SAFEPASSAGE PRIVACY POLICY
Effective Date: October 23, 2025
Last Updated: October 23, 2025
1. INTRODUCTION
SafePassage, S.A.S. ("SafePassage," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our AI-powered age verification and document verification services (the "Services").
This Privacy Policy applies to all users of our Services, including visitors to our website, registered users, and individuals whose age or documents are verified through our platform. By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.
For information about biometric data processing, please also review our Biometric Disclosures at https://www.safepassage.co/biometric.
2. DATA CONTROLLER INFORMATION
For users in the European Economic Area (EEA), SafePassage acts as an independent data controller for personal data processed during verification transactions.
3. INFORMATION WE COLLECT
3.1 Information You Provide Directly
Account Information:
- Name
- Email address
- Company name and business information
- Billing address
- Payment information (processed through our payment processor)
- Account preferences and settings
Verification Data:
- Facial images for age estimation (processed but not stored)
- Images of identification documents (processed but not stored)
- Data extracted from identification documents as necessary for verification
- Verification results and timestamps
3.2 Information Collected Automatically
Usage Data:
- API usage statistics
- Number of verifications performed
- Service performance metrics
- Error logs and debugging information
Technical Data:
- IP address
- Browser type and version
- Device information
- Operating system
- Time zone settings
- API request headers and metadata
3.3 Information from Third Parties
We may receive information about you from:
- Payment processors regarding transaction status
- Business partners who refer you to our Services
- Third-party services used for fraud prevention and security
4. LEGAL BASIS FOR PROCESSING
We process your personal data based on the following legal grounds:
4.1 Contract Performance
Processing necessary for the performance of our contract with you, including:
- Providing age verification and document verification services
- Managing your account and subscription
- Processing payments and billing
4.2 Legitimate Interests
Processing necessary for our legitimate interests or those of third parties, including:
- Improving and developing our Services
- Ensuring security and preventing fraud
- Providing customer support
- Sending service-related communications
4.3 Legal Obligations
Processing necessary to comply with legal obligations, including:
- Responding to legal requests and court orders
- Complying with data protection regulations
- Maintaining records for tax and accounting purposes
4.4 Consent
Where required by law, we process certain data based on your consent, which you may withdraw at any time.
5. HOW WE USE YOUR INFORMATION
We use the information we collect to:
5.1 Provide and Maintain Services
- Perform age verification and document verification
- Process transactions and manage subscriptions
- Provide customer support and respond to inquiries
- Send service updates and technical notifications
5.2 Improve and Develop Services
- Analyze usage patterns and service performance
- Develop new features and improvements
- Conduct research and development
- Fix bugs and technical issues
5.3 Ensure Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Enforce our Terms of Service
- Comply with legal obligations
- Protect the rights and safety of SafePassage and our users
5.4 Communications
- Send transactional emails about your account
- Provide technical support and service announcements
- With your consent, send marketing communications
6. DATA SHARING AND DISCLOSURE
We share your information only in the following circumstances:
6.1 Service Providers
We share data with third-party service providers who perform services on our behalf:
- Emblem: Provides privacy infrastructure for verification processing
- Payment Processors: Currently PayPal for payment processing
- Cloud Infrastructure: For hosting and data storage
- Analytics Providers: For service improvement and usage analysis
All service providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.
6.2 Business Transfers
If SafePassage is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
6.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:
- Court orders and legal process
- Government requests
- Law enforcement investigations
6.4 Protection of Rights
We may disclose information where we believe it is necessary to:
- Protect the safety of any person
- Address fraud, security, or technical issues
- Protect SafePassage's rights or property
6.5 Aggregated Information
We may share aggregated, anonymized information that cannot identify you personally for research, marketing, or other purposes.
7. DATA RETENTION
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
7.1 Verification Data
- Facial images and document images: Processed in real-time and not stored
- Verification results: Retained for the period required by applicable regulations
- Transaction logs: Retained for audit and compliance purposes
7.2 Account Data
- Active accounts: Retained for the duration of your subscription
- Closed accounts: Basic information retained as required for legal and tax purposes
- Payment records: Retained as required by financial regulations
7.3 Legal Requirements
We may retain certain information for longer periods when required by law or to protect our legal interests.
8. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data:
8.1 Security Measures
- Encryption of data in transit using TLS/SSL
- Encryption of sensitive data at rest
- Access controls and authentication mechanisms
- Regular security assessments and audits
- Employee training on data security
8.2 Privacy by Design
- Minimization of data collection
- Privacy-first architecture through our partnership with Emblem
- Double anonymity ensuring separation between verification and content services
- Regular privacy impact assessments
8.3 Incident Response
In the event of a data breach, we will:
- Notify affected users within 72 hours as required by law
- Notify relevant supervisory authorities
- Take immediate steps to mitigate harm
- Document the incident and our response
9. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to and processed in countries other than your country of residence:
9.1 Safeguards
For transfers outside the EEA, we ensure appropriate safeguards through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Other legally recognized transfer mechanisms
9.2 Your Rights
You have the right to information about the safeguards we use for international transfers of your data.
10. YOUR RIGHTS AND CHOICES
10.1 Access and Portability
You have the right to:
- Access your personal data
- Receive your data in a structured, machine-readable format
- Transfer your data to another service provider
10.2 Correction and Deletion
You have the right to:
- Correct inaccurate or incomplete data
- Request deletion of your data (subject to legal requirements)
- Restrict processing in certain circumstances
10.3 Objection and Withdrawal
You have the right to:
- Object to processing based on legitimate interests
- Withdraw consent where processing is based on consent
- Opt-out of marketing communications
10.4 Automated Decision-Making
When our Services use automated processing for age verification:
- You have the right to request human review
- You may express your point of view and contest decisions
- Alternative verification methods are available upon request
10.5 How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@safepassageapp.com. We will respond to your request within 30 days.
12. CHILDREN'S PRIVACY
Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18 for account creation purposes. The age verification service itself processes biometric data to estimate age but does not store this data.
If we become aware that we have collected personal information from a child under 18 for account purposes, we will take steps to delete such information promptly.
13. PRIVACY RIGHTS BY JURISDICTION
13.1 European Economic Area (EEA) Rights
EEA residents have additional rights under GDPR, including:
- Right to lodge a complaint with your local supervisory authority
- Right to withdraw consent at any time
- Right to object to processing for direct marketing
- Rights related to automated decision-making and profiling
13.2 California Privacy Rights
California residents have rights under CCPA, including:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
13.3 Other Jurisdictions
We respect privacy rights under all applicable laws. If you have questions about your rights in your jurisdiction, please contact us.
14. THIRD-PARTY SERVICES
14.1 Emblem Integration
Our Services integrate with Emblem's privacy infrastructure. Emblem's processing of data is subject to:
- Our data processing agreement with Emblem
- Emblem's Terms of Service: https://www.emblemapp.com/terms
- Emblem's Privacy Policy: https://www.emblemapp.com/privacy
14.2 Payment Processors
Payment processing is handled by third-party processors (currently PayPal) subject to their own privacy policies. We do not store complete payment card information.
14.3 Links to Other Sites
Our Services may contain links to third-party sites. We are not responsible for the privacy practices of these sites.
15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending email notification for material changes
Your continued use of the Services after changes become effective constitutes acceptance of the revised Privacy Policy.
16. CONTACT INFORMATION
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:
Data Protection Officer
SafePassage, S.A.S.
CR 42 No.5 SUR 145
Medellin, Antioquia, Colombia
Email: privacy@safepassageapp.com
Support: support@safepassageapp.com
16.1 Supervisory Authority
EEA residents may also contact their local data protection authority with questions or complaints.
17. ACCESSIBILITY
We are committed to ensuring this Privacy Policy is accessible to all users. If you need this Privacy Policy in an alternative format, please contact us at privacy@safepassageapp.com.
By using SafePassage's Services, you acknowledge that you have read and understood this Privacy Policy.