Skip to Content
MID 1.0 is released 🎉

MID Privacy Policy

Learn how MID protects your privacy and manages your personal information with industry-leading security and transparency.

Last updated: October 15, 2025
Contact Privacy Team

Your Privacy Matters

Effective Date: October 15, 2025 • Last Updated: October 15, 2025

ℹ️
Privacy-First Design

MID is built with privacy at its core. We use zero-knowledge architecture and device-local biometric storage to ensure your most sensitive data never leaves your device.

Introduction

Welcome to MobID (Mobile Identity), a secure digital identity and authentication application developed by Invexia. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.

Your privacy is critically important to us. This policy describes our practices regarding the collection, use, and disclosure of information that you may provide via our service and explains the rights you have with respect to the information about you that we process.

Information We Collect

Information you provide directly, including identity data, contact details, and account preferences.

FIDO2/WebAuthn cryptographic keys and biometric templates stored securely on your device.

App performance metrics and usage patterns to improve our services (with your consent).

How We Use Your Information

Core Functionality

  • Identity Verification: Authenticate your identity securely using FIDO2 standards
  • Account Management: Create, maintain, and secure your digital identity
  • Service Provision: Provide core mobile identity and authentication services
  • Security: Protect against fraud, unauthorized access, and security threats

Service Improvement

  • Analytics: Understand usage patterns to improve app functionality
  • Performance Optimization: Monitor and enhance app performance and reliability
  • Feature Development: Develop new features based on user needs and feedback
  • Quality Assurance: Test and debug application issues

Communication & Legal Compliance

Communication

  • Support: Respond to your inquiries and provide customer support
  • Updates: Notify you about app updates, security patches, and new features
  • Legal Notices: Send important legal or regulatory information

Legal Compliance

  • Regulatory Requirements: Comply with applicable laws and regulations
  • Legal Proceedings: Respond to legal requests and protect our rights
  • Safety: Protect the safety and security of our users and services

Data Storage and Security

Industry-Leading Security

MID employs bank-grade encryption, hardware security modules, and zero-knowledge architecture to protect your data at every level.

Data Sharing and Disclosure

⚠️
No Data Sales

We never sell your personal information. We only share data with trusted service providers under strict contractual obligations.

Third-Party Services

We may share limited information with trusted service providers:

Infrastructure Partners

  • Cloud Hosting: AWS, Google Cloud for secure infrastructure
  • CDN Services: Content delivery for optimal performance
  • Monitoring: Security and performance monitoring tools

Analytics & Support

  • Usage Analytics: Anonymous usage statistics (opt-in only)
  • Crash Reporting: Error diagnostics for app improvement
  • Customer Support: Secure communication platforms

We may disclose information when legally required:

  • Legal Process: Court orders, subpoenas, or legal proceedings
  • Government Requests: Lawful requests from government authorities
  • Safety Protection: Protecting rights, property, or safety of users
  • Business Transfers: In case of merger, acquisition, or asset sale (with notice)

Your Rights and Choices

Data Access Rights

View Your Data

  • Request access to your personal information
  • Export your data in common formats
  • Understand how your data is used
Control & Correction

Manage Your Information

  • Update or correct inaccurate information
  • Control privacy and security settings
  • Manage notification preferences
Data Deletion

Right to Be Forgotten

  • Request deletion of your personal data
  • Delete your account and associated data
  • Permanent removal (where legally permissible)

Privacy Controls Available

Children’s Privacy

⚠️
Age Restrictions

Our service is not intended for children under 13 years of age (16 in the EU without parental consent). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately to request deletion. We will take steps to verify and promptly delete such information.

International Data Transfers

Transfer Safeguards Your information may be processed in countries other than your residence. We ensure protection through:

  • Standard Contractual Clauses (EU-approved)
  • Adequacy Decisions for secure countries
  • Binding Corporate Rules for internal transfers
  • Your explicit consent for specific transfers

Regional Compliance We maintain compliance with regional privacy laws:

  • GDPR (European Union)
  • CCPA (California)
  • PIPEDA (Canada)
  • LGPD (Brazil)
  • Other applicable local laws

Data Retention

We retain information only as long as necessary for service provision and legal compliance:

  • Account Data: Active account duration + 30 days after deletion
  • Authentication Logs: 90 days for security analysis
  • Analytics Data: Anonymized and retained for service improvement
  • Legal Requirements: As mandated by applicable laws and regulations

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law or legitimate interests.

Cookies and Tracking

ℹ️
Cookie Usage

Our website uses cookies to enhance your experience. Our mobile app uses similar local storage technologies for essential functionality.

Regional Compliance

European Union (GDPR)

Enhanced Rights for EU Residents

  • Lawful basis for processing
  • Data portability rights
  • Right to be forgotten
  • Data Protection Officer contact

Supervisory Authority Lodge complaints with local DPA

California (CCPA)

California Consumer Rights

  • Right to know about data collection
  • Right to delete personal information
  • Right to opt-out (we don’t sell data)
  • Non-discrimination protection
Global Compliance

Worldwide Privacy Standards

  • Canada (PIPEDA)
  • Australia (Privacy Act)
  • Brazil (LGPD)
  • Other regional laws

Technical Implementation

Technical Excellence

Our privacy protection is backed by cutting-edge technology and industry best practices in cryptography and security architecture.

FIDO2/WebAuthn Security

Our implementation follows industry best practices:

Authentication Protocol

  • Attestation: Verifying authenticator integrity and authenticity
  • Assertion: Secure authentication without passwords or secrets
  • Biometric Templates: Stored securely in device hardware only
  • Counter Verification: Advanced protection against replay attacks

Cryptographic Standards

  • Key Generation: Hardware-based random key generation
  • Signature Algorithms: ECDSA and RSA with secure curves
  • Hash Functions: SHA-256 and SHA-512 for data integrity
  • Transport Security: TLS 1.3 with certificate pinning

Encryption Standards

TLS 1.3 Encryption

  • Perfect forward secrecy
  • Certificate pinning
  • Secure cipher suites
  • Regular security updates

AES-256 Encryption

  • Military-grade encryption
  • Hardware security modules
  • Secure key management
  • Regular key rotation

Hardware Security

  • HSM-based key protection
  • Secure key derivation
  • Multi-layer encryption
  • Zero-knowledge architecture

Updates to This Privacy Policy

ℹ️
Stay Informed

We’ll notify you of significant privacy policy changes through multiple channels to ensure you’re always informed about how we protect your data.

Notification Methods:

  • App Notifications: In-app alerts for significant changes
  • Email Alerts: Direct notifications to registered users
  • Website Notice: Prominent announcements on our website
  • Version Updates: Clear versioning and effective date updates

Continued use of our service after changes indicates acceptance of the updated policy. For material changes affecting your rights, we may require explicit consent.

Contact Information

Privacy Questions?

Our privacy team is here to help. Contact us with any questions about this policy or your data rights.

Invexia Technology Solutions
Email: privacy@invexia.co
DPO: dpo@invexia.co

Support & Inquiries
Support Portal: support.invexia.co
Address: Lagos, Nigeria

This Privacy Policy is designed to be transparent and comprehensive while meeting the requirements of major app stores and international privacy regulations.

Document Version: 1.0Language: EnglishEffective: October 15, 2025

For the most current version of this policy, please visit our website or check the app settings.


This policy is governed by applicable international privacy laws and regulations.

Last updated on