Berbix Product Privacy Notice

Last updated: July 2023

About Berbix

Berbix LLC and our subsidiaries and affiliates (collectively, “Berbix”, “we”, “us” or “our”) provides document identity verification services (the “Services”) for the purpose of helping our customers validate your identity and prevent fraud online. In other words, we use artificial intelligence and machine learning to evaluate the authenticity of the identity document and assess whether the image on the identity document (“headshot”) and the image of yourself (the “selfie”) match and whether you are physically present when you submit the images.

About this Privacy Notice

The purpose of this privacy notice (the “Privacy Notice”) is to inform you about what happens when you - consumers and our business customers - use the Services, including what types of personal information we collect (including how we get it), how we use it, when and with whom we might share it, and when we’ll delete it. This Privacy Notice also has important information about our use of biometrics and about your data rights under applicable privacy laws.

This Privacy Notice is not a substitute for any privacy notice that Berbix customers are required to provide in accordance with or otherwise required by applicable law.

Personal Information We Collect

Information collected via our Services and the sources of that information. Berbix may collect or derive personal information about you from our customers, from your direct engagement with the Services, from public sources of information, or from third parties who provide us with data or otherwise assist with our provision of the Services, including:

  • Identity information, such as your first and last name, email address, billing and mailing addresses, phone number, and date of birth.
  • Geographic data, such as your city, state, country of residence, postal code, IP address, and device geolocation.
  • Data from government-issued identification cards, such as national identification number (e.g. Social Security Number, tax identification number, passport number), state or local identification number (e.g., driver’s license or state ID number), and other personal information contained in or extracted from the government-issued identification card(s) or other identity documentation that you submit (e.g., information extracted from barcodes and machine-readable zones).
  • Facial images, such as your selfie photographs and headshots from your identification card. These images may be processed to derive biometric information.
  • Transaction data, such as metadata about the identity verification transaction sent over by our business customers (e.g., IP address), and information relating to your application and account with our business customers including fraud labels and account details.
  • Device data, such as the following categories of data collected from and about devices and their operating systems and web browsers: (i) ip addresses and geolocation, (ii) device level identifiers, (iii) local storage mechanisms and caches, (iv) mobile carrier and network information, (v) user preferences and settings, (vi) hardware information (e.g., model, version, manufacturer, specifications and capabilities), (vii) sensor data (such as motion, gesture and environmental), (viii) interactions and user driven events from end user peripherals devices, and (ix) cryptographic keys as permitted by the device.
  • Other data not specifically listed here, which we will use as described in this Privacy Notice or as otherwise disclosed at the time of collection.

Notice re Opt-Out: If you would like to opt-out of the processing of your sensitive information or of the use of your information for automated decision making, or if you otherwise would like to exercise an opt-out right provided to you by law, please review Exercising Your Rights.

How We Use Information

We use the information we collect for several purposes, including:

  • for identity verification and fraud prevention;
  • to provide the Services at the instruction of, and pursuant to agreements with, our customers;
  • to measure performance of and improve the Services;
  • to develop new products and services, including by training and testing our models and validating their performance; and
  • to respond to, and to help our customers respond to, inquiries, complaints, and consumer requests relating to the exercise of their data rights.

We may also use information necessary or appropriate to (a) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; (b) comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; (c) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (d) audit our internal processes for compliance with legal and contractual requirements and internal policies; and (e) enforce the terms of use that govern the Services.

We may also use personal information for our internal business purposes, such as research and development of new or existing identity verification and fraud prevention products.

How We Share Information

Berbix uses the information we collect for our identity verification and fraud prevention purposes. Berbix does not use personal information for marketing purposes and does not sell personal information to third parties. Berbix does not share biometrics with our customers, vendors, service providers, or any other non-affiliated third parties.

We may share the information we collect:

  • With the relevant business customer that sent you to Berbix in connection with the Services;
  • With certain third parties, such as auditors, sponsor banks and regulators, as the relevant business customer may direct;
  • With third-party service and information systems providers, such as our cloud computing platform, that help us provide and improve the Services;
  • With professional advisors such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us; and
  • With Berbix corporate subsidiaries or affiliates for the purposes described in this Privacy Notice.

We may also share information with government, law enforcement officials or private parties as required or otherwise permitted by law, when we believe such disclosure is necessary or appropriate to (a) comply with, or evidence compliance with, applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

We may sell, transfer or otherwise share some or all of Berbix’s business or assets, including information that we process as part of the Services, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy.

Data Retention

Although identity verification and fraud prevention are ongoing purposes that do not expire, we won’t keep your data forever. Except as otherwise provided in this Privacy Notice, Berbix may retain information for up to seven years, as permitted by applicable law. If you provide Berbix with images used in an attempt to commit fraud, however, we will retain the images and any information derived therefrom, and you waive your rights to that data and to pursuing any legal or other action against Berbix.

Special Notices and Policies re Biometrics

To the extent any data is generated or derived from a photograph of your face, it is not done in order to identify you as a specific individual. Instead, such information is used for such features and functionality as face detection (whether there is a face on the document submitted), face matching (whether the facial images submitted match), and liveness detection (whether you are physically present when taking the selfie).

To the extent the Services derive biometric information from an image of your face, that occurs only within three years from the date the images were initially processed, and the biometric information will be permanently destroyed immediately after each use, except as otherwise provided in this Privacy Notice.

Exercising Your Rights

Berbix is either a “service provider” or a “data processor” pursuant to applicable privacy laws. This means that our customers (the “business” or “data controller”) are legally responsible for responding to requests to exercise your data rights. In order to exercise your rights, you must contact the customer that used the Services. Berbix respects consumer privacy, and we work with our customers when they ask us to assist them with consumer data privacy rights requests.

Data Security

Berbix uses commercially reasonable physical, electronic, and procedural safeguards to protect information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction, in accordance with applicable law, and we recommend that our customers do the same. In fact, our customer agreements generally include data access and security guidelines. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security incident.

Third-Party Systems

The Services are often integrated with our business customers’ websites, platforms, or other systems, which are governed by our customers’ privacy notices and terms of use. Please review those notices carefully, as Berbix does not control and cannot be responsible for the privacy and information security practices or terms associated with non-affiliated third parties.

Changes to this Privacy Notice

Berbix reserves the right to modify this Privacy Notice at any time. Berbix’s Services, as well as laws, regulations and industry standards may evolve, which may result in changes to this Privacy Notice. Berbix will post the changes to this page and notify our customers via our agreed upon communication channels.

Berbix encourages you to review this Privacy Notice from time to time to stay informed. In accordance with applicable law, Berbix will notify you of any material changes in its collection, use, or disclosure of your information by posting a notice on its website. Any material changes to this Privacy Notice will be effective immediately.

Contact Privacy @ Berbix

If you have any questions about this policy, you can contact us at or 888-200-9987.