Privacy Policy

Effective Date: May 20, 2026

Last Updated: May 20, 2026

1. Information We Collect

We collect the following categories of information:

(a) Account information you provide directly:

• Full name
• Email address
• Phone number
• Profile content (photos, posts, captions, media you choose to share)

(b) Identity verification information, collected to confirm you are a real, unique, verified human:

• Government-issued identity data, including given name, family name, date of birth, document number, document expiration date, ID photo, issuing authority, and age threshold information.
• When you verify using a digital wallet, the above data is transmitted to ethos via the wallet provider's verification API after you authenticate on your device and confirm the specific data being shared. ethos currently supports Apple Wallet (via Apple's Verify with Wallet API on iOS) and Google Wallet (via the Verify with Google Wallet API on Android and supported browsers, using the OpenID4VP and ISO/IEC 18013-5 standards).
• When you verify using the fallback flow, you provide images of your government ID (front and back) or, for U.S. passport holders, NFC chip-signed data read from your passport using iOS Core NFC or Android NFC APIs.

(c) Biometric information, collected solely for identity verification:

• A live selfie captured in the ethos app at the time of verification.
• A biometric comparison result indicating whether the selfie matches the photo on your government ID.
• We process this biometric information only to confirm that the person presenting the ID is the same person depicted on the ID. We do not use biometric information for any other purpose.

(d) Device and usage information, collected automatically:

• Authentication details and session metadata
• API request logs (timestamped server access and interactions)
• Device identifiers and basic device information
• App usage analytics

2. How We Use Your Information

We use your information to:

• Verify your identity and confirm you are a unique, real human
• Create and maintain your ethos identity credential
• Provide Sign in with ethos to partner platforms you choose to authenticate with
• Enable verified access at partner venues, events, and platforms
• Maintain platform safety, prevent fraud, and enforce our Terms of Use
• Communicate with you about your account
• Improve the Services

3. How We Share Your Information

We share information only as necessary to deliver the Services or as required by law. We do not sell your personal information.

We share information with the following categories of third parties, each of which is contractually required to use the information only for the purposes described:

• Texas Department of Public Safety (TX DPS): for verification of Texas-issued driver's licenses and state IDs, under a direct data access agreement.
• Apple, Inc.: when you use Verify with Wallet, identity data flows from your device's Apple Wallet to ethos via Apple's API. Neither Apple nor the issuing government authority can see when or where you authenticate with your ethos identity.
• Google LLC: when you use Verify with Google Wallet on Android or a supported browser, identity data flows from your device's Google Wallet to ethos via Google's Digital Credentials API. Neither Google nor the issuing government authority can see when or where you authenticate with your ethos identity.
• Partner platforms (only when you actively use Sign in with ethos): ethos shares only the minimum information necessary to confirm your verified status to the partner you are signing in to. We do not share your underlying identity data unless you explicitly authorize it.
• Service providers performing functions on our behalf (e.g., cloud hosting, customer support), bound by confidentiality and data protection obligations.

We may also disclose information if required by law, court order, or valid legal process, or to protect the rights, property, or safety of ethos, our users, or others.

4. Data Retention and Minimization

ethos is built around data minimization. We retain the minimum information necessary to maintain your verified ethos identity credential and to operate the Services.

Following successful identity verification:

• We retain: your verified name, date of birth, a hashed document identifier (used for uniqueness enforcement so the same ID cannot create multiple ethos accounts), and the verification result.
• We discard: the raw image of your government ID, the raw selfie captured during verification, and the intermediate biometric comparison artifacts. These are deleted from our systems after verification completes.

Account information (name, email, phone number, profile content) is retained for as long as your ethos account is active and for a limited period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.

You may request deletion of your account and associated data at any time by emailing help@ethos.social. We will delete your information within 30 days of a verified request, subject to limited exceptions required by law.

5. Data Security

We use industry-standard security measures to protect your information:

• All data transmitted between your device, our servers, and our verification partners is encrypted in transit using TLS 1.3.
• Sensitive data retained on our servers is encrypted at rest using AES-256 encryption.
• Document identifiers are hashed before storage.
• Access to verification data is restricted to authorized personnel and audited.

No method of transmission or storage is completely secure, but we work continuously to improve our security posture.

6. Your Rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information
• Request a copy of your information in a portable format
• Opt out of certain processing
• Withdraw consent for biometric processing (note: doing so will terminate your ethos identity credential, as biometric matching is required to maintain it)

To exercise any of these rights, contact us at help@ethos.social.

California residents have additional rights under the California Consumer Privacy Act (CCPA). Texas residents have additional rights under the Texas Data Privacy and Security Act and the Capture or Use of Biometric Identifier Act (CUBI). We honor all applicable rights.

7. Children's Privacy

The Services are intended for users 18 and older. We do not knowingly collect personal information from anyone under 13. If you believe we have collected information from a child under 13, please contact us at help@ethos.social and we will delete it promptly.

8. International Users

ethos is operated from the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date above. Material changes will be communicated through the app or by email. Continued use of the Services after a change constitutes acceptance of the updated policy.

10. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us at: