Last updated: 10-Aug-2025

IdentX Labs Pvt. Ltd. (“IdentX”, “we”, “our”, or “us”) is a technology company specializing in device intelligence, risk assessment, and fraud prevention. Our products help enterprises detect and prevent device-based fraud, unauthorized access, and security risks across digital ecosystems.

This Privacy Policy explains how we collect, process, store, and protect data when users, customers, or their end-users interact with our websites, SDKs, APIs, and related services (“Services”).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, you should discontinue use of our Services.

This Policy applies to:

• Visitors to our websites and online portals.
• Customers and their authorized users who access our Services under a subscription or agreement.
• Data processed through our SDKs and APIs integrated into customer applications.

This Policy does not apply to customer-owned data collection practices or to any third-party websites, services, or integrations that are not operated or controlled by IdentX Labs.

We collect information in the following categories:

• 3.1 Information You Provide to Us
  When you register, contact us, or engage with our Services, we may collect:
  
  • Account Information: Name, business email, company name, job title, and login credentials.
  • Billing and Financial Information: Payment details, invoicing information, and tax identification where applicable.
  • Support and Communication Data: Messages, requests, and correspondence sent to our team.
  We use this data to deliver and maintain our Services, respond to inquiries, and manage customer relationships.
• 3.2 Information Automatically Collected by Our Services
  When our SDKs or APIs are embedded within a customer’s application, IdentX may automatically collect technical and risk-assessment data to generate device fingerprints and detect anomalies.
  This may include:
  
  • Device Attributes: Hardware model, operating system version, screen resolution, language, timezone, and app version.
  • Network Metadata: IP address, carrier, connection type, and region.
  • Security Posture: Root/jailbreak indicators, hooking or tampering detections, emulator or virtual OS signals, VPN usage, GPS spoofing attempts, and other behavioral markers.
  • Device Identifiers: Pseudonymous identifiers generated by IdentX algorithms for persistent device recognition.
  We do not collect personally identifiable information such as names, contact numbers, stored media, or user messages. The technical data collected is used strictly for security and fraud-prevention purposes.

We use the data collected solely to:

• Generate persistent device identifiers and risk scores.
• Detect and mitigate fraudulent or unauthorized behavior.
• Enhance detection accuracy, performance, and stability of our Services.
• Provide analytics, dashboards, and reports to enterprise customers.
• Fulfill contractual and legal obligations.
• Conduct internal security, research, and product development activities.

All processing activities are performed under lawful contractual and legitimate interests of fraud prevention, risk management, and service improvement.

Depending on jurisdiction, IdentX processes data under the following lawful bases:

• Legitimate Interest: Fraud detection, platform security, and risk analytics.
• Contractual Necessity: To perform obligations arising from service agreements with our customers.
• Compliance with Law: Where required to meet legal or regulatory requirements.
• Consent: For specific use cases (e.g., demo requests, marketing communication).

• Technical and risk data are retained only as long as necessary for providing our Services or meeting contractual obligations.
• Account and billing data are retained for legal, tax, or compliance reasons.
• Upon termination or written request from a customer, we delete or irreversibly anonymize associated data within a commercially reasonable period, unless retention is legally required.

We employ industry-standard security controls to protect data from unauthorized access, disclosure, alteration, or destruction. Measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access control and credential rotation.
• Secure infrastructure hosted with leading cloud providers (e.g., AWS, GCP).
• Continuous monitoring, logging, and intrusion detection.
• Periodic internal and external security audits.

Despite our best efforts, no system is entirely immune from security risks. Customers are advised to maintain confidentiality of their API keys and account credentials.

IdentX Labs does not sell, rent, or trade any information.

We may share limited data only under the following circumstances:

• With Service Providers: Trusted third-party processors (e.g., cloud storage, analytics) operating under confidentiality and data processing agreements.
• With Authorities: When required by law, regulation, or valid legal process.
• In Corporate Transactions: In case of merger, acquisition, or sale of assets, provided contractual privacy safeguards remain in effect.

All third-party transfers comply with applicable data protection frameworks, including GDPR Standard Contractual Clauses or equivalent safeguards.

IdentX may process data across multiple jurisdictions. When transferring data outside the country of origin, we ensure adequate protection through:

• Data Processing Agreements with Standard Contractual Clauses (SCCs).
• Hosting infrastructure located in compliant regions (e.g., EU, Singapore, India).
• Technical and organizational safeguards that maintain equivalent levels of protection globally.

When our SDKs or APIs are implemented within customer applications, IdentX acts as a data processor.

Our customers act as data controllers and are responsible for:

• Obtaining necessary consents from their end-users.
• Providing clear disclosures regarding the integration of IdentX Services.
• Ensuring their use of IdentX aligns with applicable privacy laws and user agreements.

Depending on applicable privacy laws, individuals may have rights to:

• Access, rectify, or erase their data.
• Restrict or object to data processing.
• Request portability of data in a structured format.
• Withdraw consent where applicable.

Requests can be directed to privacy@identxlabs.com. We may require identity verification and act within the timelines prescribed by law.

Our website uses essential cookies for functionality and analytics cookies for performance measurement.

We do not use advertising or profiling cookies.

You can modify cookie preferences via your browser settings at any time.

Our Services are designed for enterprise and developer use only. We do not knowingly collect or process any data relating to individuals under the age of 18.

We may update this Privacy Policy periodically to reflect product, legal, or regulatory changes.

All revisions will be posted on this page with an updated “Last Updated” date.

Material changes will be communicated through official channels or email notices where applicable.