Thanks for reading this Privacy Policy! We know these documents can sometimes be confusing and full of legal jargon, but ultimately, we hope we can provide a clear, easy-to-read explanation of how we treat your personal information when you interact with us. Note to residents of California and other US states with special privacy rights: please see here for more information specific to you.

Who are we?

Kidentify Pte. Ltd. provides a suite of products and services, including www.k-id.com, the Global Compliance Database, Global Compliance Engine, the k-ID Family Portal (both website and mobile app versions), and the k-ID Developer Portal. We designed this Privacy Policy to help you understand how we collect, use, and share your personal information. (The definition of “personal information” varies a bit based on where you live, but generally refers to information that can be used to identify you as an individual; meanwhile, we refer to all of our activities with respect to your personal information as “processing.”) This Privacy Policy can also help you understand and exercise your privacy rights.

Kidentify Pte. Ltd. is a valid licensee, and participating member, of the Entertainment Software Rating Board’s Privacy Certified Program (“ESRB Privacy Certified”). To help protect your privacy, we have voluntarily undertaken this privacy initiative. As a licensee in this privacy certification program, we are subject to audits of our Services and other enforcement and accountability mechanisms administered independently by ESRB Privacy Certified. The technology behind our parent/family and developer portals has been reviewed and certified by ESRB Privacy Certified. If implemented correctly by our clients, our developer portal facilitates compliance with the U.S. Children’s Online Privacy Protection Act (COPPA).

What do we do?

We wear a few different “hats” when it comes to processing personal information. For example, in some cases, we work directly with video game companies, who integrate our technologies with their existing account systems. In these scenarios, we process any personal information our developer partners provide to us (which is typically limited to your location, age information, and other information used to identify your game session and/or publisher account session) as a “data processor” or “service provider.” This means that our processing of the personal information they provide to us is governed by the contracts that we have in place with our partners, not by this Privacy Policy. If you have questions about how a game developer is using information from you or your child in a particular game, you should contact that game’s provider.

On the other hand, there are some times where we interact with you directly, such as when you visit our website or use our Family Portal.  For this personal information, we operate as a “data controller” – that’s what this Privacy Policy covers.

Give me the short version: What do parents and players need to know?

• If you engage with our Services either through a game we support or through our Family Portal, we typically get your city-level location from your device’s IP address, or from you entering in your location directly. Depending on the legal requirements where you live, we or our service providers might also need to collect proof of either your age, the fact that you are a player’s parent or guardian, or both. You typically have multiple options regarding how you provide this information. Either way, k-ID doesn’t store the information used to validate ages or parent/guardian status; all we store from that process is the result of the validation.
• Within our Family Portal, parents and legal guardians have the ability to add and manage members of their family, provide or confirm each family member’s age, see and control the games they have access to, and configure their permissions. We store that personal information on our end, and use it  to communicate to our developer partners how to adjust your child’s in-game experience accordingly.
• We make our money through our partnerships with game developers, not advertising. As such, we do not sell your or your child’s data to advertisers.

With that out of the way, here’s the full Privacy Policy!

1. SCOPE AND UPDATES TO THIS PRIVACY POLICY

2. PERSONAL INFORMATION WE COLLECT

3. HOW WE USE YOUR PERSONAL INFORMATION

4. HOW WE SHARE YOUR PERSONAL INFORMATION

5. YOUR PRIVACY CHOICES AND RIGHTS

6. SECURITY OF YOUR INFORMATION

7. INTERNATIONAL DATA TRANSFERS

8. RETENTION OF PERSONAL INFORMATION

9. ADDITIONAL INFORMATION FOR RESIDENTS OF CALIFORNIA, VIRGINIA, CONNECTICUT, UTAH, COLORADO, NEVADA, AND OTHER US STATES

10. CHILDREN’S INFORMATION

11. OTHER PROVISIONS

12. CONTACT US

1. SCOPE AND UPDATES TO THIS PRIVACY POLICY

This Privacy Policy applies to personal information processed by us and our affiliates (collectively “k-ID,” “we,” “us,” or “our”), including on our websites, mobile applications, and other online or offline offerings. To make this Privacy Policy easier to read, our websites, mobile applications, and other offerings are collectively referred to here as the “Services.”

Changes to our Privacy Policy. We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law, such as through an email address, push notification, or other in-app notice. If you continue to use our Services after the new Privacy Policy takes effect, we will assume you have read and acknowledged the new policy

2. PERSONAL INFORMATION WE COLLECT

The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. Generally speaking, we collect personal information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations. See below for more details regarding each category.

A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

• Family Portal. We collect personal information when you create an account, such as your email address, password, and region (inferred at a city-level from your device’s IP address but selectable in the Family Portal). We also collect:‍
• Information required for identity verification in your jurisdiction, which vary based on your jurisdiction but may include:

• Credit card and/or bank transaction information
• A scan of your government-issued ID
• Your full name, date of birth, last four digits of your social security number
• A scan of your facial geometry, facial movements, and/or voice (only offered in select jurisdictions)
• Note: in some jurisdictions (not including the United States), you may also be able to identify yourself using an in-app purchase using the device you use access your games (e.g., Apple Pay/Google Pay). This process may involve additional verification steps based on what device or platform you are using.
• We may offer additional verification methods in the future: we will explain what information is collected from each method before you choose to use it.

• Note, you only need to verify your age using one of the methods above that is offered for your jurisdiction. Regardless of what method you choose, we do not store the information you provide for identity verification. Information about your family and permissions. We ask you to provide the names (or nicknames) of your family members, as well as each member’s birth month and year, and the country they reside in. Once you’ve added a family member, the parent or legal guardian using the Family Portal may see and approve the games that family member has access to, as well as the permissions that member has within each game.

• Your Communications with Us. We may collect personal information, such as your email address, or mailing address when you request information about our Services, request customer or technical support, or otherwise communicate with us.

• Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.

• Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

• Job Applications. We may post job openings and opportunities on our Services. If you respond to one of these postings, we may collect your personal information, such as your application, resume/CV, cover letter, and/or any other information you provide to us.

B. Personal Information Collected Automatically

We may collect personal information automatically when you use our Services.

• Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your Internet Protocol (IP) address, user settings, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, and Internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
• Crash Reports. If you provide crash reports, we may collect personal information related to such crash reports, including detailed diagnostic information about your device and the activities that led to the crash.

• Cookies and Other Technologies. Please see our Cookies Policy.

C. Personal Information Collected from Other Sources

Third-Party Services and Sources. We may obtain personal information about you from other sources, including through third-party services and organizations, such as our identity verification providers. When we receive personal information from our partners, it is limited to your age, jurisdiction, and information used to identify your game session and/or publisher account.

3. HOW WE USE YOUR PERSONAL INFORMATION

We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to improve our products and Services, as described below.

A. Provide Our Services

We use your information to fulfill our contract with you and provide you with our Services, such as:

• Managing your information and accounts;
• Providing access to certain areas, functionalities, and features of our Services;
• Answering requests for customer or technical support;
• Communicating with you about your account, activities on our Services, and policy changes; and
• Processing your financial information and other payment methods for verification purposes.

B. Administrative Purposes

We use your information for various administrative purposes, such as:

• Pursuing our legitimate interests such as research and development (including internal marketing research), network and information security, and fraud prevention;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
• Measuring interest and engagement in our Services;
• Improving, upgrading, or enhancing our Services;
• Developing new products and services;
• Ensuring internal quality control and safety;
• Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;
• Debugging to identify and repair errors with our Services;
• Auditing relating to interactions, transactions, and other compliance activities;
• Sharing personal information with third party service providers and partners as needed to provide the Services;
• Enforcing our agreements and policies; and
• Carrying out activities that are required to comply with our legal obligations.

C. With Your Consent

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

D. Other Purposes

We also use your personal information for other purposes as requested by you or as permitted by applicable law. For example, we may use personal information to create de-identified and/or aggregated information (for example, aggregate reports detailing the total number of users we have in a given jurisdiction).

4. HOW WE SHARE YOUR PERSONAL INFORMATION

We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide our Services

The categories of third parties with whom we may share your personal information are described below.

• Service Providers. We may share your personal information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, identity verification, age assurance, payment processing, customer service, and related services.
• Development Partners. While we do not store or share the personal information used to verify your identity, we share some information with our game development partners, such as the fact that you have been authenticated and the permissions a parent has set for each game if applicable, so that those permissions will be reflected in the game you or your child plays.
• Affiliates. We may share your personal information with our company affiliates, including our US subsidiaries including Kidentify US Inc., for our administrative purposes, IT management, or for them to provide services to you or support and supplement the Services we provide.
• Other Family Members. If a child initiates a request to their parent or guardian to access a game’s expanded online features, we will communicate to the parent or guardian the child’s location, the name of the game the child wishes to play, and when the request was initiated. Likewise, we will communicate back to the child as applicable when the parent has responded to the child’s request.
• APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. If you have additional questions about our use of third-party APIs/SDKs, please contact us as set forth in “Contact Us”

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in an actual or proposed merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred in connection with such a transaction, as permitted by law and/or contract.

5. YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.

• Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms of Service or this Privacy Policy).
• Push Notifications. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device.
• “Do Not Track” / “Global Privacy Control.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Additionally, some browsers or plug-ins use a “Global Privacy Control” (“GPC”), which you can learn more about at https://globalprivacycontrol.org/. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, if our site detects a GPC signal from your device, we will interpret it as either a Do Not Sell request or a request to limit the sale or sharing of personal information for targeted advertising depending on the law applicable to your jurisdiction. Note that we do not currently engage in any targeted advertising or data sales.

Your Privacy Rights. In accordance with applicable law, you may have the right to:

• Obtain access to and Portability of Your Personal Information, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the “right of data portability”);
• Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
• Request Deletion of your personal information;
• Request Restriction of or Object to our processing of your personal information where the processing of your personal information is based on our legitimate interest or for direct marketing purposes; and
• Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

6. SECURITY OF YOUR INFORMATION

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.

By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail, or by sending an email to you.

7. INTERNATIONAL DATA TRANSFERS

All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

8. RETENTION OF PERSONAL INFORMATION

We store the personal information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and comply with applicable laws.

9. ADDITIONAL INFORMATION FOR RESIDENTS OF CALIFORNIA, VIRGINIA, CONNECTICUT, UTAH, COLORADO, NEVADA, AND OTHER US STATES

This Notice at Collection and Supplemental Notice is for residents of states that have adopted comprehensive privacy legislation and others that may come into effect from time to time covering personal information collected in a business or employment context, including, but not limited to California.

A. PERSONAL INFORMATION WE COLLECT AND SHARE

Depending on how you use our Services, the information we may have collected within the last twelve (12) months about you, as well as the categories of third parties with whom we have shared this information, are described in the table below.

B. USE OF PERSONAL INFORMATION

We may use or disclose the personal information we collect for the purposes outlined in Use of Information above. These purposes include:

• To provide our Services to you;
• For our administrative purposes (including security, fraud detection and protection, and improve our Services);
• To process your requests, orders, and transactions (including provide customer service to you);
• To advertise and improve our products and Services to you;
• With your consent; and,
• To comply with law and enforce our rights and the rights of others.

Where required under applicable law, we will not collect additional categories of personal information or use the personal information we have collected for materially different, unrelated, or incompatible purposes without first providing you notice.

C. SALES/SHARING OF PERSONAL INFORMATION

k-ID does not sell our users’ personal information for financial compensation, or otherwise share it with advertisers. This includes the personal information of minors under 16 years of age.

D. YOUR RIGHTS AND CHOICES

Subject to applicable law, if you are a resident of California, Virginia, Connecticut, Utah, or Colorado, or other US States with similar rights, you may have the following rights:

• To Know and Access: to obtain a copy of the specific pieces of personal information we have collected about you or your child.
• Deletion: to request that we delete your personal information. This right may be limited to the extent that we are permitted or required by applicable law to retain certain information. (Note that if you request deletion of your personal information, you may no longer be able to use or access the Services. If you decide to use or access the Services again, we may consider this a new account, and may collect personal information associated with that account in accordance with this Privacy Policy.)
• Opt-Out of Sale and Certain Sharing Practices: to opt-out of certain information sharing practices with third parties who do not act as our service providers. In some states, like California, this information sharing may qualify as a “share” or a “sale,” while in other states, like Virginia, this information sharing may qualify as “targeted advertising” (collectively, “personalized advertising”). We do not currently engage in any data practices that would constitute a data sale or share under these laws.
• Correction: to request the correction of inaccurate personal information that we may have on file about you.
• Obtain additional details regarding our information practices: to request disclosures regarding our information practices. (Note that this information is generally available in this Privacy Policy).

We will not discriminate against you, in terms of price or services that we offer, if you exercise any of the rights listed above.

Verification and Appeal Process: We are required by law to take reasonable steps to verify your identity prior to responding to your request. Please note that your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). If we are unable to process your request via you authenticating yourself on the Services, we may verify your request by asking for information sufficient to confirm your identity, based on the information we have on file. Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and as permitted by applicable law. Where required by applicable law, we will notify you if we reject your request, and notify you of the reasons we are unable to honor your request.

If you are a resident of Colorado, Virginia, or Connecticut, you may have the right to appeal a request we deny when we have verified your identity and still decline to honor your request. The process for that appeal will be sent to you separately if your request is denied.

Authorized Agent: Depending on where you live, you may have the right to use an authorized agent on their behalf to exercise a privacy right discussed above. If you are an authorized agent acting on behalf of a user to communicate with us or to exercise a privacy right discussed above, you must be able to demonstrate that you have the requisite authorization to act on behalf of the user, and have sufficient access to that user’s laptop, desktop, or mobile device to exercise that user’s right digitally. If you are an authorized agent trying to exercise rights on behalf of one of our users, then you can make a request on the user’s behalf by contacting us as set forth below in the “Contact Us” section: Such requests must include the following information: (1) a written authorization from the consumer that includes the consumer’s full name, address, telephone number and valid email address used by the consumer to interact with us, that is signed by the consumer and clearly bestows upon the agent the proper authority; and (2) a certificate of good standing with your state of organization.  Alternatively, an acting agent can provide a valid power of attorney signed by the consumer on the agent’s behalf and a valid email address used by the consumer to interact with us.  The email address of the consumer will be used to separately verify the agent’s authority with the consumer.  

Shine the Light Disclosure: California residents are entitled to ask us for a notice that identifies the categories of personal information that we share with our affiliates and/or third parties for their direct marketing purposes, and provides contact information for such affiliates and/or third parties. Please note that we do not share personal information with third parties for their direct marketing purposes.

De-Identified Information. If we create or receive de-identified information, we will not attempt to re-identify such information, except to comply with applicable law.

E. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at privacy@k-id.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in Contact Us below.

10. CHILDREN’S INFORMATION

Protecting children’s privacy online is core to what we do. When an individual accesses our Family Portal and asserts that they are the parent or guardian of a child who has initiated a permission request in-game, we follow the law of the parent’s location to verify their identity. Meanwhile, when children use our Services, we limit access to certain features based on their age and the laws in their location. We also limit our personal information collection and sharing to only what is necessary to support the internal operations of our Services until we have obtained the verifiable consent of the child’s parent or legal guardian.

If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, or wish to review information collected from your child, or have that information modified or deleted, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless it is necessary for us to retain it to comply with our legal obligations (for example, to comply with a lawful investigation) or to protect the integrity of our Services. We will then revert them to the underage experience, if applicable.

11. OTHER PROVISIONS

Third-Party Websites/Applications. The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

Supervisory Authority. If your personal information is subject to the applicable data protection laws of Australia, Brazil, the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority or attorney general if you believe our processing of your personal information violates applicable law.

• Office of the Australian Information Commissioner
• Autoridade Nacionalde Proteçãode Dados (ANPD)
• EEA Data Protection Authorities (DPAs)
• Swiss Federal Data Protection and Information Commissioner (FDPIC)
• UK Information Commissioner’s Office (ICO)
• Spanish Data Protection Agency (AEPD)

12. CONTACT US

Kidentify Pte. Ltd. is the controller of the personal information we process under this Privacy Policy.

If you have any questions about our privacy practices or this Privacy Policy or to exercise your rights as detailed in this Privacy Policy, you can initiate a support request through the Family Portal by navigating to the “Help” section and following the prompts to submit a request, or by contacting us directly at:

Kidentify Pte. Ltd.
Data Protection Officer
privacy@k-id.com

‍

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), KIDENTIFY Pte. Ltd. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

• by using EDPO's online request form: https://edpo.com/gdpr-data-request/
• by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the UK GDPR, KIDENTIFY Pte. Ltd. has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

• by using EDPO's online request form: https://edpo.com/uk-gdpr-data-request/
• by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

ESRB Privacy Certified 

Kidentify Pte. Ltd. is a licensee of the ESRB Privacy Certified program. If you believe we have not responded to your privacy-related inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at https://www.esrb.org/privacy/contact/ or privacy@esrb.org.