Verified Video – Privacy Notice

Effective Date: 21st May, 2025

1. Introduction

This Privacy Policy describes how iProov Limited (“iProov”, “we”, “us”, or “our”) collects, uses, stores, and processes personal data when you participate in our product demonstrations using the iProov Verified Video demo application (the “Demo App” or “App”).
The Demo App facilitates live video calls during which biometric liveness is assessed using facial imagery captured throughout the session.

The Demo App is intended solely for limited demonstration and evaluation purposes and is not a commercial product offering. The App is designed to support live demonstrations of iProov’s biometric liveness detection capabilities in a non-production environment. It enables participants to experience how the technology functions during a simulated use case, without any automated decisions or technical evaluation being carried out.
Please read this Privacy Policy together with the Demo App Terms of Use. Any capitalised terms not defined here shall have the meanings ascribed to them in the Terms of Use.

2. Our Relationship with You

iProov Limited is the controller of the personal data processed via the Verified Video demo application (the “Demo App”). This means that we determine the purposes and essential means of processing your personal data when you participate in one of our product demonstrations.

To deliver the demo experience, iProov uses certain third-party service providers who process data on our behalf and under our instruction. This includes Pexip, a video conferencing solution used to support the live video connection during the demonstration. The Pexip platform is hosted and managed by iProov within our own infrastructure, and Pexip acts as our data processor for these purposes.

iProov remains responsible for ensuring that any processors we use, including Pexip, comply with applicable data protection laws and provide appropriate safeguards for your personal data. No other party, including the event organiser or demonstration host, has access to or control over your personal data during the demo.

This Privacy Policy therefore explains how iProov collects and processes your data, and outlines our responsibilities to you as a data subject.

3. Scope of the Policy

This Policy applies to all participants who use the Verified Video Demo App during a product demonstration conducted by or on behalf of iProov Limited. It covers the collection and use of personal data during and through your use of the App.

The Demo App is designed to simulate iProov’s biometric liveness detection technology in a controlled, non-production environment. The demonstration involves the temporary capture and processing of facial imagery to show how the technology detects whether a live person is present during a video call.

The Demo App is not used for identity verification, testing, or development purposes, and is not connected to any live production system. The data processed may include personal data and special category data (e.g. biometric data), and is used solely for the demonstration as described in this Policy.

4. Categories of Data Collected

The types of data collected through the Verified Video Demo App include, but are not necessarily limited to:

    1. Biometric data: Facial imagery (video frames) captured during the demo session to simulate liveness detection. This may include data relating to facial features and expressions that are analysed in real time and optionally retained where you consent to further use.
    2. Video call metadata: Timestamps, session duration, and technical logs generated during the video call. This data supports the operation and display of the demo but does not include audio or full video recordings.
    3. Device and browser metadata: Information such as your device type, browser version, and operating system, used to ensure compatibility and improve the stability of the demo environment.
    4. Optional participant information: If the demo is provided via a registration or event interface, basic identification data (e.g. name,  email) may be collected where submitted voluntarily.

5. Purpose of Data Collection 

Personal data collected through the Demo App is processed solely for the following purposes:

  • To demonstrate iProov’s liveness detection technology in real time as part of a product showcase or informational session.
  • To present visual results of the biometric liveness process to the participant (user) and the demonstration host (referee).
  • Where appropriate and with your explicit consent, to retain biometric frames and scores for internal performance review or future model development.
  • To ensure the reliable functioning and integrity of the demo environment, including basic system diagnostics and technical support.

No profiling, identity verification, or production deployment occurs via the Demo App. The App is not intended for commercial use or decision-making about individuals.

6. Lawful Basis for Processing

iProov processes your personal data in accordance with the UK GDPR and, where applicable, the EU GDPR, on the following lawful bases:

  • Consent (Article 6(1)(a) and Article 9(2)(a)): We rely on your explicit consent to collect and process your biometric data during the demonstration. Consent is collected through the Demo App prior to data collection and is recorded in our backend systems. You may withdraw your consent at any time, although doing so may prevent your continued participation in the demo.
  • Legitimate Interests (Article 6(1)(f)): We process technical and device metadata based on our legitimate interest in providing a secure, functional, and engaging demonstration experience.

iProov will not use your personal data for any purpose incompatible with those described in this Privacy Policy. If data is retained for model improvement or internal review, this will only occur with your explicit and informed consent.

7. Data Retention

Your personal data will be retained only for as long as necessary to fulfil the purpose of conducting the demonstration via the Verified Video Demo App. This includes processing biometric frames and related metadata solely to support the real-time operation and visual display of liveness results during the demo session.

All personal data, including any biometric imagery and related metadata, will be automatically deleted within 7 days of the demonstration. We do not retain data for ongoing model development, research, or evaluation unless you have given separate, explicit consent to such use.

Where consent is withdrawn prior to the conclusion of the demo session, we will take reasonable steps to cease processing and delete your data, subject to technical feasibility.

8. Data Sharing and Disclosures 

iProov does not sell, rent, or commercially exploit your personal data.

We work with technology providers, for example we use an external cloud hosting provider. We only give our suppliers/partners access to your information if they need it to provide their service. Our suppliers/partners act as data processors and are subject to contracts with us which restrict them to only processing your personal data for the sole purpose of providing their services in accordance with our instructions.

Access to personal data collected via the Demo App is strictly limited to authorised personnel within iProov who are involved in delivering or supporting the demonstration. This may include selected members of our product and engineering teams.

Your data is processed through infrastructure operated by iProov and hosted on Google Cloud Platform in the Netherlands. In addition, video call functionality is provided via iProov’s self-hosted instance of the Pexip platform, located in Belgium. Both service providers act as data processors on behalf of iProov and are bound by contractual agreements, including appropriate technical and organisational safeguards.

Data may also be disclosed where required to comply with applicable laws or respond to lawful requests from public authorities.

9. Data Security

We implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by the processing of personal data through the Demo App. These measures are designed in alignment with recognised industry standards, including the principles of ISO/IEC 27001, the international standard for information security management.

Key safeguards include:

  • Encryption of data in transit and at rest;
  • Role-based access controls to restrict access to personal data to authorised personnel only;
  • Segregated demo environments hosted in secure, access-controlled infrastructure managed by iProov;
  • Automated deletion mechanisms to ensure that personal data is erased within 7 days of the demonstration;
  • Hardened configuration of all supporting systems, including video processing and storage infrastructure;
  • Regular monitoring and review of access logs and system alerts to detect unauthorised activity.

iProov actively maintains its security posture in accordance with best practices and continuously improves its controls to mitigate emerging threats.

10. International Transfers

Your data will be stored and processed exclusively within the European Economic Area (EEA), specifically in the Netherlands and Belgium. No international transfers outside the EEA or United Kingdom occur in connection with the Verified Video Demo App.

If this position changes, we will implement appropriate safeguards in line with the UK GDPR and EU GDPR, including the UK Addendum to the EU Standard Contractual Clauses or other approved transfer mechanisms. You may request a copy of such safeguards by contacting us.

11. Your Rights

Under applicable data protection law, you have the right to:

  • Request access to your personal data and receive a copy;
  • Request rectification of inaccurate or incomplete data;
  • Request deletion of your data, including withdrawal of consent;
  • Object to or request restriction of processing in certain circumstances;
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) or another competent data protection authority.

To help us confirm your identity and ensure that your rights are exercised securely, we may need to request specific information from you before fulfilling your request. This is a necessary security measure to prevent unauthorised access to or disclosure of personal data. We may also contact you to request additional details if needed to clarify or expedite our response.

We aim to respond to all legitimate requests within one month. In cases where your request is particularly complex or if you have submitted multiple requests, we may require more time to respond. If this occurs, we will inform you of the delay and keep you updated on the progress of your request.

Please note that if your data has already been deleted or anonymised (e.g. following the 7-day retention period), we may no longer be able to fulfil your request unless the data remains identifiable and retrievable in our systems.

To exercise your rights, please contact the iProov Privacy Team at: dpo@iproov.com.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect operational changes, legal developments, or refinements to how the Demo App is delivered. Where material changes are made, we will provide appropriate notice. This may include messaging at the start of the demo or updates to publicly available documentation.

You are responsible for reviewing any changes. Participation in a demo session after an updated Privacy Policy is made available constitutes your acknowledgement of the updated terms.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact:

Email: dpo@iproov.com
 ICO Registration Number: ZA859100
 Company Name: iProov Limited
 Registered Address: 14, Bank Chambers, 25 Jermyn Street, London, England, SW1Y 6HR
 Supervisory Authority: UK Information Commissioner’s Office (www.ico.org.uk)