Terms of service for Deep ID

1. Scope

This Privacy Policy applies to:

DeepID websites

DeepID APIs and SDKs

Device fingerprinting services

SIM binding verification services

Fraud intelligence and risk scoring services

Customer dashboards and developer platforms

DeepID primarily acts as a data processor for organizations that integrate our services.

The organizations integrating DeepID ("Customers") remain responsible for collecting user consent and ensuring lawful use of personal data.

2. Definitions

Customer
An organization integrating DeepID services to enhance fraud detection, authentication, or risk analysis.

End User / Data Subject
An individual whose device information or telecom information is analyzed through DeepID services.

Device Fingerprint
A probabilistic identifier derived from device attributes, software signals, and behavioral characteristics used to recognize a device.

SIM Binding
The association of a mobile phone number with a device identity through telecom metadata and device signals.

3. Information We Collect

DeepID collects only the information necessary to provide device intelligence and fraud prevention services.

3.1 Device Information

When a device interacts with an application integrated with DeepID, we may collect technical signals including:

Device model and manufacturer

Operating system version

Device hardware attributes

Browser or application environment

Screen resolution and display attributes

Device timezone

Installed app signals (where permitted)

Device language settings

Device configuration metadata

These signals are used to generate a device fingerprint.

3.2 Network and Connectivity Data

We may collect network-level signals such as:

IP address

ISP information

Network type (WiFi / mobile network)

Connection metadata

Carrier information

These signals help detect suspicious network behavior.

3.3 SIM and Telecom Metadata

For SIM binding verification services, DeepID may process telecom signals including:

Mobile phone number

SIM operator

SIM country information

SIM change signals

Device-SIM association signals

DeepID does not access SMS content or call content.

SIM information is used solely for identity validation and fraud prevention.

3.4 Device Identifiers

Where permitted by the platform and integration method, DeepID may process identifiers such as:

Advertising identifiers

Device instance identifiers

Application instance identifiers

Device hash values

These identifiers help recognize returning devices.

3.5 Behavioral Signals

DeepID may analyze behavioral and environmental signals including:

Session activity patterns

Login event metadata

Device usage signals

Risk indicators associated with abnormal behavior

These signals assist in fraud detection and anomaly analysis.

4. How We Use Information

DeepID processes collected information for the following purposes:

Device Identification

To generate and maintain device fingerprints that allow customers to recognize trusted devices.

SIM Binding Verification

To confirm whether a phone number and device are associated in a consistent and trusted manner.

Fraud Detection

To identify suspicious behavior including:

account takeover attempts

SIM swap fraud

bot activity

identity spoofing

device emulation

Risk Scoring

To generate fraud risk signals and device trust scores.

Platform Security

To protect the integrity of our infrastructure and services.

5. Role of DeepID (Data Processor)

In most integrations, DeepID acts as a data processor.

Customers integrating DeepID services act as data controllers and are responsible for:

obtaining user consent

ensuring lawful processing

providing privacy notices to their users

DeepID processes information solely for the purposes described in service agreements with customers.

6. Data Sharing

DeepID does not sell personal information.

Information may be shared in limited circumstances including:

Service Infrastructure Providers

Trusted cloud infrastructure providers used for hosting and processing.

Fraud Intelligence Partners

Aggregated or risk-related signals may be shared with trusted fraud prevention partners where necessary to improve detection accuracy.

Legal Obligations

DeepID may disclose information if required by law, regulatory authorities, or court orders.

7. Data Retention

DeepID retains device and fraud intelligence data only as long as necessary to:

provide services to customers

maintain fraud detection models

comply with legal obligations

investigate security incidents

Retention periods may vary depending on regulatory requirements and contractual obligations.

8. Security Measures

DeepID implements robust technical and organizational security measures including:

encryption in transit (TLS)

encryption at rest

secure API authentication

strict access control policies

infrastructure monitoring

anomaly detection systems

periodic security audits

These safeguards are designed to protect sensitive information from unauthorized access.

9. User Rights

Depending on applicable laws, individuals may have rights including:

access to personal information

correction of inaccurate data

deletion of data

restriction of processing

Requests related to personal data should typically be directed to the organization that integrated DeepID services, as they control the primary relationship with the user.

10. International Data Transfers

DeepID infrastructure may process data across multiple geographic regions depending on service deployment.

Where international transfers occur, appropriate safeguards are implemented to ensure data protection.

11. Changes to This Policy

DeepID may update this Privacy Policy periodically to reflect changes in services, legal requirements, or operational practices.

Updated policies will be published on the DeepID website.