Onfido logo home page
Watch a demo
Get in touch
Arrow back Back to guides
We've scheduled essential maintenance on the Onfido platform, affecting all regions. Read more.

Onfido privacy notices and consent (US)

Start here

Onfido requires all of its customers with end users who are based in the US to incorporate Onfido privacy notices and consent language into their interface.

We recommend you read this guide to better understand the requirements for Onfido privacy notices and consent, and how to implement these into your interface to ensure you meet your contractual terms and checks are processed correctly.

In order to satisfy Onfido’s requirements for privacy notices and consent, you need to take the following steps:

  • explain to your end users that you use a third party, Onfido, to process their identity check
  • present your end users with Onfido consent language before asking the end user to proceed to complete any check powered by Onfido

    • "I have read, understand and accept Onfido’s Facial Scan Policy and Release, Privacy Policy and Terms of Service" *
  • provide links to the full text of Onfido’s Facial Scan Policy and Release, Privacy Policy and Terms of Service from within your application

* You may change the phrasing to be consistent with your user experience, as long as you obtain confirmation that the end user has read, understood and accepted Onfido's policies and terms of service. For example, "By continuing to use this service you confirm that you have read, understand and accept Onfido’s …" or "By clicking ‘accept’ you confirm you have read, understand and accept Onfido’s …"

If you are offering any services provided by Onfido to end users based in the US, you must present your end users with the Onfido consent language and link to the policies and Terms of Service, as described above.

You must include the above requirements for Onfido privacy notices and consent into your interface for end users based in the US. Your implementation options depend on whether you use the official Onfido input-capture SDK(s), or have an API-only integration. See below for the options for your configuration.

If you're using one of the official Onfido SDKs

There are 2 options:

  1. Use the Onfido SDK consent screen
  2. Build an Onfido privacy notices and consent stage into your own application

This is an optional screen, where the end user’s acknowledgement of and consent for Onfido’s policies and terms can be collected within the Onfido SDK. To implement this screen, you need to initiate the SDK with the additional consent step included.

The SDK consent screen contains:

  • Onfido privacy notices and consent language
  • links to the full text of Onfido’s Facial Scan Policy and Release, Privacy Policy and Terms of Service
  • a list of FAQs

The consent screen will be shown to the end user at the beginning of the SDK flow, before they are asked to enter any personal information or upload media. The end user will not be able to continue past the consent screen unless they click the "Accept" button.

user consent

Note: You still need to set the API parameter privacy_notices_read_consent_given outside of the SDK flow when creating a check.

If you don’t implement the Onfido SDK consent screen you will need to incorporate Onfido privacy notices and consent language, with links to Onfido’s policies and terms, into your own application before requesting end users to complete Onfido's SDK flow.

You can choose to include Onfido privacy notices and consent language on a new screen or on the screen where you collect consent for your own entity from end users. There needs to be some affirmative action by the end user, after they have been shown Onfido privacy notices and consent language, but you do not have to present a separate check box for consent.

Note: You must also set the API parameter privacy_notices_read_consent_given when creating a check.

If you are an API-only customer

You must include Onfido privacy notices and consent language, with links to Onfido's policies and terms, into your own application before requesting end users to provide any personal information or upload media.

You can choose to include Onfido privacy notices and consent language and links on a new screen or on the screen where you collect consent for your own entity from end users. There needs to be some affirmative action by the end user, after they have been shown Onfido’s privacy notices and consent language, but you do not have to present a separate check box for consent.

Note: You must also set the API parameter privacy_notices_read_consent_given when creating a check

Onfido has introduced the following API consent parameter across all API versions so you can confirm the consent status of your end users.

privacy_notices_read_consent_given Indicates that the privacy notices and terms of service have been read and, where specific laws require, that consent has been given for Onfido

You must include this parameter as part of your API request for the 'checks' resource. When an end user has been shown and accepted the Onfido privacy notices and consent language, you should provide the value true to ensure submitted checks are being processed correctly.

Note: Checks will not be able to complete if you do not confirm that each end user has accepted Onfido's privacy notices and consent language for each check request.

The consent parameter must be provided in addition to including the Onfido SDK consent screen or Onfido privacy and consent language into your application's consent flow.

If you have any questions, please contact our Client Support team.

Onfido

Our Solutions

Onfido uses 256-bit SSL encryption 100% of the time on every device.

BSI ISO/IEC27001

Onfido has been certified by BSI to ISO 27001 under certificate number IS 660122.

© Onfido™, 2020. All rights reserved.
Company Registration Number: 07479524.