Privacy Policy

1. Information Toni Collects

• Account data such as name, email, phone number, password authentication data, account settings, support messages, and consent records.
• Identity data such as government ID type, document images or provider references, extracted document fields, verification result, assurance level, and verification timestamp.
• Face and liveness data such as selfie images, liveness-session metadata, face-match outcome, provider result codes, and anti-spoofing signals when required for verification.

2. Professional Credential Data

Toni may collect profession, role, license type, issuing state or authority, license number, optional business name, license status, credential-source responses, review notes, and credential verification timestamps. For fields that do not require licensing, Toni may mark the profession as not credential verified.

3. Device, Security, and Usage Data

Toni may collect IP address, device identifiers, browser details, session metadata, geolocation signals derived from IP, risk indicators, attempted actions, page events, audit logs, and partner redirect details to secure accounts, prevent abuse, diagnose issues, and prove consent.

4. How Toni Uses Information

• Create and secure Toni accounts, verify contact methods, and authenticate users.
• Run identity proofing, face match, liveness, fraud prevention, credential verification, manual review, and reverification workflows.
• Issue partner-scoped verification claims after consent and maintain records of what was shared, with whom, and when.

5. How Toni Shares Information

Toni may share limited verification claims with partner websites only when permitted by consent, contract, law, or security necessity. Toni may also share information with service providers that process data for Toni, public licensing authorities or credential sources when verification requires it, legal or regulatory recipients when required, and security recipients when needed to prevent fraud or abuse.

6. Data Retention

Toni retains information for as long as needed to provide verification, support partner assertions, maintain audit records, comply with legal duties, resolve disputes, prevent fraud, and enforce agreements. Raw identity documents and biometric/liveness evidence should be retained only as long as necessary for verification, review, audit, fraud prevention, or legal requirements, then deleted or de-identified according to the Data Policy.

7. User Controls and Privacy Rights

• Users can request access, correction, deletion, export, partner revocation, or review of certain personal information, subject to identity confirmation and legal exceptions.
• Users can revoke partner connections where supported, but Toni may retain audit logs proving past consent and verification assertions.
• Depending on location, users may have additional rights under state, federal, biometric, consumer privacy, or data protection laws.

8. Security

Toni uses administrative, technical, and organizational controls designed for sensitive identity data, including encryption, access control, audit logging, least-privilege review workflows, monitoring, vendor controls, and separation of raw evidence from partner-facing claims.

9. Children and Sensitive Use Cases

Toni is intended for adults and professional verification contexts. Toni should not knowingly collect information from children or be used for high-risk decisions unless the partner has appropriate legal authority, disclosures, consents, and compliance controls.

10. Contact

Privacy questions, data requests, biometric/liveness questions, or concerns about partner sharing can be submitted through Toni support.