X-twitter Linkedin
Login

Our Policy

Privacy Policy

Welcome to the SOBA Network Privacy Notice. This document explains how SOBA Network (“we,” “us,” or “our”) manages personal information. It applies to anyone interacting with our identity verification services, exploring our digital platforms, or visiting our physical locations.

Important Note on Our Role: SOBA Network primarily operates as a Data Processor for our business clients (the “Customer”). Our processing of your data is governed by the instructions and privacy policies of the specific organization you are identifying yourself to. We strongly recommend reviewing their privacy documentation in addition to this notice.

1. OUR CORE PRIVACY VALUES

We adhere to six foundational “Fundamental Six” principles to ensure your data is treated with the highest care:

  1. Integrity and Privacy: We prioritize the confidentiality and protection of all personal information.
  2. Privacy by Design: Security and privacy are built into our services from the initial development stage.
  3. Lawful and Targeted Use: We only process data for specific, legitimate goals and avoid collecting unnecessary information.
  4. Equity and Openness: We strive for transparent, honest processing and work to eliminate technical bias.
  5. Defined Retention: We keep data only for as long as required by contract, law, or service necessity.
  6. Data Quality: We take steps to ensure information is accurate and minimized to what is essential.

2. DEFINITIONS

  • Data Controller: The organization (typically our Customers) that determines why and how your information is used.
  • Data Processor: SOBA Network, acting on behalf of the Controller to perform verification.
  • End-User: You. The individual undergoing identity registration and verification.
  • Personal Data: Any information that can identify you, including biometric markers or ID details.
  • Services: Our identity verification, authentication, and fraud prevention tools.

3. INFORMATION WE COLLECT

For End-Users

To verify your identity, we may process:

  • Biometric Data: Facial scans and measurements used for authentication or comparison. Note: These are fragmentally processed using MPC nodes under a passive adversary model for enhanced privacy. It is designed so that no one but the registered user of the system is able to see their biometric data
  • Technical Identifiers: Device signatures, IP addresses, and general geographic data (city/state).
  • Third-Party Data: Information from official registries or sanction lists used for fraud detection.

For Client Representatives & Visitors

We collect professional contact details, job titles, and website usage data (via cookies) to manage business relationships and improve our website experience.

4. HOW AND WHY WE USE YOUR DATA

We process your information based on the following legal grounds:

  • Contractual Necessity: To provide the verification services requested by our Customers.
  • Legitimate Interests: For fraud prevention, network security, service improvement, and business analytics.
  • Consent: When you explicitly agree to specific uses, such as for demos or marketing communications.
  • Legal Obligation: To comply with regulatory mandates or court orders.

4.1 Specific Consent for Biometric Data (GDPR Article 9)

Processing biometric data for identification purposes (such as “Proof of Humanhood”) requires explicit consent under the GDPR. By using our biometric verification services, you acknowledge and agree to the following:

  • Explicit and Affirmative Action: Your consent is obtained through a clear, affirmative action (such as checking a box or clicking a specific “I Consent” button) before any biometric processing begins.
  • Purpose Limitation: Your biometric data is processed solely for the purpose of identity verification and authentication as requested by the Data Controller. It will not be used for profiling, marketing, or any other secondary purposes without further explicit consent.
  • Freely Given & Right to Withdraw: Your consent is freely given. You have the right to withdraw your consent at any time through your user dashboard or by contacting privacy@SOBA.Network. Withdrawal is as easy as giving consent, though it may affect your ability to use certain automated features.
  • Separate Consent: This consent for biometric processing is distinct and separate from your acceptance of our general Terms of Service.

4.2 Purpose of Processing – Humanhood vs. Identity

SOBA Network distinguishes between Identity (who you are) and Humanhood (that you are a real person). We do not collect names, addresses, or government IDs.

The biometric scan is used solely to generate a fragmented MPC hash for the purpose of Sybil-resistance (preventing multiple accounts). Because this hash is mathematically “shredded” and does not map to a legal identity, it constitutes a Privacy-Preserving Proof of Personhood.

5. AUTOMATION AND MACHINE LEARNING

To ensure fast and reliable verification, we utilize advanced algorithms.

  • Verification Engine: Our system may reach automated decisions. If the system faces difficulty (e.g., a blurry photo), a human expert may assist in the review.
  • Ethical AI: We constantly audit our models to ensure they remain ethical, fair, and free from discrimination.

5.1. PRIVACY BY DESIGN: OUR MPC TECHNOLOGY

To ensure the highest level of data protection, SOBA Network utilizes Multi-Party Computation (MPC). This privacy protection mechanism ensures that your biometric data remains decentralized, anonymous, and under your exclusive control.

  • Mathematical Fragmentation: When you provide biometric data, it is immediately transformed into mathematical fragments (shares) and distributed across independent, decentralized nodes. No single entity—including SOBA Network—possesses the full data set or the “key” to reconstruct your original biometric profile.
  • Zero-Knowledge Environment: Our MPC protocol creates a “zero-knowledge” verification environment. This allows organizations to confirm you are a real human (Proof of Humanhood) without ever gaining access to your raw personal or biometric identifiers.
  • Complete Anonymization: Because data is never stored in a centralized or readable format, it achieves technical anonymization. The network can verify your identity without “knowing” who you are in a traditional sense.
  • Malicious Adversarial Security: The system is built on a security model that maintains your privacy even if individual nodes in the network are compromised or act maliciously. Your data remains secure through cryptographic consensus.
  • User-Controlled Deletion: We do not retain “backups” of your raw biometric data. The biometric hash fragments stored within the MPC cluster remain under your control and can be deleted by you at any time via your dashboard.

6. YOUR DATA RIGHTS

Depending on your location, you have several rights regarding your personal information:

  • Access & Portability: Request a copy of your data in a usable format.
  • Correction: Ask us to update inaccurate information.
  • Deletion: Direct control over removal of your biometric data. Request the removal of your other personal data.
  • Objection & Restriction: Object to certain uses of your data or limit its processing.
  • Withdrawal of Consent: You may take back any permission you previously granted, particularly regarding the use of your biometric data. Upon withdrawal, we will trigger the deletion of your fragments from the MPC cluster, rendering the data unrecoverable.

To exercise these rights, email us at privacy@SOBA.Network. If your request involves data we process for a Customer, we will direct you to them as the Data Controller.

7. DATA SHARING AND GLOBAL TRANSFERS

  • Sub-Processors: We may share certain data with trusted technical partners (e.g., cloud hosting) who help us deliver our services.
  • Authorities: We may disclose information if required by a legal mandate or a government agency.
  • International Transfers: If data is moved across borders, we ensure it remains protected by standard contractual clauses or similar legal safeguards.

8. SECURITY AND RETENTION

  • Security: We use commercially reasonable physical and technical safeguards (including MPC and high-level encryption) to protect your data.
  • Retention: We store information only for the duration specified in our agreement with the Customer or as required by law. Once this period expires, data is either permanently deleted or fully anonymized. Biometric hash data stored under the MPC cluster is removable by the owner of the hash through the dashboard.

9. CONSENT AND BIOMETRIC DATA PROCESSING

Your privacy is anchored in your control over your data. Because SOBA Network processes “Special Category Data” (biometric information) under GDPR Article 9, we adhere to a strict Explicit Consent model.

9.1 Explicit and Informed Consent

By opting into our biometric verification features (such as “Proof of Humanhood”), you provide explicit consent for the collection and processing of your biometric identifiers.

  • Affirmative Action: Consent is only obtained through a clear, voluntary action (e.g., a toggle or checkbox) separate from the general Terms of Service.
  • Granularity: Your consent for biometric processing is specific to identity verification and is not bundled with consent for marketing or other data uses.

9.2 Privacy-Enhancing Architecture (MPC)

When you provide consent, our Multi-Party Computation (MPC) technology immediately activates to protect that data. This means:

  • Data Fragmentation: Your biometric data is mathematically “shredded” into encrypted fragments across a decentralized network.
  • No Central Storage: No single entity—including SOBA Network—ever holds your complete biometric profile. Your data is processed in a Zero-Knowledge environment, meaning we verify your “humanhood” without ever “seeing” your raw biometric traits.
  • Anonymization by Design: The fragments are cryptographically secured so they cannot be reconstructed into a personal identifier by any unauthorized party or malicious node.

9.3 Withdrawal of Consent

You remain the sole owner of your data fragments. You may withdraw your consent at any time:

  • Method: Withdrawal can be managed directly through your User Dashboard or by emailing privacy@soba.network.
  • Effect of Withdrawal: Upon withdrawal, the MPC cluster will trigger a deletion of your unique data fragments. Because of our decentralized architecture, once these fragments are deleted, the data is permanently unrecoverable.
  • Non-Discrimination: If you choose not to consent to biometric processing, you may still access the SOBA Network, though certain automated “Proof of Humanhood” features may be limited or require alternative verification methods.

10. CONTACT US

For inquiries regarding this notice or our privacy practices, please contact our Data Protection Officer:
Email: privacy@SOBA.Network
Website: SOBA.Network/privacy-policy