Legal
Privacy Policy
This describes what data Meimo ID actually collects and how it's used. It is not a substitute for legal advice specific to your jurisdiction.
What we collect
- Account information you provide: email, phone number, password (stored as a salted hash, never in plain text).
- Government ID and passport images you submit for verification, and the structured fields extracted from them (name, date of birth, nationality, document number, expiry).
- Live face captures used for biometric enrollment and sign-in matching.
- Device and session metadata: IP address, user agent, and timestamps, used for security and fraud detection.
- Audit and activity logs of actions taken on your account.
How it's used
To verify your identity, secure your account, detect fraud and duplicate accounts, and — only with your explicit consent at the moment of a “Continue with Meimo” sign-in — to share specific claims with the third-party application you chose to authorize.
What we share, and when
We never share your identity data with a third-party application except through the OAuth consent flow you explicitly approve. Each application only receives the exact scopes you granted — nothing more, and that grant is enforced on every request, not just the first one.
Your control over your data
- You can review and correct fields our system extracted from your documents before they're submitted for review.
- You can add, edit, or remove your profile photo (subject to admin moderation).
- You can request your identity verification data — documents, submissions, and enrolled biometric data — be deleted from your account.
- You can revoke a third-party application's access at any time.
Contact
Questions about this policy or a specific data request should be directed to your organization's Meimo ID account administrator, or through the support channel in the Meimo ID app.