Polyguard Privacy Policy

Last Updated: November 17, 2025

1. Introduction

Polyguard brokers secure identity verification to authorize participants joining voice and video calls, ensuring that the people on your calls are who they claim to be. We work alongside your existing communication platforms, including Zoom, Microsoft Teams, and WebRTC-based applications, and are fully compatible with end-to-end encrypted calls.

The Polyguard Verification System is also available via SDK for identity verification in other contexts, including financial transactions, step-up authentication for remote workers, and other applications where authenticity matters, including dating, voting, commerce and telemedicine. This Privacy Policy applies to all uses of Polyguard services.

This Privacy Policy describes how we collect, use, and handle your information when you use our services. Your privacy is foundational to our business. We do not monetize your data, and we have designed our systems to minimize data collection and retention. We do not have access to the content of your calls.

2. Our Core Privacy Commitments

We do not store your credentials or biometric data outside of your mobile phone, where it is encrypted and uses the secure hardware enclave to manage the encryption key. When you verify your identity through Polyguard, we facilitate verification but do not capture, store, or retain the underlying biometric data, identity documents, facial images, or other sensitive verification materials. Where possible, we verify identity directly via NFC scanning of your identity document on your own device, with no third-party involvement. When NFC verification is unavailable, we use trusted document-proofing providers (see Section 4). In all cases, the underlying credential data is processed transiently and is not retained by Polyguard.

We do not use your data to train AI models. Your personal information, verification history, and usage patterns are never used to train, fine-tune, or improve machine learning or artificial intelligence models, whether our own or those of any third party.

We do not sell or share your data for commercial purposes. We will never sell your personal information. We do not share your data with advertisers, data brokers, or other third parties for marketing or commercial purposes.

We do not access your call content. Polyguard operates at the access and authorization layer only. We do not receive, process, record, or store the audio or video content of your calls. Our service is fully compatible with end-to-end encrypted communications.

3. Information Collection and Use

Personal Information: When you register for Polyguard, we collect your name, email address, and other relevant details necessary to create and manage your account.

Verification Records: When you verify your identity for a call or other transaction, we retain a record of that verification. These records contain only the identity details you chose to share with other call participants (such as your verified name), not the underlying identity documents, biometric data, or credentials used during verification. Verification records are available to all participants of the relevant call.

Call Metadata: We collect metadata about calls protected by Polyguard, including participant identities and entry/exit times. We do not collect or have access to call content.

Analytics and Usage Data: We may collect data pertaining to your use of our services, device types, and preferences to improve our application functionality. This data is used solely to operate and improve Polyguard and is not shared externally except as described in Section 4.

4. Data Sharing and Disclosure

We do not share your personal information with third parties, except in the following limited circumstances:

Identity verification providers: When NFC-based verification is not available, we use third-party document-proofing services to verify your identity. These providers are:

• AAMVA (American Association of Motor Vehicle Administrators)
  (with privacy policies governed by member state DMVs)

• Veriff (veriff.com/privacy-notice)

• Persona (withpersona.com/legal/privacy-policy)

• Certn (certn.co/privacy-policy)

These providers receive only the information necessary to complete verification and are contractually and legally prohibited from using your data for other purposes. We encourage you to review their privacy policies.

Legal compliance and law enforcement: We may disclose information when required by law, subpoena, or court order, or when we have a good-faith belief that disclosure is necessary to comply with legal obligations or cooperate with law enforcement investigations.

Protection of rights: To protect and defend the rights, property, or safety of Polyguard, our users, or the public.

Business transfers: In connection with a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

We do not share data with any third parties for advertising, analytics partnerships, or AI/ML training purposes.

5. Data Storage and Security

We employ industry-standard security measures to protect against unauthorized access, alteration, disclosure, or destruction of data. Polyguard has completed a SOC 2 Type I audit with an unqualified report, available upon request through our Trust Center at https://trust.polyguard.ai. However, no method of transmission over the Internet or electronic storage is 100% secure.

Data minimization and retention: We retain only the minimum information necessary to provide our services. Verification records, including call metadata, are retained for two years. These records contain only shared identity details, not underlying credentials or biometric data. We do not maintain any record of call content.

6. User Rights and Regulatory Compliance

You may request access to, correction of, or deletion of your personal information by contacting us at [email protected].

For users in the European Economic Area (GDPR): You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to withdraw consent where processing is based on consent. To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

For California residents (CCPA/CPRA): You have the right to know what personal information we collect, disclose, or sell; the right to request deletion of your personal information; and the right to opt out of the sale or sharing of your personal information. Polyguard does not sell your personal information. To exercise your rights, contact us at [email protected]. We will not discriminate against you for exercising these rights.

For healthcare and telemedicine use cases (HIPAA): When Polyguard services are used in contexts where the Health Insurance Portability and Accountability Act applies, we address HIPAA requirements through Business Associate Agreements (BAAs) with covered entities. Contact us at [email protected] for more information.

Depending on your location, you may have additional rights related to your data under applicable law.

7. International Data Transfers

Your information may be stored and processed in any country where we have facilities or in which we engage service providers. By using Polyguard, you consent to the transfer of information to countries outside of your country of residence, which may have different data protection rules than in your country.

8. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted on our website with an updated revision date. If we make material changes to how we handle your data, we will notify you by email or through a prominent notice on our service.

9. Contact Us

If you have any questions or concerns about our Privacy Policy or data handling practices, please contact us at: [email protected].