toni
Sign InGet Verified

Legal

Data Policy

Explains Toni's handling rules for identity evidence, biometric/liveness data, credential records, partner claims, logs, and retention.

Privacy PolicyBack Home

Policy overview

This Data Policy describes Toni's operating rules for sensitive verification data. The product goal is to verify the person once, store only what is needed, and give partners narrow claims instead of raw identity evidence.

1. Data Classification

  • Restricted data includes government ID images, document numbers, face/liveness evidence, biometric templates when applicable, fraud signals, and manual review notes.
  • Confidential data includes account contact details, profession, license numbers, credential-source responses, partner connection records, signed assertions, and billing or support records.
  • Partner-shareable data is limited to approved claims such as identity status, assurance level, verified timestamp, partner-scoped user ID, profession, and credential status.

2. Data Minimization

Toni should collect the minimum fields needed to verify identity, verify professional credentials, secure the account, satisfy consent, support audits, and operate the service. Partner integrations should request scopes, and Toni should deny or narrow claims that are not necessary for the partner's stated use case.

3. Raw Evidence Handling

Raw ID documents, selfies, liveness media, biometric artifacts, and provider evidence should be segregated from normal application data, encrypted in transit and at rest, access-controlled, logged, and excluded from partner assertions unless a legally approved workflow specifically requires otherwise.

4. Retention Rules

  • Verification result records, consent logs, audit events, and partner assertions may be retained to prove what Toni verified and shared.
  • Raw document and face/liveness evidence should have shorter retention windows than result records unless fraud review, dispute handling, law, provider rules, or regulatory duties require longer retention.
  • Credential records should be refreshed, expired, or rechecked based on profession, jurisdiction, partner requirements, and source availability.

5. Access Controls

Access to restricted data should require least privilege, role-based authorization, strong authentication, audit logging, and operational need. Manual reviewers should see only the evidence needed to resolve the assigned case, and administrative access should be monitored.

6. Vendor and Provider Data

Identity verification, face/liveness, credential-source, cloud hosting, database, storage, email, SMS, fraud, analytics, and support vendors should be reviewed for security, data processing terms, retention behavior, subprocessors, incident notification, geographic storage, and deletion capabilities.

7. Partner Claims and Scopes

  • Partners should receive signed, scoped claims rather than raw evidence.
  • Each partner should use a partner-scoped Toni user ID so one partner cannot correlate a user across the Toni network without authorization.
  • Claims should include timestamps, status, scopes, issuer, audience, expiration, and verification level where applicable.

8. Deletion, Revocation, and Correction

When a user requests deletion or correction, Toni should verify the requester, evaluate legal exceptions, revoke or update partner-sharing records where appropriate, and keep limited audit records when necessary to prevent fraud, comply with law, or prove prior consent.

9. Security Monitoring and Incident Response

Toni should monitor suspicious activity, failed verification patterns, credential abuse, partner misuse, administrative access, and data export events. Security incidents should be triaged, contained, investigated, documented, and communicated according to applicable legal and contractual requirements.

10. Governance

Toni should maintain data inventories, provider inventories, retention schedules, access reviews, audit-log review, policy updates, and partner compliance reviews as the platform grows.