AlliedPassBack to home

Last updated: April 11, 2025

Privacy Policy

AlliedPass, Inc.("AlliedPass", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our identity verification API, dashboard, and related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

When you create an account or use our Service, we collect:

  • Name, email address, and password when you register
  • Billing and payment information processed through our payment processor
  • Project names, descriptions, and configuration settings you create in the dashboard
  • API key names and metadata (note: secret key values are hashed and not stored in recoverable form after initial display)
  • Communications you send us, including support requests

1.2 Verification Data Submitted via the API

When you call the AlliedPass verification API on behalf of your end users, you submit data elements such as:

  • Email addresses
  • IP addresses
  • Phone numbers
  • Device fingerprint signals (browser, OS, timezone, screen dimensions)

This data is processed in real time to generate a risk score. We retain processed verification records — including the submitted identifiers, the resulting risk score, per-signal findings, and a timestamp — for 90 days by default, after which they are automatically deleted. You may configure a shorter retention period in your project settings.

1.3 Automatically Collected Data

When you use our dashboard or API, we automatically collect:

  • Log data including your IP address, browser type, pages visited, and timestamps
  • API request metadata (endpoint, response time, HTTP status, project ID)
  • Cookies and similar tracking technologies necessary for authentication and session management

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Authenticate your identity and maintain the security of your account
  • Process and return verification results to your API calls
  • Generate aggregate, anonymised analytics to improve detection accuracy
  • Send transactional emails (account confirmations, API key creation notices, billing receipts)
  • Respond to your support requests
  • Comply with legal obligations
  • Detect and prevent fraud, abuse, and violations of our Terms of Service

We do not sell your personal data or the verification data of your end users to third parties. We do not use end-user verification data to train machine learning models in a way that would identify or re-identify specific individuals.

3. Sharing of Information

We share your information only in the following circumstances:

  • Service providers — third-party vendors that help us deliver the Service (cloud hosting, payment processing, email delivery). These providers are contractually bound to process data only on our behalf and in accordance with this Policy.
  • Business transfers — if AlliedPass is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.
  • Legal requirements — if required by law, court order, or governmental authority, or to protect the rights, property, or safety of AlliedPass, our users, or the public.
  • With your consent — for any other purpose with your explicit consent.

4. Data Retention

We retain data for the following periods:

  • Account data — for the life of your account and up to 30 days after deletion
  • Verification records — 90 days by default (configurable per project)
  • API request logs — 30 days
  • Billing records — 7 years (required by law in many jurisdictions)
  • Support communications — 2 years

You may request deletion of your account and associated data at any time by contacting us at support@alliedpass.com.

5. Security

We implement industry-standard security measures to protect your data, including:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • API keys hashed with bcrypt upon creation
  • Role-based access controls and audit logging
  • Regular penetration testing and vulnerability assessments

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we take commercially reasonable steps to protect your information.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data (subject to legal retention requirements)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to certain processing activities
  • Restriction — request that we restrict processing of your data
  • Withdrawal of consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at support@alliedpass.com. We will respond within 30 days.

7. Cookies

We use the following types of cookies:

  • Strictly necessary cookies — authentication tokens (auth_token) required for you to use the dashboard. These cannot be disabled.
  • Preference cookies — theme selection (light/dark mode) stored in localStorage.
  • Analytics cookies — we may use privacy-preserving analytics to understand aggregate usage patterns. These do not track individual users across sites.

You can configure your browser to refuse cookies, but doing so may prevent you from using the dashboard.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately at support@alliedpass.com and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you by email or by a prominent notice in the dashboard. Continued use of the Service after such changes constitutes your acceptance of the updated Policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AlliedPass, Inc.

Email: support@alliedpass.com