Privacy Policy

Kayle ID is identity verification infrastructure operated by Kayle Inc. This policy applies when you use the Kayle ID dashboard, API, webhook tooling, verification flows, or the Kayle ID mobile application.

We serve two main groups of people: developers and teams who integrate Kayle ID into their products, and end-users who are asked by those products to complete a verification session.

If another platform sends you to Kayle ID for verification, that platform also has its own privacy practices. In particular, that platform decides which claims it requests from you and what it does with the verification result it receives from Kayle ID.

We do not create a separate consumer account for end-users who only complete a verification session unless they separately register as developers.

• To authenticate developers, manage organizations, and secure access to the dashboard and API.
• To create verification sessions, build share contracts, and present the end-user with the claims requested by the relying party.
• To validate passport authenticity by checking chip data, including DG1, DG2, and SOD artifacts.
• To compare the passport chip portrait against captured selfies using Kayle ID's internal face-matching service.
• To generate verification status records, events, risk scores, and receiver-scoped identifiers such as the Kayle Document ID.
• To deliver the verification result and user-selected claims to the relying party through encrypted webhook payloads.
• To monitor service health, investigate abuse or failures, enforce our terms, and comply with legal obligations.

A developer creates a verification session through the Kayle ID API and defines which claims may be requested. The user is then sent to a Kayle ID verification URL, which currently hands the session off into the Kayle ID iPhone app.

During the active session, Kayle ID asks the user to consent, scans the passport photo page to prepare NFC access, reads the passport chip, and captures multiple selfies. Those artifacts are used to confirm document authenticity and compare the document portrait against the submitted selfies.

After verification succeeds, Kayle ID asks the user which optional claims to share. The selected claims are packaged into a webhook payload that is encrypted to the developer's public key and signed with the webhook signing secret. Kayle ID stores that payload only in encrypted form for delivery and retry purposes.

Raw verification artifacts are processed in volatile session state while the verification is active. If a developer requests the document_photo claim and the user shares it, the resulting document portrait is included in the encrypted webhook payload delivered to that developer.

• With the relying party that requested the verification, but only for the verification result and claims included in the session contract and selected by the user, except where a claim is marked required.
• With infrastructure and security providers that help us operate Kayle ID, such as hosted compute, storage, networking, database, and authentication providers.
• With Google if a developer chooses Google sign-in for their Kayle ID account.
• When required by law, legal process, or to protect the rights, safety, and security of Kayle ID, our users, or third parties.
• As part of a merger, financing, acquisition, or other corporate transaction, subject to appropriate confidentiality and legal safeguards.

We use technical and organizational measures designed to protect the data we handle. These include TLS in transit, secure and HTTP-only authentication cookies, hashed API keys, hashed handoff credentials, encrypted webhook signing secrets, and end-to-end encryption of webhook payloads to the developer's public key.

We also restrict access to developer resources through organization membership controls and keep structured operational logs focused on service safety and troubleshooting rather than raw identity payloads.

• Verification sessions currently expire 60 minutes after creation unless they are completed or cancelled earlier.
• Mobile handoff tokens currently expire five minutes after issuance.
• Magic-link and OTP sign-in verification records currently expire after 15 minutes.
• Raw verification artifacts are processed transiently and cleared from the live transfer state when the verification socket closes.
• Developer account records, session metadata, events, and encrypted webhook delivery records may be retained for operational, security, support, audit, fraud-prevention, and legal-compliance purposes.

Developers can manage organization membership, rotate or delete API keys, configure webhook endpoints and encryption keys, and stop creating new verification sessions at any time.

End-users can choose whether to continue with a verification session and can decide which optional claims to share. Required claims cannot be deselected because they are part of the developer's session contract.

Depending on where you live, you may have rights to request access, correction, deletion, or restriction of personal data. To make a request, email help@kayle.id. If your request concerns data that a relying party requested or received, we may direct you to that party because it controls how it uses the verification result on its side.

We may update this Privacy Policy from time to time to reflect changes to the service, security practices, or legal requirements. When we make material changes, we will post the updated version here and update the "Last updated" date above.

Questions about this Privacy Policy can be sent to help@kayle.id.