Privacy Policy

Mobile Application Privacy Policy

App Store Privacy Nutrition Label

Apple requires all apps to declare their data practices in the App Store. The table below summarises NeuralKey's data collection in the format required by Apple's App Privacy guidelines (App Store Connect Privacy Questions).

Privacy Category	Details
Data Used to Track You	None. NeuralKey does not track users across third-party apps or websites and does not use advertising identifiers.
Data Linked to You	Username; government-issued document image (transmitted to our servers during identity verification only); identity-match facial photograph (a still image captured solely for server-side document-face matching, transmitted once during identity verification over an end-to-end encrypted connection and deleted upon completion of the verification review).
Data Not Linked to You	Motion sensor data (on-device, Security Guard feature); battery state (on-device); microphone (briefly activated at the iOS camera framework level during video-based liveness detection; audio capture is explicitly disabled -- no audio is recorded, processed, or transmitted); network connectivity status (on-device); security event logs (encrypted, local).
Data Not Collected	Advertising identifiers (IDFA/GAID); location data; audio recordings; browsing history; search history; purchase history; financial information; contacts; messages; health and fitness data; sensitive information beyond what is required for identity verification.

Introduction

NeuralKey ('we,' 'our,' or 'us') is a mobile identity-management application published by PRESTIGE ALLIANCE CO., LTD. This Privacy Policy explains what personal data we collect, why we collect it, how we store and protect it, and the rights you have over it.

By downloading or using the App, you confirm that you have read and agree to this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the App and uninstall it from your device.

Information We Collect

2.1 Information You Provide Directly

Username / Handle: Your chosen display name, used to create your digital identity within the App.
Government-issued document image: A photograph of your identity document (such as a passport or national identity card), captured on your device for the purpose of identity verification. This image is transmitted to our servers only during the verification step, over an end-to-end encrypted connection.
Liveness selfie (on-device liveness check): A photograph or short video captured by your device camera solely to confirm that you are physically present during identity checks. Face detection and liveness analysis are performed entirely on-device using Google ML Kit. No facial biometric template or faceprint is created at any point. Liveness images are retained in the App's private encrypted local storage only for the duration of the active session and are automatically deleted upon session completion or within 24 hours, whichever is sooner. They are never transmitted to our servers.
Identity-match facial photograph (server-side identity-document matching): A still facial photograph captured during the identity verification submission flow and transmitted, together with your government-issued document image, to our verification servers over an end-to-end encrypted connection. This image is used solely to confirm that the face on the document matches the applicant. It is permanently deleted from our servers upon completion of the back-office review and elevation of your trust level, and in any event within 30 days of submission.

2.2 Data Generated Automatically (Stored On-Device Only)

Security keys: Unique cryptographic keys generated and stored in your device's secure hardware storage (Secure Enclave on iOS). These keys never leave your device.
Recovery phrase: A mnemonic word sequence generated and stored exclusively on your device in encrypted form, enabling account restoration if you change or lose your device. This phrase is permanently deleted when you select Settings - Delete Account.
Security event logs: Records of events that may indicate unauthorised modification of your device's security environment (for example, signs of jailbreaking). Stored locally in an encrypted format and never transmitted to our servers.
Digital identity credentials: Verified digital documents tied to your identity, stored securely on your device.

2.3 Device and Sensor Data (On-Device Only)

The following data is collected and processed exclusively on your device. None of this data is transmitted to our servers or shared with third parties.

Motion sensor data: Used by the Security Guard feature to detect unauthorised movement or rotation of your device while it is armed, and to display an on-screen security alert. Processed entirely on-device; never transmitted.
Battery state: Monitored as one indicator in the on-device Device Integrity Check. An unusually low battery state combined with other signals may prompt an on-screen advisory to reconnect before completing a sensitive operation.
Microphone: Briefly activated at the iOS camera framework (AVFoundation) level when an AVCaptureSession is started for liveness detection and document scanning. Audio capture is explicitly disabled in the App (enableAudio: false on all camera controllers). No audio is recorded, processed, stored, or transmitted at any point. The NSMicrophoneUsageDescription key is required by Apple's framework regardless of whether audio is actually captured.
Network connectivity status: Used to confirm internet availability before initiating online operations.

2.4 Data We Do Not Collect

We do not collect, and have no technical access to, any of the following:

Advertising identifiers (IDFA or GAID)
Location or GPS data
Audio recordings
Browsing history or internet search history
Purchase history or financial information
Contacts, messages, or email content
Health or fitness data
Cross-app or cross-website tracking data

Legal Basis for Processing

Data Category	Legal Basis	Applicable Law
Username / Handle	Performance of contract	GDPR Art. 6(1)(b); LGPD Art. 7(V)
Government-issued document image	Explicit consent; legal obligation	GDPR Art. 9(2)(a) & (b); LGPD Art. 11(I)
Identity-match facial photograph	Explicit consent	GDPR Art. 9(2)(a); LGPD Art. 11(I)
Liveness selfie (on-device only)	Performance of contract	GDPR Art. 6(1)(b)
Security keys	Performance of contract; legitimate interest	GDPR Art. 6(1)(b) & (f)
Recovery phrase	Performance of contract	GDPR Art. 6(1)(b)
Motion sensor data	Legitimate interest (Security Guard feature, on-device)	GDPR Art. 6(1)(f)
Microphone activation (framework only)	Legitimate interest (mandatory iOS camera framework requirement)	GDPR Art. 6(1)(f)
Security event logs	Legitimate interest (security monitoring)	GDPR Art. 6(1)(f)
Digital identity credentials	Performance of contract	GDPR Art. 6(1)(b)

Where processing is based on your consent, you may withdraw it at any time via Settings - Delete Account, or by contacting us at privacy@neuralkey.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

How We Use Your Information

Purpose	Data Used
Creating and managing your digital identity	Username and security keys
Identity verification	Government-issued document image; identity-match facial photograph (transmitted to server); liveness selfie (on-device liveness check only -- never transmitted)
Authenticating you within the App	Fingerprint, Face ID, or device PIN -- processed by the device operating system only (LocalAuthentication framework on iOS; BiometricPrompt on Android); never transmitted
Securing your communications	Security keys that protect data during transmission
Issuing and verifying digital identity credentials	Digital credentials and verified identity information
Security Guard -- detecting unauthorised device movement	Motion sensor data (accelerometer, gyroscope) -- on-device processing only; security event logs
Device Integrity Check	Battery state (on-device)
Liveness detection and document scanning	Camera (video frames, still photographs); microphone activation is a mandatory iOS camera framework requirement -- audio capture is explicitly disabled (enableAudio: false)
Background credential refresh	Security keys and digital identity credentials (on-device only); no personal data is transmitted during background refresh unless a network operation was already authorised by the user
Backup and account restoration	Encrypted recovery phrase and security keys (on-device only)
Authenticating with third-party services via QR code	Only the specific identity information you explicitly approve for each interaction

Automated Decision-Making

During the identity verification process, we use automated systems -- including on-device liveness detection and automated document-reading technology -- to assess whether your identity document is genuine and whether the identity-match facial photograph corresponds to the document photograph.

This process may produce an automated decision regarding whether your identity is successfully verified. Such a decision may affect your access to features within NeuralKey that require a verified identity.

Your rights regarding automated decisions:

You have the right not to be subject to a decision based solely on automated processing where that decision produces significant effects concerning you. You may request that the verification decision be made or reviewed by a human member of our team.
You may contest the outcome and submit additional supporting information.
You have the right to express your point of view in relation to any automated verification decision before it is finalised.
To exercise these rights, contact privacy@neuralkey.com with the subject line: 'Identity Verification Review Request.' We will respond within 7 business days.

Data Storage and Security

Safeguard	Description
On-device encrypted storage	All sensitive data -- including security keys, recovery phrase, and credentials -- is stored locally on your device using strong encryption, protected by your device's built-in secure hardware chip (Secure Enclave on iOS).
Encrypted local logs	Security event logs are retained exclusively on your device in a securely encrypted format. These logs are never transmitted to our servers.
Transmission security	All data exchanged over the internet uses TLS-encrypted connections. Identity verification data is additionally end-to-end encrypted.
Liveness selfie (on-device only)	Liveness images used for the on-device liveness check are processed entirely by Google ML Kit on your device. They are never transmitted to NeuralKey servers or to Google. No facial biometric template or faceprint is stored. Liveness images are automatically deleted upon session completion or within 24 hours, whichever is sooner.
Identity-match facial photograph	The still facial photograph transmitted during the identity verification submission is sent over an end-to-end encrypted connection. It is permanently deleted from our servers upon completion of the back-office review, and in any event within 30 days.
Government-issued document image	Transmitted only once during identity verification over an end-to-end encrypted connection. Permanently deleted upon completion of the verification review, within 30 days.
Microphone	Audio capture is explicitly disabled on all camera controllers (enableAudio: false). The microphone is activated at the iOS AVFoundation framework level only. No audio stream is created, stored, or transmitted by the App at any point.

Permissions We Request

Apple App Store -- Permission Justification

Apple requires each system permission to have a clear, specific purpose description. Each permission below maps directly to a required App function. You may revoke any permission at any time through your device system settings; revoking a permission will disable the corresponding App feature.

Permission (iOS key)	Apple's Sensitive Data Category	Specific Purpose
Camera (NSCameraUsageDescription)	Camera	Capture a liveness selfie for on-device liveness verification; capture an identity-match facial photograph for server-side document-face matching; scan QR codes for third-party authentication via MobileScanner; photograph a government-issued identity document for OCR verification.
Face ID (NSFaceIDUsageDescription)	Biometric Data (device OS-managed)	Authenticate the user when opening the App and when confirming sensitive actions via Face ID. Processed entirely by the device operating system via the LocalAuthentication framework. No biometric data is transmitted to our servers. This key is required by Apple even when Touch ID or device PIN fallback is available.
Microphone (NSMicrophoneUsageDescription)	Microphone	Required by the iOS camera framework (AVFoundation) when initialising an AVCaptureSession for liveness detection and document scanning. Audio capture is explicitly disabled in the App (enableAudio: false on all CameraController instances). No audio is recorded, processed, stored, or transmitted. This key is a mandatory Apple framework requirement; removing it may cause a runtime crash even when audio capture is disabled.
Motion Sensors (NSMotionUsageDescription)	Motion & Fitness	Used by the Security Guard feature to detect unauthorised movement or rotation of your device while it is armed (accelerometer and gyroscope via sensors_plus package) and display an on-screen security alert to the user.
Photo Library (NSPhotoLibraryUsageDescription)	Photos	Required by the file_picker package when browsing and selecting files or folders on your device to save or load encrypted credential backup data and export audit logs. No photos are accessed, read, or transmitted without explicit user selection.
Internet Access	n/a (network permission)	Required for identity verification submissions and for the issuance of digital identity credentials.
Network Status	n/a (network permission)	Determine whether an internet connection is available before initiating network-dependent operations (connectivity_plus package).
Background Processing (BGTaskSchedulerPermittedIdentifiers; UIBackgroundModes: processing)	n/a	Enables the flutter_foreground_task package to schedule a BGProcessingTask (identifier: com.prestigealliance.neuralkey.refresh) that keeps the Security Guard foreground service alive when the device is idle. No personal data is transmitted during background processing. No new data collection occurs in the background.

Data Sharing

We do not sell, rent, or trade your personal information to any third party. We may share data only in the following strictly limited circumstances:

Identity verification service: When you voluntarily initiate identity verification, your government-issued document image and identity-match facial photograph are transmitted to NeuralKey's verification servers over a secure, end-to-end encrypted connection. Upon completion of the verification review, this data is permanently deleted from our servers within 30 days. Your liveness selfie is never transmitted to our servers.
Third-party services (user-initiated): When you scan a QR code and explicitly choose to share a digital identity credential with a third-party service, only the specific information you approve for that interaction is disclosed.
Legal obligations: We may disclose personal information if required to do so by applicable law, binding court order, or lawful government regulation.

International Data Transfers

When you complete identity verification, your government-issued document image and identity-match facial photograph are transmitted to NeuralKey's verification servers. Where such transfers cross international borders, we rely on the following legally recognised safeguards:

Jurisdiction	Transfer Mechanism
European Economic Area / United Kingdom	Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914), incorporated into our data processing agreement. A copy is available upon request to privacy@neuralkey.com.
Brazil (LGPD)	Contractual clauses that provide an equivalent level of protection as required under LGPD Article 33(II).
Japan (APPI)	Transfer made pursuant to the data subject's consent, or subject to equivalent protection measures under APPI Chapter IV-2.

If you do not wish your identity verification data to be transferred internationally, do not initiate the identity verification process.

Data Retention

All data stored on your device remains under your sole control. You may permanently delete it at any time by selecting Settings - Delete Account within the App. Deleting your account also permanently removes your recovery phrase from the device.
Liveness selfie images (on-device only) are automatically deleted upon session completion or within 24 hours, whichever is sooner.
Identity verification data (government-issued document image and identity-match facial photograph) submitted to our servers is permanently deleted upon completion of the back-office review. Retention will not exceed 30 days from the date of submission unless a longer period is expressly required by applicable law.
If you uninstall the App, all data stored locally on your device is removed automatically.
Data retained by third-party service providers is subject to their own retention policies, which are outside our control.

Data Breach Notification

Jurisdiction	Notification Obligation
EU / UK (GDPR)	The relevant supervisory authority will be notified without undue delay and, where feasible, within 72 hours of our becoming aware of the breach (GDPR Art. 33). Affected individuals will be notified without undue delay where the breach is likely to result in a high risk to their rights and freedoms (GDPR Art. 34).
Brazil (LGPD)	The Brazilian national data protection authority (ANPD) and affected individuals will be notified within 3 business days of our becoming aware of the breach (LGPD Art. 48; ANPD Resolution No. 15/2024).
Canada (PIPEDA)	The Office of the Privacy Commissioner and affected individuals will be notified as required under the PIPEDA Breach of Security Safeguards Regulations.

Because the majority of personal data in NeuralKey is stored locally on your device and protected by strong encryption, the risk of a server-side breach affecting your security keys, recovery phrase, or biometric data is substantially mitigated. Nonetheless, any identity verification data submitted to our servers is fully covered by the commitments above.

Children's Privacy

Apple App Store -- Age Rating Requirement

Apple requires apps to clearly disclose their minimum age requirement and the mechanism by which under-age use is prevented. NeuralKey is rated 17+ on the App Store. The identity verification process, which requires a valid government-issued identity document, serves as an effective age gate.

NeuralKey is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. The identity verification process -- which requires a valid, government-issued identity document -- serves as an effective mechanism to prevent under-age access to the App's core features.

If you believe that a minor has provided us with personal information, please contact privacy@neuralkey.com and we will take prompt steps to delete that information from our records.

Applicable Law	Age Threshold
COPPA (United States)	Children under the age of 13
GDPR Article 8 (EU / EEA)	Children under the age of 16, or a lower threshold as set by the applicable member state (minimum 13)
LGPD Article 14 (Brazil)	Children under the age of 12; adolescents under the age of 18 (with additional protections)
PDPA (Singapore)	Minors as defined under the applicable national law of the user's jurisdiction

Your Privacy Rights

Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any right, please contact us at privacy@neuralkey.com with the subject line 'Privacy Rights Request -- [Right Type].' We will verify your identity before processing any request.

9.1 General Rights (GDPR, LGPD, PIPEDA, PDPA)

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data, subject to any applicable legal retention obligations. You may also delete all locally stored data immediately via Settings - Delete Account.
Right to Restriction of Processing: Request that we restrict the processing of your data in certain circumstances.
Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
Right to Object: Object to processing of your personal data where that processing is based on legitimate interests.
Right Not to Be Subject to Automated Decision-Making: Where an automated verification decision produces significant effects concerning you, request that the decision be made or reviewed by a human. See Section 3A.
Right to Withdraw Consent: Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: Submit a complaint to your local data protection supervisory authority.

9.2 California Residents -- CCPA / CPRA Additional Rights

Right to Know: Know what categories of personal information we collect, use, disclose, and sell.
Right to Delete: Request deletion of personal information we have collected from you.
Right to Correct: Request correction of inaccurate personal information (CPRA).
Right to Opt Out of Sale or Sharing: NeuralKey does not sell or share personal information for cross-context behavioural advertising purposes. You may nonetheless submit a formal opt-out request to privacy@neuralkey.com.
Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is strictly necessary to provide the App's core functions.
Right to Non-Discrimination: We will not discriminate against you in any way for exercising any of the rights described in this policy.

9.3 Response Timelines

Jurisdiction / Applicable Law	Response Timeline
GDPR / UK GDPR	30 calendar days; extendable by a further 60 days for complex or numerous requests (with prior written notice to you)
CCPA / CPRA (California)	45 calendar days; extendable to 90 days total with prior notice
LGPD (Brazil)	15 calendar days
PIPEDA (Canada)	30 calendar days
PDPA (Singapore)	30 calendar days
APPI (Japan)	Without undue delay; within a reasonable period as required by applicable guidance

Third-Party SDKs and Services

App Store Requirement -- Third-Party SDK Disclosure

Apple requires disclosure of all third-party SDKs integrated into an app and their respective data-collection practices. The table below provides a complete listing of SDKs used in NeuralKey, the data each SDK processes, and whether any data leaves the device.

SDK / Service	Purpose	Data Processed	Data Leaves Device?	SDK Privacy Policy
Google ML Kit -- Face Detection	On-device liveness verification during identity checks	Liveness selfie video frames; liveness probability score	No -- processed on-device only	policies.google.com/privacy
Google ML Kit -- Text Recognition	Automated on-device reading of identity documents	Document image text content	No -- processed on-device only	policies.google.com/privacy
Google Fonts	Rendering application typography within the user interface	Font display metadata only	No -- fonts are bundled in-app	policies.google.com/privacy

NeuralKey has entered into data processing agreements with all relevant third-party service providers to ensure compliance with applicable data protection laws.

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, applicable technology, legal requirements, or other factors. We will handle changes as follows:

Material changes: We will notify you via email or in-app notification at least 30 days before the change takes effect. Where a change affects how we process sensitive data (including biometric or identity data), we will seek your renewed explicit consent before the change applies to you.
Minor changes: We will update the 'Last Updated' date at the top of this policy. We encourage you to review this policy periodically.
Continued use: Your continued use of the App after the effective date of any updated policy constitutes your acceptance of the revised terms.

Last Updated: June 3, 2026