Privacy Policy for BentID.com
Last Updated: July 30, 2025
This Privacy Policy describes how BentID.com ("BentID", "we", "us", or "our"), a service provided by Brooks & Keitt, a Swiss-based Software Company, collects, uses, and protects your personal data when you use our identity aggregation and verification service. Your privacy is of paramount importance to us, and we are committed to handling your data with the highest level of security and in full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and relevant UK regulations like the Online Safety Act.
BentID.com is solely an identity and age verification system. We do not host, display, or provide any content (photos, videos, or otherwise) with adult connotations. Our role is strictly to verify your identity and age to enable your access to third-party services that require such verification.
1. Data Controller
The data controller responsible for your personal data collected through BentID.com is:
Brooks & Keitt SARL
Place du Midi 30, 1950, Sion
info@bentid.com
2. What Personal Data We Collect
We collect personal data that is necessary for the purpose of identity and age verification. This may include:
- Identity Document Information: Images or scans of government-issued photo IDs (e.g., passport, driving license), including your name, date of birth, nationality, document number, and expiry date.
- Biometric Data: A live selfie or video of your face for biometric comparison with your ID document, to confirm liveness and identity match. This is considered special category data under GDPR and is processed with your explicit consent.
- Contact Information: Your email address and/or phone number for account creation, communication, and verification purposes.
- Account Information: A unique user ID generated by BentID to identify your verified status.
- Transaction Data: Information related to your payment for the verification service (e.g., payment confirmation, but not full payment card details which are handled by our secure payment processor).
- Technical Data: IP address, device information, browser type, and usage data related to your interaction with our service for security, fraud prevention, and service improvement.
3. How We Use Your Personal Data
We use your personal data exclusively for the following purposes:
- Identity and Age Verification: To confirm that you are who you claim to be and that you meet the minimum age requirements (18 years or older) for accessing services that require age verification.
- Service Provision: To create and manage your BentID account and provide you with the identity aggregation and verification service.
- Security and Fraud Prevention: To detect and prevent fraudulent activities, unauthorized access, and to ensure the integrity of our verification process.
- Compliance with Legal Obligations: To comply with legal and regulatory requirements, including those under the UK Online Safety Act and GDPR.
- Customer Support: To provide assistance and respond to your inquiries.
- Service Improvement: To analyze usage patterns and improve the functionality and security of our service (using aggregated and anonymized data where possible).
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
- Consent: For the processing of your biometric data and other sensitive information required for age and identity verification. You will be asked for explicit consent before this data is collected. You have the right to withdraw your consent at any time, though this may impact your ability to use our service.
- Contractual Necessity: To fulfill our contractual obligations to you by providing the BentID service you have requested.
- Legal Obligation: To comply with legal and regulatory requirements, such as those related to age verification under the UK Online Safety Act.
- Legitimate Interests: For purposes such as fraud prevention, ensuring the security of our systems, and improving our services, where these interests are not overridden by your data protection rights.
5. How We Store and Protect Your Data
We employ robust security measures to protect your personal data:
- Secure Storage: Your sensitive ID documents and personal information are uploaded directly to our highly secure, private cloud storage and database systems. They are never retrieved by your device or any client-side system after submission. Access is strictly limited to authorized backend systems.
- Encryption: All your data is encrypted both when it's stored (at rest) and when it's moving (in transit) using industry-standard encryption protocols.
- Access Control: We implement strict access controls and the principle of least privilege, ensuring that only essential personnel and automated systems have access to data, and only for specific, authorized purposes.
- Regular Audits: Our systems and security practices are regularly audited and reviewed to maintain the highest standards of data protection.
- Swiss Data Protection: As a Swiss-based company, we benefit from Switzerland's strong data protection laws, which complement our commitment to GDPR compliance.
6. Data Sharing and Disclosure
We uphold a strict policy regarding your data:
- No Sharing with Third Parties: Your sensitive personal data, including your ID documents and biometric information, is never shared with anyone or any third-party services for marketing, advertising, or any purpose other than the core age verification check.
- Verification Confirmation: When you use BentID to access a third-party service (e.g., BentBox), we will, with your explicit consent, only transmit a simple "verified" confirmation (e.g., "User is 18+") to that service. No personal details from your ID or biometric data are shared.
- Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
- Service Providers: We may engage trusted third-party service providers (e.g., payment processors, cloud infrastructure providers) to assist us in operating our service. These providers are contractually bound to protect your data and only process it according to our instructions and applicable data protection laws. They do not have independent rights to use your data.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. The retention period for identity documents and biometric data will be minimized and aligned with regulatory requirements for age verification services. Once data is no longer needed, it is securely deleted or anonymized.
8. Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
- Right to Access: You have the right to request copies of your personal data.
- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
- Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us using the details provided in Section 10.
9. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: info@bentid.com
