SELF

SELF ID PRIVACY POLICY

Last updated: October 16, 2025

The founding mission of Self ID, Inc. (“SELF ID”, “we” or “us”) it to safeguard your privacy by providing you with meaningful control and ownership over your personal data. That commitment is reflected in our own information processing practices. This privacy policy (“Privacy Policy” or “Policy”) explains who we are, how we collect, use and disclose (or otherwise process) your personal information, what privacy rights you have and how you can exercise your rights. The terms “personal information” and “personal data” may each be used interchangeably in this Policy. Definitions for capitalized terms not otherwise defined in this Policy can be found in our Self Products Terms and Conditions.

We recommend that you read this Policy in full as it contains descriptions of our personal information processing practices and explanations of your legal rights. To make this policy easier for you to review, we have divided the document into the following sections:

Who we are
What personal information we collect
How we use your personal information
Unique privacy aspects of distributed ledger technology (i.e., “blockchains”)
Your rights under data protection laws
Additional State-Specific Privacy Disclosures
Cookies and other online tracking technologies
General information

1. Who we are

1.1 The SELF ID corporate entity

SELF ID is a technology company headquartered in the United States that provides a unique platform for you to control your personal information. We are a fully remote company and have a globally distributed workforce. For residents of the European Economic Area or other jurisdictions with laws applicable to the processing of your personal information, please be aware that your personal data will be transferred to and processed in the United States, where our servers, employees and service providers are principally located. By providing us your personal data or otherwise using SELF Products, you consent to the transfer and processing in accordance with this Policy.

1.2 Our products and services

There are several ways in which you may interact with us: visiting our website, accessing the products and services we provide (“SELF Products”), and/or using our products and services by interacting with other parties (“Third Parties”) through our products. Each of the interactions entails a different nature of disclosure of your personal information, and will be described further in this Policy.

2. What personal information we collect

Depending on how you are interacting with us, we collect certain of your personal information that you disclose voluntarily and other information that we collect automatically. Where we collect your personal information for our own purposes as set forth in Section 3.1, we are the controller. In circumstances where you disclose your personal information to Third Parties, such Third Parties act as the controller with respect to your personal information.

Please read the following information for further explanations.

2.1 Visiting our website

(a) Personal information you provide

When you interact with our website available at www.selfid.com (“Website”), you may choose to disclose certain personal information to us based on the features and functionality of the Website. For example, you may choose to receive a newsletter about us or our products and services, in which case we will collect your email address. Other personal information that you may choose to share with us include your name, phone number, employer, job title, and professional contact information.

(b) Personal information we collect automatically

When you visit or interact with our Website, personal information that we collect automatically is very limited and is broadly characterized as session information. This session information consists of the following analytics/performance information: the amount of time you spend on the Website, Website navigation information like which pages you visit and the links that you click, and the country in which your web browser is located. We also collect the following metadata: device information (like operating system and screen resolution), location (town/city and country), and browser.

We use Matomo to collect the above information from our Website. For more information on how we use Matomo, please see Section 7 (Cookies and other online tracking technologies).

2.2 Personal information you disclose to us in your accessing of SELF Products

(a) Personal information you provide

During your sign up to access SELF Products, you may either create a digital wallet or connect your SELF Products to an existing digital wallet that you control. The architecture of SELF Products is self-custodial meaning that, when you download our mobile applications, access SELF Products through your web browser or in any other method or manner that we may support from time-to-time, the personal information you store in your wallet is not collected or processed by us. In either event, we cannot and do not associate this information with specific individuals.

You may disclose personal information to us where you request technical assistance or support in your use of SELF Products. Specifically, when you create a support ticket, you will provide us with your email address for correspondence. When you submit your support ticket, do not send us any personal information that may be associated with any engagements with Third Parties (including any SELF wallet address information) and, for clarity, we will delete any of your personal information submitted via a support ticket from both our production and any backup systems we maintain.

(b) Personal Information we collect automatically

Through our analytics service provider, we automatically collect and process the following data in anonymous form (meaning it cannot be used to identify you nor is it associated with you):

Event information (for example, when a button is clicked, a filter is used, or a decentralized identifier, or “DID”, is copied)
Session Metadata (like time spent on SELF Products, pages visited, device information including operating system and screen resolution, and browser);
Geolocation information consisting of city and country (please know that this not a precise geolocation but a general location based on an anonymized IP address and is not associated with you);
Certain customer dimensions (like crash rate by app version).

During the signup process, you will be asked whether you would like to disclose the above listed information to us. If you opt-in to sharing this information when signing up, you can always opt-out later in the SELF Products “Settings.”

2.3 Personal information you disclose in using SELF Products

(a) Personal information you provide to Third Parties

The secure nature of your SELF wallet means that only those Third Parties to whom you make disclosures receive your personal information. The personal information contained in your SELF wallet is under your control and this can range from public information (your name or email address) to sensitive information (health and financial records). The nature of the personal information you disclose to such Third Parties depends entirely on the nature of the services such Third Parties are providing you and may include:

Personal identifiers (examples include name, address, IP address, phone number, social security number or other uniquegovernment identifying numbers contained on images of government identification documents)
Customer records (examples include bank account numbers)
Biometric data (examples include fingerprints, voice recordings, and face recognition or identification)
Sensory data (if you send us any videos that contain audio)
Geolocation data (examples include location history and IP address)
Educational information (examples include admissions and graduation history, test scores, and degrees earned)
Professional or job-related information (like employment history, job title and other employment records)

(b) Personal Information collected automatically by Third Parties

When you request services from Third Parties, said Third Parties may collect anonymous data from your device regarding errors, crashes, and other performance-related matters. The data collected consists of your device type and model, operating system version, and other information to help diagnose and resolve issues. This information is anonymous and cannot be linked to you.

(c) SELF ID does not process your personal information

When you disclose the personal information in your digital wallet to Third Parties through SELF Products, including Attesters and Requesters, you are not disclosing this information to us. Further, when you disclose your personal information to Third Parties using SELF Products - for example, when you use Sign in with Your SELF (“SIWYS”) - it is you who controls the disclosure of information and we have no visibility into the personal information you disclose. Personal information that you disclose in these contexts is subject to such a Third Party’s privacy policy and terms and conditions. It is incumbent upon you, and solely your responsibility, to apprise yourself of the personal information practices of any such Third Party. For additional information, please see Section 3.3 (Third parties to whom you disclose your personal information through SELF Products).

(d) Personal information that we collect automatically

Aside from Usage Data and Session Information (see Section 2.2), we do not automatically collect your personal information when you use SELF Products. However, certain of your personal information is disclosed to other parties when you interact with blockchains. Please see Section 4 for more information.

(e) Biometric information

SELF Products, specifically the SELF Mobile App, may and only where you opt-in, use your device’s built-in biometric authentication features like Face ID or Touch ID, to provide secure access to your SELF Wallet. We neither store nor process any biometric data and all authentication is performed directly on your device pursuant to the manufacturer’s specifications.

2.4 Personal information we collect from other sources

Apart from what is disclosed in this Section 2 (What personal information we collect) and Section 7 (Cookies and other internet tracking technology), as of the Effective Date of this Policy, SELF ID does not collect personal information about you from Third Parties (through SELF Products) or any other third parties.

3. How we use your personal information and on what legal basis

3.1 The business purposes for which SELF ID processes your personal information

We process your personal information for the following purposes:

Provide, operate and maintain the Website and SELF Products. For such processing, the legal basis is our own legitimate interest.
Respond to your inquiries and fulfill your requests, such as to send you requested materials and newsletters. For such processing, the legal basis is our own legitimate interest or your consent.
Conduct our own marketing activities and communicate with you about SELF Products and our other services, events and Promotional Offers. For such processing, the legal basis is your consent.
Send administrative information to you which includes, for example, information regarding our Website and changes to our terms. For such processing, the legal basis is our legitimate interest.
Provide, operate and maintain SELF Products, including in the provision of customer or technical support that you request. For such processing, the legal basis is our legitimate interest.
Process certain payment information where required based on your use of SELF Products.
Improve SELF Products and our other services, including diagnosing and/or fixing technical issues or problems with SELF Products and detecting, preventing and investigating security incidents or similar behaviors or events.
To comply with our legal obligations.
To establish, defend, or enforce our legal rights.
With your consent and at your direction, to certain third parties and our service providers in order to maximize your user experience.

3.2 Third parties to whom we disclose your personal information

(a) Our disclosures of your personal information

We disclose your personal information we collect (as described in Section 2.2 of this Policy) for our business purposes only. We disclose your personal information to our service providers and other parties only as necessary for the provision of SELF Products. Accordingly, your personal information will only be disclosed to:

Affiliates of SELF ID, to the extent that the transfer is necessary to process your communication and inquiries that you have requested through the Website or other means of communication (for example, social media platforms), or in the provision of SELF Products.
Service providers in countries where we operate, to the extent the transfer is necessary to provide the Website and SELF Products, IT, system administration and hosting, analytics, marketing and other business operations in accordance with those set forth in section 3.1 of this Policy.
In cases where we are legally obliged to do so or where there is a legally binding judgment, as well as in cases where we enforce our rights or defend ourselves against claims.

All of our service providers are contractually obligated to process personal information only on our instructions. The service providers are not permitted to use personal information for their own purposes without our approval or as otherwise permitted by applicable law.

(b) Payments

Anytime you enter into an Engagement wherein money is exchanged using SELF Mobile Apps, the transaction is administered either by Apple (when using an iOS device) or Google (when using Android) (collectively, “In-app Purchases”). When you use In-app Purchases, you are disclosing your information directly to either Apple or Google and SELF ID plays no role in the transaction, nor do we have any visibility into your personal information disclosed (financial or otherwise). For the avoidance of doubt, the terms and conditions and privacy policy of the respective entity administering the transaction apply to any such In-app Purchase.

(c) Hyperswarm

Self ID uses Hyperswarm, a shared global registry, to publish all DID operations. Hyperswarm is an open source data distribution protocol that operates on a peer-to-peer model, with more information available here . All data uploaded to Hyperswarm is encrypted so that only the parties to the transaction can access the underlying data. When you use SELF Products, your User Data is uploaded to Hyperswarm and may include the following:

Personal identifiers (examples include name, address, social security number or other unique government identifying numbers contained on images of government identification documents)
Customer records (examples include bank account numbers)
Biometric data (examples include fingerprints, voice recordings, and face recognition or identification)
Sensory data (if you send us any videos that contain audio)
Geolocation data (examples include location history and IP address)
Educational information (examples include admissions and graduation history, test scores, and degrees earned)
Professional or job-related information (like employment history, job title and other employment records)

Hyperswarm operates largely as a blockchain, meaning that the data uploaded to it is immutable, or permanent (for more information, see Section 4 of this Policy). This means that individual nodes on the Hyperswarm network may retain copies of your data, even if you’ve initiated data deletion. Self ID is not responsible for your data on the Hyperswarm network.

3.3 Third Parties to whom you disclose your personal information through SELF Products

SELF ID serves entirely as a conduit of your personal information. We do not control any of your disclosures of personal information to Third Parties in using SELF Products and are not in a position to assist you in the event of your inadvertent disclosure. Your disclosure of such personal information to Third Parties is subject to the privacy policies of such parties, the nature of the services that those Third Parties provide, and such parties are solely responsible for processing your personal information.

3.4 Personal Information retention periods

(a) SELF ID's General Data Retention Periods

We retain personal information we collect from you where we have an ongoing legitimate business need to do so. When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize such data.

If you elect to receive notifications about SELF Products from us, or subscribe to our newsletter, SELF ID will store the relevant information until you unsubscribe.
A different personal data retention period may apply in connection with legal claims that could be made against SELF ID. In such circumstances, the personal data will be deleted after the relevant periods have expired or the relevant process has been completed.

Please see Section 4 for additional privacy considerations regarding blockchains.

(b) Netki, Inc. Data Retention Period

If you use any Netki, Inc. attestation services, Netki shall retain your data for one (1) year after the issuance of the attestation. At the end of the one (1) year period, Netki, Inc. will automatically delete your data.

4. Unique privacy aspects for distributed ledger technology (“blockchains”)

4.1 Privacy and the nature of blockchains

Distributed ledger technology, commonly known as “blockchains”, provide you with powerful controls over your personal information. Permissionless blockchains operate on global networks of “nodes”, or servers, that are independently managed according to the blockchain's protocols, or rules. This means that no one party controls the entire system of nodes on which the subject blockchain operates. But, it also means that data you upload to the blockchain can be distributed globally, as the network of nodes is not limited to any one geographic location. Due to this distribution and the permanence of blockchain data, you must be careful when you upload any of your information to a blockchain because it is immutable, meaning it can never be removed. For this reason, when you create a digital wallet using SELF Products, your underlying personal information is not uploaded onto a blockchain, but only pseudonymous information outlined in Section 4.3 below.

4.2 How SELF Products interact with blockchains

SELF Products interact with blockchains through the Multidimensional Identity Protocol (or “MDIP”). MDIP uses blockchain networks as immutable ledgers where the existence of a DID is included in a blockchain transaction. MDIP refers to these peer-to-peer networks as “Registries”. The purpose of the Registry is to witness the existence of a DID at a point in time, and MDIP records the minimal amount of personal information possible, namely the DID itself.

4.3 What information you disclose when interacting on a blockchain

The following data is typically uploaded onto a blockchain when you use SELF Products. This information is pseudonymous, meaning that it can only be attributed to you with the use of additional information that is typically not available in the blockchain itself:

Your Decentralized Identifiers (“DIDs”), which is a globally unique identifier made up of a string of letters and numbers that act like an identifying address on a verifiable data registry and are independent of any organization.
Each such DID’s Documents, which are generally the metadata for the DID, and include the verification methods (including your public key).
Your public key, which is a cryptographic address derived from your digital wallet's private key. It acts as your address on the relevant blockchain.
Transaction history, which consists of the transaction details regarding your wallet. This includes the DID of the document being certified, blockchain witness signatures, the recipient's public key, and the timestamp of the transaction. This is immutable once added to the blockchain. Digital signatures, which is a recording of your transactions that you have verified using your private key, which only you know.
Digital signatures, which is a recording of your transactions that you have verified using your private key, which only you know.
State changes, which reflects any changes in the state of the blockchain ledger, or record. This includes new registrations of your DIDs.

Your personal information is not automatically stored directly on the applicable blockchain. Rather, it is stored in your digital wallet, which is local on your device or in another off chain location that you designate. Always exercise caution when you interact with blockchains as they are immutable, and any data you post cannot be removed.

5. Your data protection rights under European Data Protection Laws (including Switzerland)

With respect to the personal data you disclose to us in our providing SELF Products, we are acting as a controller under the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and depending on your location and subject to applicable law, you may contact us at privacy@selfid.com to exercise the following rights:

To request information about personal data processed by SELF ID;
To request rectification of inaccurate or incomplete personal data held by SELF ID;
To request the erasure of your personal data stores by SELF ID, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
To request the restriction of the processing of your personal data if you contest the accuracy of the data;
To obtain your personal data provided to SELF ID in a structured, common and machine-readable format or transferring it to another responsible party;
To revoke your consent to SELF ID at any time, this means that SELF ID may no longer process your personal data where the legal basis for such processing is your consent; and
To not be subject to automated decision making
If you are a resident of Switzerland, your personal data is protected under the Federal Act on Data Protection (FADP), and you can find information on filing a complaint with the Federal Data Protection and Information Commissioner here .

Please refer to Section 4 regarding your personal data on blockchains. Further, as set forth in Section 2.3, you may elect to disclose your personal data to Third Parties in your use of SELF Products and, in such circumstances, the privacy policies of such third parties shall govern the processing of your personal data disclosed and not this Policy.

6. Additional State-Specific Privacy Disclosures

Please review our Additional State-Specific Privacy Disclosures for additional information on our information practices under applicable U.S. state data privacy laws.

7. Cookies and other online tracking technologies

Cookies are small text files stored on your device (computer or smartphone) when you visit a website. They are widely used to make websites work more efficiently and provide better user experience. Cookies can also help with website functionality, tracking, and remembering your preferences or actions over time.

7.1 Category of Cookies used by SELF ID

SELF ID deploys only Analytical/Performance Cookies on the Website, enabling us to collect information about how visitors use our Website including, for example: the number of visitors, the pages they visit, and the duration of their visit. This data helps us improve the Website and provide you with a better experience. Accordingly, the following two Analytics/Performance Cookies are used on the Website:

Name/Owner	Purpose	Usage	Expiration
_pk_id/Matomo	Stores a unique visitor ID	First-party website analytics	13 months
_pk_ses/Matomo	Session cookie temporarily stores data for the visit	First-party website analytics	30 minutes

More information on the above Cookies is made available by Matomo here.

7.2 Managing your Cookie Preferences

Most internet browsers allow you to control Cookies through their settings. You can disable or delete Cookies by adjusting your browser settings. The following links provide information on how to manage Cookies on some of the most popular browsers:

Please note that if you disable Cookies, some features of the Website may not function as intended and your experience with our Website may be affected.

8. General Information

8.1 Children's personal information

Pursuant to California law, SELF ID does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.

If you are under 13 years of age (or 16 in certain EEA jurisdiction) and any processing by SELF ID of your personal information is based upon consent, consent must be given or authorized by your parent or legal guardian. SELF ID does not knowingly process the information of natural persons below the aforementioned ages, nor does SELF ID direct its Website or any SELF Products to children.

If we are to discover that we are processing information of children below the aforementioned ages without appropriate consent, we will purge said information from our systems

8.2 Securing your personal information

We, and our service providers, use commercially reasonable practices to safeguard and secure your personal information.

8.3 Third-party Websites and Applications

SELF Products may contain links to, or integrations with, other products and services providers (“Third-party Websites and Applications”). Where you access or use such Third-party Websites and Applications, be advised that such third-parties maintain their own privacy policies and personal information processing practices. We are not responsible for the information practices of such third parties and encourage you to review those subject policies prior to sharing your personal information.

8.4 Changes to this Policy

SELF ID will review and update this Policy periodically and will note the date of its most recent version above. If we make material changes to this Policy, we will notify you either by prominently posting a notice of such changes prior to implementing or directly sending you a notification.

8.5 Government information requests

Up until the Effective Date of this Policy, SELF ID has not received any requests from government agencies, including but not limited to the United States Federal Bureau of Investigation (FBI), in the form of a National Security Letter or an order under the Foreign Intelligence Surveillance Act (FISA).

8.6 Contact Information

If you have questions or suggestions regarding this Policy, please contact us at privacy@selfid.com