Overview of the Strong Verification process
When you initiate Strong Verification the following flow happens:
-
We call an Application Programming Interface (API) for the Iris ID application to initiate a biometric passport read. Iris ID is a trusted third party application developed by Iris Development AB, a Swedish company.
-
When you read the Machine Readable Zone (MRZ) on your passport, this is used to authenticate with your passport's chip. The passport then responds to the application with the information stored on the chip.
-
Your data is temporarily uploaded to Iris ID so that it can be cryptographically verified and sent back to our backend server. As per the Privacy policy, Iris Development AB does not store the biometric data from your passport for longer than 24 hours.
-
Once our backend server is notified that you have completed scanning your passport, we retrieve the data from Iris ID, encrypt the most sensitive parts, and store it in the database.
What data is processed and stored, and where?
There are three relevant ways in which your data is processed and stored.
We use a trusted third party application, Iris ID by Iris Development AB, to complete the reading of biometric data. As per their Privacy policy, Iris Development AB does not store the biometric data from your passport for longer than 24 hours.
When you complete Strong Verification, the following data is generally retrieved: names, country/nationality, sex, date of birth, passport number, passport expiry date, issuer and issuing country, and passport portrait. This data is encrypted with an asymmetric keypair in such a way that the server can no longer decrypt or read it. There is still a mechanism for this data to be decrypted and retrieved manually if need be.
The following information is stored on the server for continued verification purposes: nationality, sex, date of birth, passport expiry date, and the last three digits of the passport number.
Finally, the following "minimal data" is stored for all successful verifications: passport nationality, passport expiry date, and the last three digits of the passport number.
You can delete your biometric data, and the data required for continued verification from the server at any time in Strong Verification settings. However, the following minimal data consisting of the passport nationality, expiry date, and the last three digits of the passport number cannot be removed. This data is used to guarantee that individuals who have been banned from the platform cannot delete their data and create a new account, then verify it again. We believe this is an appropriate compromise between providing a safe platform for our users, while not storing sensitive personal information beyond what you wish to share with the platform and other users.
Who has access to the decryption keys to the encrypted data, under what circumstances will this data be used?
The Board of Directors of Couchers, Inc., the 501(c)(3) non-profit operating Couchers.org has the discretion to decide who has access to the decryption keys to the data. The data is only used for verification and if we ever need to collaborate with a criminal investigation.
Currently only Aapeli Vuorinen (co-founder and tech lead) has access to the decryption keys.