Amani Privacy Policy

Last Updated: 30 April 2024

Contact us

At Amani, we respect the privacy of our users. Our goal is to help our clients quickly and securely verify their users so they can access services smoothly. When we check identities or provide authentication services, protecting your privacy is our top priority.

Amani collects, uses, and discloses individual users’ information only as directed by these third parties and, accordingly, Amani is a mere processor of user information with respect to the Services and not a controller.  Further, some features of the Services may be disabled or altered by the data controller, or the controller may require Amani to collect, use, disclose, or otherwise process data in ways that differ from those described below. Thus, to fully understand how your information will be handled when you use the Services, you must review not just this Policy, but also the privacy policy of the third party with whom you are dealing directly (the “Third-Party Data Controller”).

We might update this Privacy Policy from time to time. If we make big changes, we’ll let our clients know so they can update their policies and inform their users.

Notwithstanding the above, Amani may process certain individual users’ information in anonymised form for its own purposes. Amani is headquartered in the United Arab Emirates, Innovation Hub, Dubai International Financial Centre

What personal and other information Amani collects about you?

Amani collects “personal information” about users of the Services. “Personal information” is information such as a name, email address, or identification card image, which refers to an identified or identifiable person. Amani processes personal information on behalf of the Third-Party Data Controller. For its own purposes, Amani processes only anonymised information. “Anonymised information” is information which does not relate to an identified or identifiable person or is rendered anonymous in such a manner that the person is no longer identifiable. If you are in the EEA or UK, the Third-Party Data Controller is responsible for identifying a legal basis which permits your personal information to be used for the purposes described below; you should review their privacy policy for further details.

Personal information

Amani collects a wide range of personal information through the Services.  This information varies depending on the Amani application and the Third-Party Data Controller in question, but may include such information as name, physical address, email address, telephone number, social security number, driver’s license number, state or national ID card number, passport number, date of birth.  In some cases, Amani may collect a visually scanned or photographed image of your face and/or your identification card, driver’s license, passport, utility bill, bank account statement, insurance card, or credit/debit card.  This image may include your photograph and other information from the imaged document, such as your eye colour, weight, height, and organ donor status.

Data provided by third parties.

We may receive personal or anonymised information about you from the Third-Party Data Controller that integrates the Services into its website, application, or other online service.  This information includes a customer ID, selected by the Third-Party Data Controller, that uniquely identifies you in the third party’s database. For additional information, review the privacy policy of the Third-Party Data Controller.

At the direction of the Third-Party Data Controller, Amani also might obtain information about you from other third parties, such as consumer reporting agencies and fraud-prevention services.

Cookies and other tracking data

When you use the Services, we automatically receive and record certain information from your computer (or other device) and/or your web browser.  This may include such information as the third-party website or application into which the Services are integrated, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes (including operating system, device model, and hashed device fingerprint information), and your general geographic location (e.g., your city, state, or metropolitan region). We will process such data only as instructed by the Third-Party Data Controller.

We also use cookies in connection with the Services.  For further information please refer to the section entitled “Cookies” below.

Cookies

What are cookies? Cookies are small files that are stored on your computer or other device by your web browser.  A cookie allows Amani to recognise whether you have used the Services before and may store user preferences and other information.

How are cookies used?

For example, cookies can be used to collect information about your use of the Services during your current session and over time, your computer or other device’s operating system and browser type, your Internet service provider, your domain name and IP address, and your general geographic location. We process personal information generated by cookies only as instructed by the Third-Party Data Controller.

What kind of cookies are used on the Website?

Our website primarily uses the following types of cookies:

Cookie Name        Cookie Type        Purpose__ga        Persistent cookie

This cookie is used to distinguish users and expires after 2 years.__gat Session cookie. This cookie is used to throttle the request rate and expires after 10 minutes.

“Session cookies” are temporary bits of information which are deleted when you exit your web browser. Session cookies are typically used to improve navigation and to collect web statistics.

“Persistent cookies” are more permanent bits of information that are stored and remain on your computer until they are deleted by you. This type of cookie stores information on your computer for a number of purposes; such as saving your passwords. Persistent cookies delete themselves after a certain period of time but are renewed each time you visit the website.

How do you avoid cookies?

If you are concerned about having cookies on your computer or device, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it.  You can also delete cookies from your computer.  However, if you choose to block or delete cookies, certain features of the Services may not operate correctly.

How Amani uses the personal and anonymised information that we collect

In general, Amani uses the personal and anonymised information that we collect in connection with the Services as discussed in this section of the Policy.

Personal information is used by Amani only as directed by the Third-Party Data Controller that integrates the Services into its website, application, or other online service.  Subject to the privacy policy of the Third-Party Data Controller, we use your personal information as follows on behalf of the Third-Party Data Controller:

Amani may use your personal information to provide the Services.  For example, we might use your credit card information or ID card information to populate an online form, or to verify your identity in connection with your use of another online service.  We also may use your personal information to fulfil the terms of any agreement between us and the Third-Party Data Controller; to complete a transaction that you initiate; to deliver confirmations, account information, notifications, and similar operational communications; and to comply with legal and/or regulatory requirements.

Anonymised information that we collect in connection with the Services is used by Amani for its own purposes to perform analytics and research concerning the Services.

How Amani shares personal and anonymised information with third parties

In general, Amani shares the personal and anonymised information that we collect in connection with the Services as discussed below.

However, Amani shares personal information only as directed by the Third-Party Data Controller, and thus the following language is subject to the privacy policy of the Third-Party Data Controller.

Third-Party Data Controller

We share the personal and pseudonymised information that we collect on behalf of a particular Third-Party Data Controller with that Third-Party Data Controller.

Amani service providers

Amani also uses third-party service providers to help us deliver, manage, and improve the Services.  These service providers may collect and/or use your personal information or anonymised information to assist us in achieving the purposes discussed above in the section entitled “How we use the personal and non-personal information that we collect.”  For example, we use a third party to help us translate the information contained in scanned images of identification cards.

We also may share your personal information with other third parties when necessary to fulfil your requests for services; to complete a transaction that you initiate; or to meet the terms of any agreement that you have with us or our partners.

Analytics providers

We partner with certain other third parties to collect anonymised information and engage in analysis, auditing, research, and reporting.

Legal purposes

We also may use or share your personal information with third parties when we have reason to believe that doing so is necessary:

  • to comply with applicable law or a court order, subpoena, or other legal process;
  • to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party;
  • to establish, protect, or exercise our legal rights or defend against legal claims; or
  • to facilitate the financing, securitisation, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.

Aggregated information

From time to time, Amani may also share anonymised and aggregated information about users of the Services, such as by publishing a report on trends in the usage of the Services.

Security

Amani uses commercially reasonable physical, electronic, and procedural safeguards to protect your personal information against loss or unauthorized access, use, modification, or deletion. Among other things, Amani encrypts sensitive information both in transit and at rest.  Amani is PCI Level 1 compliant and regularly conducts security audits, vulnerability scans, and penetration tests to ensure compliance with security best practices and standards.  However, no security program is foolproof, and thus we cannot guarantee the absolute security of your personal or other information.  Moreover, we cannot guarantee the safety of your information when in the possession of other parties, such as the Third-Party Data Controller. 

Amani takes appropriate administrative, physical, technical and organisational measures designed to help protect information about users from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction. If you think you have identified a security vulnerability or bug in our Identity Services, please report it to the Amani security team at incidents@amani.tech.

Reviewing and updating your information

Amani will grant you access to your personal information as directed by the Third-Party Data Controller that integrates the Services into its website, application, or online service.  Amani also will retain your personal information as directed by the Third-Party Data Controller and, accordingly, we may retain your personal information for as short as a few minutes or as long as five years.

Thus, if you want to learn more about the personal information that Amani has about you, or you would like to submit a request to update or change that information, please contact the Third-Party Data Controller.  You also may reach us by contact form.

Data Storage

Amani takes privacy seriously and is continually looking at ways to manage and mitigate data protection and security risks, including by minimizing the data we hold. Where possible we pseudonyms, aggregate and de-identify information to protect users’ privacy and reduce security risks.   

We perform our Identity Services on behalf of our clients for a variety of different reasons. Those reasons are identified by our clients, and we rely on them to tell us when they no longer need us to store the information we’ve collected on their behalf, subject to maximum retention periods imposed by applicable laws, defined by Data Providers or by Amani. 

If you, as a user, would like to make a specific request to have your information deleted, please make that request directly to the client that carried out your related check. For more information about how to do this, please see below under “Your Rights”.

Where we have a legitimate legal reason, we may also store information for longer than described above – for example, where we are under a binding legal order not to destroy information.

Your Rights

Depending on where you live and subject to applicable data protection law, you may have the following rights:

  • the right to request access to and disclosure of information that we hold.
  • the right to change and/or correct inaccurate information. 
  • the right to block or suppress the processing of your information. This enables you to request that Amani suspends the processing of your information in certain circumstances.
  • the right to object to our processing of your information where we are relying on a legitimate interest (or those of a third party) and you feel such processing impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 
  • the right to request that we delete your personal information, subject to certain exceptions. 
  • the right to request portability of your personal information. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. 
  • the right to withdraw your consent, if applicable. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

We only transfer your personal data to countries where the UK & EU Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients provide an adequate level of data protection. We do this for example by entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EC and/or 2004/915/EC).

Children’s Privacy

The Services are not directed to children under the age of 16, and Amani will never knowingly collect personal or other information from anyone it knows is under the age of 16.

Government and Law Enforcement Requests

As Amani provides its Identity Services on behalf of its clients, Amani will not disclose any information related to a specific check pursuant to a government or law enforcement request unless at the direction of a client or if there is a binding legal order to do so. This is necessary for us to comply with our legal obligations.  Any government or law enforcement body requesting information related to a specific check may contact us at privacyrequests@amani.ai, and we will seek to put you in contact with the relevant client.

Contact Amani, our Data Protection Officer or a Privacy Supervisory Authority

If you would like more information about how Amani collects and uses information, please contact us at privacyrequests@amani.ai

If you would like to raise a concern with or otherwise communicate with our Data Protection Officer, you may contact them at privacyrequests@amani.ai

We have appointed GRCI Law Limited to act as our UK Representative. If you wish to exercise your rights under the UK General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at ukrep@grcilaw.com or post your request or query to: 

UK Representative, GRCI Law Limited, Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA, UK.

When contacting our Representative please ensure you include our company name in any correspondence.

Changes to this Policy

Technology and the Internet are rapidly changing.  Amani therefore is likely to make changes to the Services in the future and as a consequence will need to revise this Policy to reflect those changes.  When we revise the Policy, Amani will post the new Policy on the Amani website’s home page amani.ai so you should review that page periodically.  If we make a material change to the Policy, you will be provided with appropriate notice.  If we maintain your email address, we also may email you a copy of the revised Policy at your most recently provided email address.  It is therefore important that you update your email address if it changes.