How it worksDemoPricingDeveloperSign inGet started
How it worksLive demoCoveragePricingIntegration guideAPI referenceSign inGet started

Privacy Policy

This policy describes how Iris Development AB collects, uses, and protects your personal data.

Provider and scope

This Privacy Policy applies to the PassportReader API, SDK, related web properties, Iris ID application, and Biometric Passport Reader application. By using these products, you agree to the collection and use of information as described here.

These products and services are provided by Iris Development AB (registration number 556755-7201), registered in Sweden.


Products covered by this policy

• PassportReader API, SDK and website.
• Iris ID mobile application.
• Biometric Passport Reader mobile application.


Information collection and use

Depending on product usage, we process personal and technical information for identity verification, account management, fraud prevention, product operation, and reliability.

• Personal data may include but not limited to, your name, date of birth, sex, nationality and facial image.
• Account and business profile data may include email, first and last name, business name, business address, and VAT number when applicable.
• Operational diagnostics may include error codes, document type and issuer, device model, operating system version, app configuration, and browser user agent.


Product-specific handling details

Iris ID app: Personal data is processed for identity verification. Data may be retained by us for up to 1 hour and is shared with the third party that requested the identity verification session.

Biometric Passport Reader app: Personal data from a read document is processed on the user's device and retained temporarily on the device until the app is closed. No information is shared with third parties.

PassportReader API: Customer account and usage information is processed to provide the service and billing workflows.

PassportReader SDK: Personal data is processed for identity verification. Data may be retained by us for up to 1 hour and is shared with the third party that requested the identity verification session.


Retention, deletion and security

Identity verification data is encrypted in transit and at rest, and retained during the session lifecycle, up to one hour, and deleted at session end.

Under GDPR, for identity verification processing done on behalf of customers, PassportReader acts as a data processor.


Cookies and local storage

The mobile applications do not use cookies or store data through browser storage. The website service uses browser local storage for settings and user experience. Local storage can be disabled without affecting core service operation.


Third-party sharing

We do not share information with third parties except where required to deliver the relevant product flow, such as sharing Iris ID identity verification results with the party that initiated the session.


Related legal pages

For contractual processing terms and legal role allocation, see our Data Processing Agreement. For service retention specifics, see Data practices.


Contact

For privacy-related questions, contact [email protected].


Changes to this Privacy Policy

We may update this Privacy Policy from time to time and recommend periodic review.

Last updated 2026-03-25.