Privacy Policy

Last Updated: December 1st, 2025

1. Who We Are

Authos ("we," "us," or "our") provides a digital identity verification platform that connects businesses to official government identity sources.

Our website is https://authos.global. We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

2. Scope of This Policy

This Privacy Policy explains how we collect, use, disclose, and protect personal information:

  • As a Controller: For visitors to our website, prospective clients, and client contacts (i.e., information about you and your company).
  • As a Processor: For personal information that our business clients ("Clients") submit about their end-users through our verification Service. In this context, our Clients are the data controllers, and we process data strictly on their instructions under our Terms of Service and Data Processing Agreements.

3. Personal Information We Collect

A. Information You Provide Directly

  • Account Information: Name, email address, company details, and billing information when you sign up.
  • Communications: Contents of your enquiries, support tickets, or feedback.
  • Client Integration Data: Technical details required to provide the Service (e.g., API keys, callback URLs).

B. Information We Collect Automatically

  • Usage Data: IP address, browser type, pages visited, and timestamps when using our website or dashboard.
  • Cookies & Similar Technologies: We use essential and analytics cookies to operate and improve our site. You can manage preferences in your browser.

C. Information Processed on Behalf of Clients (Processor Data)

To perform identity verification, our Clients submit their end-users' data to our Service. This may include:

  • Government-issued identifier (e.g., Aadhaar number)
  • One-time password (OTP) for authentication
  • Other data points as required for the specific verification flow

We process this information solely to provide the verification Service as instructed by our Client, who is responsible for obtaining lawful consent. This data is processed by our in-house systems and is not shared with third-party verification partners.

4. How We Use Personal Information

We use your personal information for specific, lawful purposes. When we act as a Controller, our uses and legal bases include:

  • To provide, operate, and maintain our Service: This is necessary to perform our contract with you.
  • To send service-related communications: This is necessary for contract performance and our legitimate interests.
  • To respond to your enquiries and provide support: This is in our legitimate interests.
  • For billing, account management, and administration: This is necessary for contract performance and legal obligations.
  • To improve, secure, and analyse our website and Service: This is in our legitimate interests.
  • To comply with legal obligations and protect rights: This is necessary for legal compliance and legitimate interests.

As a Processor, we use Client-submitted end-user data only to execute the specific verification transaction as contractually instructed by our Client, using our proprietary in-house technology.

5. How We Share Personal Information

We do not sell your personal information. We do not use third-party verification partners to process the identity data you or our Clients submit.

We may disclose personal information in these limited circumstances:

  • With Essential Service Providers: Only to trusted vendors who provide core infrastructure, such as cloud hosting providers, under strict confidentiality agreements. These providers do not process verification data for their own purposes and cannot access the content of the data we process.
  • For Legal Reasons: If required by law, regulation, legal process, or a valid governmental request in Australia.
  • With Your Consent: Where you have expressly authorised a specific disclosure.

6. Data Security

We implement technical and organisational measures designed to protect personal information against unauthorised access, alteration, or destruction. These include end-to-end encryption (including post-quantum resistant protocols), strict access controls, and regular security assessments. Our in-house architecture is designed to minimise data exposure.

7. Data Retention

  • Controller Data: We retain your account information as long as your account is active and as needed to provide services. We retain other information as necessary for the purposes collected or as required by law.
  • Processor Data: We retain end-user verification data only as long as necessary to complete the transaction and provide the result to our Client, or as otherwise contractually agreed with the Client, unless a longer retention period is required by law. We do not retain a persistent copy of government-issued identifiers after the verification session.

8. Your Privacy Rights (Australian Privacy Principles)

Under the APPs, you may have the right to:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of inaccurate, out-of-date, or incomplete information.
  • Complaint: Lodge a complaint with us or the Australian Information Commissioner.

To exercise these rights, contact us at axc@authos.global. We will respond within a reasonable period as required by law.

Note for End-Users: If you are an individual whose data was submitted by one of our Clients for verification, please contact that Client directly to exercise your rights over that data, as they are the data controller.

9. Changes to This Policy

We may update this Privacy Policy. The "Last Updated" date at the top will indicate changes. We encourage you to review this policy periodically.

10. How to Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Authos Privacy Officer

Email: axc@authos.global

Postal Address:

PO Box 77

Samford QLD 4520

Australia