Privacy and Security in use.id

This page outlines use.id's key security and privacy information. Whether you're looking to kick off a new project with use.id, or curious about how use.id works with your existing project, read on to see how use.id can help protect you and your users.

Data Protection

use.id Support for GDPR

On May 25th, 2018, the EU General Data Protection Regulation (GDPR) replaced the 1995 EU Data Protection Directive. Digita is committed to helping our customers succeed under this privacy regulation, whether they are large software companies or independent developers.

The GDPR imposes obligations on data controllers and data processors. use.id customers typically act as a "data controller" for any personal data or information about their end-users they provide to Digita in connection with their use of use.id.

Digita generally operates in any scenario as a "data controller" and, in some cases as a "data processor". Digita is "data controller" in the sense that it is responsible for determining the means of processing for individual use.id accounts for end-users. Digita is "data processor" when it provides the use.id Connect service. In this case, Digita processes user data on behalf of Digita's customer.

use.id Data Processing and Security Terms

In the case that customers use use.id Connect, Digita is generally a data processor under GDPR and processes personal data on their behalf. The use.id terms include Data Processing and Security Terms detailing these responsibilities.

use.id is getting certified under major privacy and security standards

ISO and SOC compliance

All use.id services are getting through the ISO 27001 and SOC 2 evaluation process. Soon, compliance reports and certificates for use.id services governed by the use.id Terms of Service may be requested via [email protected]

International data transfers

The Privacy Shield frameworks provided a mechanism to comply with data protection requirements when transferring EEA, UK or Swiss personal data to the United States and onwards. In light of the Court of Justice of the European Union ruling on data transfers, invalidating the EU-U.S. Privacy Shield, use.id has moved to reliance on Standard Contractual Clauses for relevant data transfers, which, as per the ruling, can continue to be a valid legal mechanism to transfer data under the GDPR. The European Commission approved new versions of the Standard Contractual Clauses on June 4, 2021, which we are incorporating into our contracts with use.id customers for relevant data transfers.

We are committed to having a lawful basis for data transfers in compliance with applicable data protection laws.

Data storage and processing locations

use.id relies on the infrastructure of DigitalOcean and Auth0. At DigitalOcean, use.id relies on servers that are hosted in Amsterdam (NL). At Auth0, use.id relies on servers that are hosted in Europe.

Security information

Encryption

use.id encrypts data in transit using HTTPS and logically isolates data per customer.

The use.id infrastructure providers encrypt all data at rest by default.

Security practices

To keep personal data safe, Digita employs extensive security measures to minimise access:

• Only a few Digita employees have access to personal data
• Only employees who have enabled two-factor authentication have access to personal data

For more insights in our security practices, mail [email protected]. We are happy to provide you with audit reports etc.

Contact us

Reach out to [email protected] if you have any specific questions related to data protection, security and privacy.

The content of this page is a derivative of the Google Firebase Privacy and Security Information, which is licensed under the Creative Commons Attribution 4.0 License.