Back to guidesOnfido privacy notices and consent (US)
Start here
Onfido requires all of its customers with end users who are based in the US to incorporate Onfido privacy notices and consent language into their interface.
We recommend you read this guide to better understand the requirements for Onfido privacy notices and consent, and how to implement these into your interface to ensure you meet your contractual terms and checks are processed correctly.
Requirements for Onfido privacy notices and consent
In order to satisfy Onfido’s requirements for privacy notices and consent, you need to take the following steps:
- explain to your end users that you use a third party, Onfido, to process their identity check
-
present your end users with Onfido consent language before asking the end user to proceed to complete any check powered by Onfido
- "I have read, understand and accept Onfido’s Facial Scan Policy and Release, Privacy Policy and Terms of Service" *
-
provide links to the full text of Onfido’s Facial Scan Policy and Release, Privacy Policy and Terms of Service from within your application
-
you should link to Onfido's hosted versions of these documents, using the following URLs
-
* You may change the phrasing to be consistent with your user experience, as long as you obtain confirmation that the end user has read, understood and accepted Onfido's policies and terms of service. For example, "By continuing to use this service you confirm that you have read, understand and accept Onfido’s …" or "By clicking ‘accept’ you confirm you have read, understand and accept Onfido’s …"
If you are offering any services provided by Onfido to end users based in the US, you must present your end users with the Onfido consent language and link to the policies and Terms of Service, as described above.
How to implement Onfido privacy notices and consent
You must include the above requirements for Onfido privacy notices and consent into your interface for end users based in the US. Your implementation options depend on whether you use the official Onfido input-capture SDK(s), or have an API-only integration. See below for the options for your configuration.
If you're using one of the official Onfido SDKs
There are 2 options:
- Use the Onfido SDK consent screen
- Build an Onfido privacy notices and consent stage into your own application
1. Use the Onfido SDK consent screen
This is an optional screen, where the end user’s acknowledgement of and consent for Onfido’s policies and terms can be collected within the Onfido SDK. To implement this screen, you need to initiate the SDK with the additional consent step included.
The SDK consent screen contains:
- Onfido privacy notices and consent language
- links to the full text of Onfido’s Facial Scan Policy and Release, Privacy Policy and Terms of Service
- a list of FAQs
The consent screen will be shown to the end user at the beginning of the SDK flow, before they are asked to enter any personal information or upload media. The end user will not be able to continue past the consent screen unless they click the "Accept" button.
Note: You still need to set the API parameter privacy_notices_read_consent_given outside of the SDK flow when creating a check.
2. Build an Onfido privacy notices and consent stage into your own application
If you don’t implement the Onfido SDK consent screen you will need to incorporate Onfido privacy notices and consent language, with links to Onfido’s policies and terms, into your own application before requesting end users to complete Onfido's SDK flow.
You can choose to include Onfido privacy notices and consent language on a new screen or on the screen where you collect consent for your own entity from end users. There needs to be some affirmative action by the end user, after they have been shown Onfido privacy notices and consent language, but you do not have to present a separate check box for consent.
Note: You must also set the API parameter privacy_notices_read_consent_given when creating a check.
If you are an API-only customer
You must include Onfido privacy notices and consent language, with links to Onfido's policies and terms, into your own application before requesting end users to provide any personal information or upload media.
You can choose to include Onfido privacy notices and consent language and links on a new screen or on the screen where you collect consent for your own entity from end users. There needs to be some affirmative action by the end user, after they have been shown Onfido’s privacy notices and consent language, but you do not have to present a separate check box for consent.
Note: You must also set the API parameter privacy_notices_read_consent_given when creating a check
API consent parameter
Onfido has introduced the following API consent parameter across all API versions so you can confirm the consent status of your end users.
privacy_notices_read_consent_given |
Indicates that the privacy notices and terms of service have been read and, where specific laws require, that consent has been given for Onfido |
You must include this parameter as part of your API request for the 'checks' resource. When an end user has been shown and accepted the Onfido privacy notices and consent language, you should provide the value true to ensure submitted checks are being processed correctly.
Note: Checks will not be able to complete if you do not confirm that each end user has accepted Onfido's privacy notices and consent language for each check request.
The consent parameter must be provided in addition to including the Onfido SDK consent screen or Onfido privacy and consent language into your application's consent flow.
If you have any questions, please contact our Client Support team.