Biometrics Notice

Last updated: May 3, 2023

What is the purpose of this notice?

Midy, a product of NortonLifeLock Foreign Holding II Inc., offers a service that allows you to prove your identity in a privacy-preserving way. This biometrics notice explains how Midy collects, uses, shares, retains, and destroys your Biometric Data when you use our services.

“Biometric Data” includes: (i) “Biometric Identifiers,” which are data generated by measurements of your biological characteristics, such as your retina or iris scan, fingerprint, voiceprint, or a scan of your hand or face geometry; and (ii) “Biometric Information,” which is information based on a Biometric Identifier that can be used to identify you.

Please review this notice carefully. By agreeing to our collection of your Biometric Data, you consent to the collection, use, sharing, and retention of your Biometric Data as described in this notice.

What type of Biometric Data does Midy collect and how do we collect it?

To verify your identity and the authenticity of your identity document for our digital identity product, we use a service provider, Onfido. In accordance with their Facial Scan Policy and Release, Onfido extracts and compares the face geometry data from a selfie video captured through the Midy app against an image of your identity document. Onfido then assesses whether the person in the photo or video is likely to be the same person pictured in the identity document and gives us the result of this confirmation. Onfido also extracts the information from the identity document and provides it to Midy to create a verified ID.

How does Midy use and share it?

Our third-party service provider, Onfido, collects your Biometric Data to verify your identity. Biometric Data is used exclusively to verify your identity. By agreeing to Midy’s collection of your Biometric Data, you also agree to the terms of Onfido’s Facial Scan Policy and Release.

Midy does not share your Biometric Identifiers with partners who request your identity verification via Midy. Partners receive the information that you agree to share with them. For example, confirmation from Midy if the verification was successful or not – without sharing any Biometric Identifiers. Midy will show you what information the partner has requested when asking for your consent to share that information.

How long does Midy retain your Biometric Data and what happens to it at the end of the retention period?

Midy does not store your face geometry data. An image of your identity document and the information extracted from the identity document will be stored on your device and you can delete them anytime from Midy or by completely uninstalling the Midy app. Information about your transactions (e.g., a verification of your identity provided to a partner you authorized) is stored in Midy for the duration your account is active and then is archived for 3 years for legal, compliance, and security reasons. We permanently erase all information associated with your account at the end of this retention period

Our service provider, Onfido, deletes your face geometry data within 48 hours after your ID has been verified, unless otherwise required by law or legal process to retain the data. Onfido permanently erases your Biometric Data at the end of the 3-year retention period described in the previous paragraph, and it does so in a way that once erased, the Biometric Data cannot be recovered or reconstructed.

Additional Privacy Disclosures and Your Rights

For more information about how we collect, use, and share your personal information, as well as your rights and choices concerning our data practices, please review our Privacy Policy available at