Privacy Policy

LAST UPDATED: November 14, 2025

Thanks for reading this Privacy Policy! We know legal documents can sometimes be confusing and full of jargon, so we’ve tried to provide a clear, easy-to-read explanation of how we treat your personal information when you interact with us. Note to residents in U.S. states with special privacy rights: please see here for more information specific to you.

Note to residents of Republic of Korea: Please see section 11 for the supplementary privacy notice.

Who are we?

Kidentify Pte. Ltd. and its affiliates (collectively, “we” or “us” or “k-ID”) provides a suite of products and services, including www.k-id.com, the KnowledgeKit, Compliance Development Kit, AgeKit, AgeKit+, k-ID Family Connect, and the k-ID Compliance Studio.

We designed this Privacy Policy to help you understand how we collect, use, and share your personal information (collectively, our data “processing”). The definition of “personal information” varies a bit based on where you live, but it generally refers to information that can be used to identify you as an individual. This Privacy Policy can also help you understand and exercise your privacy rights.

k-ID is a valid licensee, and participating member, of the Entertainment Software Rating Board’s Privacy Certified Program (“ESRB Privacy Certified”). To help protect your privacy, we have voluntarily undertaken this privacy initiative. As a licensee in this privacy certification program, we are subject to audits of our Services and other enforcement and accountability mechanisms administered independently by ESRB Privacy Certified. The technology behind our Family Connect Portal and Compliance Studio has been reviewed and certified by ESRB Privacy Certified. If implemented correctly by our customers, our Compliance Studio and Global Compliance Engine facilitate compliance with the U.S. Children’s Online Privacy Protection Act (COPPA) and its implementing rules.

Give me the short version: What do I need to know as a player or parent?

Our Service (as defined below) is designed to help our customers, which include video game companies, social media platforms, and other online services, to deliver compliant and age-appropriate experience to children and teenagers (generally referred to as “minor users”) while at the same time respecting user privacy. For us to do that, depending on the legal requirements where you live, we must receive your location, your age, and where needed, proof of your age or parental status. We also need a parent or legal guardian’s email address.
- Location information: If you engage with our Services either through an online service we support or through Family Connect, we receive your approximate city-level location from your device’s IP address.
- Age information: Meanwhile, we receive age information through a variety of sources, including from you directly, through third-party age signals, or via our automated tools.
- Proof: We partner with third-party providers listed (such as those listed at https://security.k-id.com/subprocessors.) to offer multiple options for you to provide proof of your age and/or parent/guardian status, depending on the law of where you live.
k-ID does NOT store the information that you provide to prove your age and/or parent/guardian status. All we store is the result of the validation process (i.e., whether you passed or failed). In the case of Facial Age Estimation (“FAE”) technology provided by Privately, the facial image you provide is processed solely on your device – we don’t actually see any faces that are processed via this solution.
‍

Within our Family Connect, parents and legal guardians can add and manage members of their family, provide or confirm each family member’s age, see and control the products and services they have access to, and configure their permissions. We store the information that parents give us (which includes some personal information) on our end, and use it to communicate to our customers how to adjust your child’s experience in the online product or service based on your preferences.
Importantly, we do not sell your or your child’s data to anyone, nor do we share any child’s data with any third-party advertiser. We make our money through our paid partnerships with our customers (game developers, social platforms, etc.), not by selling or advertising with children’s data.
‍

With that out of the way, here’s the full Privacy Policy!

1. SCOPE AND UPDATES TO THIS PRIVACY POLICY

2. PERSONAL INFORMATION WE COLLECT

3. HOW WE USE YOUR PERSONAL INFORMATION

4. CHILDREN’S INFORMATION

5. HOW WE SHARE YOUR PERSONAL INFORMATION

6. YOUR PRIVACY CHOICES AND RIGHTS

7. SECURITY OF YOUR INFORMATION

8. INTERNATIONAL DATA TRANSFERS

9. RETENTION OF PERSONAL INFORMATION

10. ADDITIONAL INFORMATION FOR RESIDENTS OF U.S. STATES WITH APPLICABLE COMPREHENSIVE PRIVACY LAWS

11. OTHER PROVISIONS

12. CONTACT US

SCOPE AND UPDATES TO THIS PRIVACY POLICY

This Privacy Policy applies to personal information processed by us and our affiliates (collectively “k-ID,” “we,” “us,” or “our”), including on our websites and other online or offline offerings. To make this Privacy Policy easier to read, our websites and other offerings are collectively referred to here as the “Services.”

What do we do?

We wear a few different “hats” when it comes to processing personal information. This Privacy Policy covers our processing of your personal information when we interact with you directly, such as when you visit our websites or use Family Connect. In that circumstance, we operate as a “data controller.”

In other cases, we work directly with our customers who integrate our technologies into their products or services. In these scenarios, we process any personal information our customers provide to us (which is typically limited to your location, age information, and other information used to identify your user session and/or publisher account) as a “data processor” or “service provider.” This means that our processing of the personal information they provide to us is governed by the contracts that we have in place with our customers, not by this Privacy Policy. If you have questions about how our customer is processing information from you or your child in a particular service, you should contact them directly.

What if I’m a developer of an application or service that wants to use k-ID? Please refer to your contract and developer documentation for a description of the data that will be collected from you when using k-ID’s services, such as the Compliance Studio.

Changes to our Privacy Policy. We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law, such as through an email. If you continue to use our Services after the new Privacy Policy takes effect, we will assume you have read and acknowledged the new policy.

PERSONAL INFORMATION WE COLLECT

The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. Generally speaking, we collect personal information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations. See below for more details regarding each category.

A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us directly through the following sources:

Family Connect. We collect personal information when you create a parent account, such as your email address, password, and region. Our third-party service providers may also process the following information:

Information required to prove your age status based on the law where you live. Depending on your jurisdiction, this may include:
- Credit card and/or bank transaction information
- A scan of your government-issued ID
- Your full name, date of birth, last four digits of your social security number
- A scan of your facial geometry, facial movements, and/or voice (only offered in select jurisdictions, and processed solely on-device unless otherwise indicated)
- We may offer additional verification methods in the future: if so, we will explain what information is collected from each method before you choose to use it.

Note, you only need to verify your age using one of the methods offered for your jurisdiction. Regardless of what method you choose, k-ID does not receive the information you provide to prove your age status. We only receive the results of the process.
- AgeKey: When you provide proof of your age on our platform, we may offer you the ability to generate a record of your verified status via an AgeKey. The AgeKey is a unique reusable cryptographic token generated locally on your device, and is protected by your local device’s security measures. You can share this AgeKey with us or other online providers to more seamlessly prove your age in the future. The AgeKey does not contain your identity: it simply acts as a secure record of how and when you proved your age. If you would like to learn more about how AgeKey works, please refer to www.agekey.org.

Information about your family and permissions. We ask you to provide the names (or nicknames) of your family members, as well as each member’s birth month and year. Once you’ve added a family member, the parent or legal guardian using the Family Connect Portal may see and adjust the products and services that family member has access to, as well as the permissions that member has within each product or service.

On-Device Facial Age Estimation (“FAE”). We offer a privacy-preserving FAE solution for our customers to comply with laws that require age assurance. The solution provided by Privately operates on-device, meaning that neither k-ID nor its service providers collect any biometric information from users when they interact with the solution. k-ID only receives and stores the outcome of the age check process.
Your Communications with Us. We may collect personal information, such as your email address or mailing address when you request information about our Services, request customer or technical support, or otherwise communicate with us.

Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.

Business Development and Strategic Partnerships. We may collect personal information from individuals to assess and pursue potential business opportunities. For example, if we talk to you at a convention or you register to one of our LinkedIn Live webinars, we may collect your full name, email, job title and the organization you work for, profile link, as well as any comments and reactions you share during the event.

‍

B. Personal Information Collected Automatically

We may collect personal information automatically when you use our Services as follows:

Device and identifier-related information. We may collect certain information automatically when you use our Services, such as your Internet Protocol (IP) address, user settings, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, and Internet service provider.

Browsing and analytics information: We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during, and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
- Crash Reports. If you provide crash reports, we may collect personal information related to such crash reports, including detailed diagnostic information about your device and the activities that led to the crash.

Cookies and Other Technologies. Please see our Cookies Policy.

‍

C. Personal Information Collected from Other Sources

From our Customers. Our customers send us the age and location of each user, tied to a unique identifier used by the developer customer. In some cases, we may also get additional information from the customer in order to present the applicable legal documentation (e.g. Terms of Service) based on the laws applicable to that user.

Third-Party Sources. We may obtain personal information about you from other sources, including through third-party services and organizations, such as our providers who verify your age and/or adult status as part of the compliance process.

HOW WE USE YOUR PERSONAL INFORMATION

We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to improve our products and Services, as described below.

A. Provide Our Services

We use your information to fulfill our contract with you and provide you with our Services, such as:

Managing your information and accounts;
Providing access to certain areas, functionalities, and features of our Services;
Answering requests for customer or technical support;
Communicating with you about your account, activities on our Services, and policy changes; and
Processing your financial information and other payment methods for verification purposes.

‍

B. Administrative Purposes

We use your information for various administrative purposes, such as:

Research and development (including internal marketing research), network and information security, and fraud prevention;
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
Measuring interest and engagement in our Services;
Improving, upgrading, or enhancing our Services;
Developing new products and services;
Ensuring internal quality control and safety;
Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;
Debugging to identify and repair errors with our Services;
Auditing relating to interactions, transactions, and other compliance activities;
Sharing personal information with third party service providers and partners as needed to provide the Services;
Enforcing our agreements and policies; and
Carrying out activities that are required to comply with our legal obligations.

‍

C. With Your Consent

We may use personal information for other purposes that are clearly disclosed to you at the time you consent to provide your personal information to us.

D. Other Purposes

We also use your personal information for other purposes as requested by you or as permitted by applicable law. For example, we may use personal information to create de-identified and/or aggregated information (for example, aggregate reports detailing the total number of users we have in a given jurisdiction).

CHILDREN’S INFORMATION

Protecting children’s privacy online is core to what we do. When an individual accesses Family Connect and asserts that they are the parent or guardian of a child who has initiated a permission request in a customer’s product or service, we follow the law of the child’s location to verify their identity. Meanwhile, when children use our Services, we limit access to certain features based on their age and the laws in their location. We also limit our personal information collection and sharing to only what is necessary to support the internal operations of our Services until we have obtained the verifiable consent of the child’s parent or legal guardian.

If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, or wish to review information collected from your child, or have that information modified or deleted, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless it is necessary for us to retain it to comply with our legal obligations (for example, to comply with a lawful investigation) or to protect the integrity of our Services. We will then revert them to the underage experience, if applicable.

HOW WE SHARE YOUR PERSONAL INFORMATION

We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide our Services

The categories of third parties with whom we may share your personal information are described below.

Service Providers. We may share your personal information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, identity verification, age assurance, payment processing, customer service, and related services. A list of k-ID’s subprocessors can be found at https://security.k-id.com/subprocessors.

Our customers. We do not store or share the personal information used to verify your identity with our customers; however, we share some information with our customers, such as the fact that you have been authenticated and the permissions a parent has set for each product or service if applicable, so that those permissions will be reflected in the product or service you or your child accesses.

Affiliates. We may share your personal information with our company affiliates, including our U.S. subsidiaries including Kidentify U.S. Inc., for our administrative purposes, IT management, and for them to provide services to you or support and supplement the Services we provide.

Other Family Members. If a child initiates a request to their parent or guardian to access a product or service’s expanded online features, we will communicate to the parent or guardian the child’s location, the name of the product or service the child wishes to access, and the details of the request. Likewise, we will communicate back to the child as applicable when the parent has responded to the child’s request.

APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. If you have additional questions about our use of third-party APIs/SDKs, please contact us as set forth in “Contact Us” below.

‍

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in an actual or proposed merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred in connection with such a transaction, solely as permitted by law.

YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.

Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms of Service or this Privacy Policy).
“Do Not Track” / “Global Privacy Control.” Note that we do not engage in any targeted advertising or data sales. However, we are required by law to include the following disclosure: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Additionally, some browsers or plug-ins use a “Global Privacy Control” (“GPC”), which you can learn more about at https://globalprivacycontrol.org/. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, if our site detects a GPC signal from your device, we will interpret it as either a Do Not Sell request or a request to limit the sale or sharing of personal information for targeted advertising depending on the law applicable to your jurisdiction.

‍

Your Privacy Rights. In accordance with applicable law, you may have the right to:

Obtain access to and Portability of Your Personal Information, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the “right of data portability”);

Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;

Request Deletion of your personal information;

Request Restriction of or Object to our processing of your personal information where the processing of your personal information is based on our legitimate interest or for direct marketing purposes; and

Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.
‍

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

SECURITY OF YOUR INFORMATION

k-ID is proud to hold certifications for internationally recognized privacy and security standards, including SOC2 Type 2, ISO/IEC 27001, ISO/IEC 27701, and ACCS 3:2021. We are also a valid licensee, and participating member, of the Entertainment Software Rating Board’s Privacy Certified Program (“ESRB Privacy Certified”), as mentioned above.

Nevertheless, no system is 100% secure, and to the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.

By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail, or by sending an email to you.

INTERNATIONAL DATA TRANSFERS

All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, we rely on the EU Standard Contractual Clauses to support such transfer as required by law.

For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

RETENTION OF PERSONAL INFORMATION

We store the personal information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and comply with applicable laws. Specifically, we will retain records of a parent’s permissions and preferences so long as the parent has an active account with us, and will retain session information as long as indicated by our customers.

ADDITIONAL INFORMATION FOR RESIDENTS OF U.S. STATES WITH APPLICABLE COMPREHENSIVE PRIVACY LAWS
‍
This Notice at Collection and Supplemental Notice is for residents of states that have adopted comprehensive privacy legislation that applies to our processing of personal information and others that may come into effect from time to time covering personal information collected in a business or employment context, including, but not limited to California.

A. PERSONAL INFORMATION WE COLLECT AND SHARE

Depending on how you use our Services, the information we may have collected within the last twelve (12) months about you, as well as the categories of third parties with whom we have shared this information, are described in the table below.

Category of Personal Information Collected by k-ID	Category of Third Parties Personal Information is Disclosed to for a Business Purpose	Category of Third Parties to Whom Personal Information is Sold And/or Shared
Identifiers. ‍A real name, alias, poA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number (processed temporarily by verification providers only), or other similar identifiers.	● Service providers ● Family members (permissions information only) ● Data analytic providers (online identifiers and IP addresses)	n/a
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Depending on the parental verification(s) used, our service providers may obtain a name, signature, Social Security number, physical characteristics, address, passport number, driver's license or state identification card number, bank account number, credit card number, debit card number, or any other financial information. Personal information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Note: Some personal information included in this category may overlap with other categories.	● Service providers ● Family members ● Data analytic providers (online identifiers and IP addresses)	n/a
Protected classification characteristics under California or other state or federal law ‍Age (birthday).	● Service providers ● Data analytic providers ● Our customers (in the context of an age appeal/parental attestation)	n/a
Commercial information ‍Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	● Service providers ● Data analytic providers ● Family members (permissions info)	n/a
Biometric information Physiological characteristics that can be used to establish individual identity, or imagery of the face. (Only processed by service providers for verification in select jurisdictions; never obtained by k-ID itself)	● Service providers (not applicable to FAE – only for parental verification in certain jurisdictions)	n/a
Internet or other electronic network activity ‍Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.	● Service providers ● Data analytic providers ● Development partners	n/a
Inferences drawn from other personal information to create a profile about a consumer Profile reflecting a parent or guardian’s preferences.	● Service providers ● Data analytic providers ● Development partners (with respect to parental permissions)	n/a

‍B. USE OF PERSONAL INFORMATION

We may use or disclose the personal information we collect for the purposes outlined in Use of Information above. These purposes include:

To provide our Services to you;
For our administrative purposes (including security, fraud detection and protection, and improve our Services);
To process your requests, orders, and transactions (including provide customer service to you);
To advertise and improve our products and Services;
With your consent; and,
To comply with law and enforce our rights and the rights of others.

‍

Where required under applicable law, we will not collect additional categories of personal information or use the personal information we have collected for materially different, unrelated, or incompatible purposes without first providing you notice.

C. SALES/SHARING OF PERSONAL INFORMATION

k-ID does not sell our users’ personal information for monetary compensation, or otherwise share it with advertisers for non-monetary consideration. This includes the personal information of minors under 16 years of age.

D. YOUR RIGHTS AND CHOICES

Subject to applicable law, if you are a resident of California or other U.S. states with similar rights, you may have the following rights:

To Know and Access: to obtain a copy of the specific pieces of personal information we have collected about you or your child.
Deletion: to request that we delete your personal information. This right may be limited to the extent that we are permitted or required by applicable law to retain certain information. (Note that if you request deletion of your personal information, you may no longer be able to use or access the Services. If you decide to use or access the Services again, we may consider this a new account, and may collect personal information associated with that account in accordance with this Privacy Policy.)
Opt-Out of Sale and Certain Sharing Practices: to opt-out of certain information sharing practices with third parties who do not act as our service providers. In some states, like California, this information sharing may qualify as a “share” or a “sale,” while in other states, like Virginia, this information sharing may qualify as “targeted advertising” (collectively, “personalized advertising”). We do not currently engage in any data practices that would constitute a data sale or share under these laws.
Correction: to request the correction of inaccurate personal information that we may have on file about you.
Obtain additional details regarding our information practices: to request disclosures regarding our information practices. (Note that this information is generally available in this Privacy Policy).

We will not discriminate against you, in terms of price or services that we offer, if you exercise any of the rights listed above.

Verification and Appeal Process: We are required by law to take reasonable steps to verify your identity prior to responding to your request. Please note that your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). If we are unable to process your request via you authenticating yourself on the Services, we may verify your request by asking for information sufficient to confirm your identity, based on the information we have on file. Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and as permitted by applicable law. Where required by applicable law, we will notify you if we reject your request, and notify you of the reasons we are unable to honor your request.

If you are a resident of Colorado, Virginia, Connecticut, or another U.S. state with similar rights, you may have the right to appeal a request we deny when we have verified your identity and still decline to honor your request. The process for that appeal will be sent to you separately if your request is denied.

Authorized Agent: Depending on where you live, you may have the right to use an authorized agent on their behalf to exercise a privacy right discussed above. If you are an authorized agent acting on behalf of a user to communicate with us or to exercise a privacy right discussed above, you must be able to demonstrate that you have the requisite authorization to act on behalf of the user, and have sufficient access to that user’s laptop, desktop, or mobile device to exercise that user’s right digitally. If you are an authorized agent trying to exercise rights on behalf of one of our users, then you can make a request on the user’s behalf by contacting us as set forth below in the “Contact Us” section: Such requests must include the following information: (1) a written authorization from the consumer that includes the consumer’s full name, address, telephone number and valid email address used by the consumer to interact with us, that is signed by the consumer and clearly bestows upon the agent the proper authority; and (2) a certificate of good standing with your state of organization. Alternatively, an acting agent can provide a valid power of attorney signed by the consumer on the agent’s behalf and a valid email address used by the consumer to interact with us. The email address of the consumer will be used to separately verify the agent’s authority with the consumer.

Shine the Light Disclosure: California residents are entitled to ask us for a notice that identifies the categories of personal information that we share with our affiliates and/or third parties for their direct marketing purposes, and provides contact information for such affiliates and/or third parties. Please note that we do not share personal information with third parties for their direct marketing purposes.

De-Identified Information. If we create or receive de-identified information, we will not attempt to re-identify such information, except to comply with applicable law.

E. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at privacy@k-id.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in Contact Us below.

11. ADDITIONAL INFORMATION FOR RESIDENTS OF THE REPUBLIC OF KOREA WITH APPLICABLE COMPREHENSIVE PRIVACY LAWS

This Section 11 of the Privacy Policy only applies if you are accessing and/or using k-ID’s Services from the Republic of Korea and supplements the information in the rest of the Policy above. For the purposes of using the Services in the Republic of Korea, the data controller in respect of processing your personal information is Kidentify Pte Ltd.

A. Personal Information We Collect, Use and Retain

Depending on how you use our Services, we may collect and use your personal information for the purposes as set out below

Category of Personal Information Collected by k-ID	Purpose	Legal Basis	Type(s) of Personal Information	Retention Period	Destruction Method
Personal Identifiers	To identify and verify the user To contact and/or to receive/send information to and from the user in order to provide the Services	By consent	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address or other similar identifiers.	Up until the date of termination and/or expiration of any Services used by the user.	Secured Deletion
Personal Information	To determine, verify and/or estimate the age of the user and to apply the necessary age-related compliance measures when using the Services	By consent	Name, age, email address (Only applicable if you engage through an online service we support, or our Family Connect Portal) Age, Date of Birth, Encrypted User Verification (CI) (Only applicable to compliance measures provided in Republic of Korea, we do not retain these information)	Up until the date of termination and/or expiration of any Services used by the user.	Secured Deletion
Records of labelling and/or advertising	Compliance with consumer protection laws	Article 6, Act on the Consumer Protection in Electronic Commerce	Name, username, email address, unique ID, Device type, software and hardware details, language settings, browser type and version, operating system, and information about how users use and interact with the Services (e.g., content viewed, pages visited, clicks, scrolls)	For 6 months	Secured Deletion
Records of executing and/or withdrawal of contracts	Compliance with consumer protection laws	Article 6, Act on the Consumer Protection in Electronic Commerce	Name, username, email address, unique ID	For 5 years	Secured Deletion
Records of payment(s) and supply of goods	Compliance with consumer protection laws	Article 6, Act on the Consumer Protection in Electronic Commerce	Name, username, email address, unique ID, records of purchases made	For 5 years	Secured Deletion
Records in relation to the handling of customer complaints and/or disputes	Compliance with consumer protection laws	Article 6, Act on the Consumer Protection in Electronic Commerce	Name, username, email address, unique ID	For 3 years	Secured Deletion
User’s internet logs records	Compliance with Protection of Communication Secrets Act	Article 41, Protection of Communication Secrets Act	Name, username, email address, unique ID, Device type, software and hardware details, language settings, browser type and version, operating system, and information about how users use and interact with the Services (e.g., content viewed, pages visited, clicks, scrolls)	For 3 months	Secured Deletion
User’s location tracking data and telecommunication verification data	Compliance with Protection of Communication Secrets Act	Article 15, Protection of Communication Secrets Act	n/a	For 12 months	Secured Deletion

B. Third-Party Sharing

We do not store or share the personal information used to verify your identity with our customers or third-parties; however, we share some non-personally identifiable information with our customers, such as the fact that you have been authenticated and the permissions a parent has set for each product or service if applicable, so that those permissions will be reflected in the product or service you or your child accesses.

C. Delegation of Processing

For the performance of the services detailed in this Privacy Policy, we delegate the processing of your personal information to the following professional service providers for the specific purpose(s) set out below:

Delegatee	Description of Delegated Services
Amazon Web Services Inc.	Infrastructure and storage of personal information
Stripe, Inc.	Process identity verification
Veratad Technologies, LLC	Process identity verification
Privately SA	Process age estimation result using on-device age estimation technology
VerifyMy Limited	Process age estimation result based on email
KG Inicis	Process real name verification service
Zendesk, Inc.	Customer Service
Kidentify US Inc.	For administrative purposes, IT management, and for them to provide services to you or support and supplement the Services we provide

D. Overseas Transfer of Personal Information

We transfer personal information to third parties overseas as follows:

Recipient (Contact Information of Information Manager)	Country to which Your Personal Information is to be Transferred	Date and Method of Transfer	Types of Your Personal Information to be Transferred	Purposes of Use by Recipients	Period of Retention of Use by Recipient
Amazon Web Services Inc. (https://aws.amazon.com/privacy/)	United States	Transferred via information and communications network at the time of service use	All personal information collected	Storage of personal information	For the data retention period specified under “Retention Period” in Section 11A above”
Zendesk, Inc. (https://www.zendesk.com/company/agreements-and-terms/privacy-notice/)	United States	Transferred via information and communications network at the time of service use	All personal information collected	Customer Service	For the data retention period specified under “Retention Period” in Section 11A above
Google Analytics (Firebase) (https://firebase.google.com/support)	United States	Transferred via information and communications network at the time of service use	Analytics data	Data analytics	For the data retention period specified under “Retention Period” in Section 11A above
Appsflyer Limited (https://www.appsflyer.com/legal/privacy-policy/)	Dublin, Ireland hosted by AWS and in St. Ghislain, Belgium hosted by Google Cloud, United States	Transferred via information and communications network at the time of service use	Analytics data	Data analytics	For the data retention period specified under “Retention of Personal Information”
Kidentify US Inc.	United States	Transferred via information and communications network at the time of service use	All personal information collected	For administrative purposes, IT management, and for them to provide services to you or support and supplement the Services we provide	For the data retention period specified under “Retention Period” in Section 11A above”

You may refuse the overseas transfer of your personal information by contacting our Data Protection Department. If you refuse the overseas transfer of your personal information, your personal information will not be transferred overseas. However, you may not be able to use our services for which overseas transfer of personal information is necessary.

E. Additional Use and Provision of Personal Information

In accordance with the PIPA, we may use or provide personal information within the scope of reasonably related to the initial purpose of the collection, in consideration of whether disadvantages have been caused to data subjects and whether necessary measures have been taken to secure such as encryption, etc. We will determine with due care whether to use or provide personal information in consideration of general circumstances including relevant laws and regulations such as the PIPA, purpose of use or provision of personal information, how personal information will be used or provided, items of personal information to be used or provided, matters to which data subjects provided consent or which were notified/disclosed to data subjects, impact on data subjects upon the use or provision, and measures taken to protect subject information. Specific considerations are as follows:

whether the additional use/provision is related to the initial purpose of the collection;
whether the additional use/provision is foreseeable in light of the circumstances under which personal information was collected and practices regarding processing;
whether the additional use/provision unfairly infringe on the interests of the data subject; and
whether the necessary security measures such as pseudonymization or encryption were taken.

F. Domestic Privacy Representative

Pursuant to the Article 32-5 of Network Act and Article 39-11 of the amended PIPA, the information regarding the domestic agent is as follows:

Name: Kidentify LLC
Address: 116 Teheran-ro, Gangnam-gu, Seoul, Republic of Korea
Email: privacy@k-id.com

G. Contact

To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.

Data Protection Department, responsible for the management and safety of your personal information
Email: privacy@k-id.com

12. OTHER PROVISIONS

Third-Party Websites/Applications. The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

Supervisory Authority. If your personal information is subject to the applicable data protection laws of Australia, Brazil, the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority or attorney general if you believe our processing of your personal information violates applicable law.

12. CONTACT US

Kidentify Pte. Ltd. is the controller of the personal information we process under this Privacy Policy.

If you have any questions about our privacy practices or this Privacy Policy or to exercise your rights as detailed in this Privacy Policy, you can initiate a support request through the Family Connect Portal by navigating to the “Help” section and following the prompts to submit a request, or by contacting us directly at:

Kidentify Pte. Ltd.
Data Protection Officer
privacy@k-id.com

83 Keong Saik, #02-01
Singapore 089168

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Kidentify Pte. Ltd. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the UK GDPR, KidentifyPte. Ltd. has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

by using EDPO's online request form: https://edpo.com/uk-gdpr-data-request/
by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

ESRB Privacy Certified

Kidentify Pte. Ltd. is a licensee of the ESRB Privacy Certified program. If you believe we have not responded to your privacy-related inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at https://www.esrb.org/privacy/contact/ or privacy@esrb.org.

‍