Customers' end users or their authorized agents. For any requests made by end users exercising their rights under applicable laws such as right to know, right to opt-out, right to limit, right to delete, Customers shall be responsible to respond to such requests. We will provide necessary support to the Customer as required by applicable law.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, regulatory, technical or business developments. Any changes to this Privacy Notice will be communicated by us by posting an amended Privacy Notice on this website. The new Privacy Notice will become immediately effective once posted or at a date specified by Alibaba Cloud. We may also, in our discretion, provide notice to you of any changes to the Privacy Notice. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective.

To the maximum extent permissible under applicable law, you agree to be bound by the prevailing terms of the Privacy Notice as modified from time to time. Please check back regularly for updated information on the handling of your data.