Privacy Policy

Effective: 8 March 2026

RuonID is operated by RuonLabs ("we", "us"). This policy explains how we handle data across the RuonID mobile app, the verification server, and the developer SDK.

1. Data we collect

Identity data (app users): When you onboard, the RuonID app reads your passport's machine-readable zone (MRZ) and NFC chip, and captures a selfie for face verification. All identity data is encrypted with AES-256-GCM and stored exclusively on your device. The encryption key is held in your device's secure enclave and requires biometric authentication to access. We do not store, transmit, or have access to your plaintext identity data.

OPRF protocol: During onboarding, the app sends a mathematically blinded curve point to our server to derive your unique identifier. The server never sees your nationality, personal number, or any raw identity input — only an opaque cryptographic value.

Developer accounts: When developers register, we collect their name, email, company name, and use case description. This is stored in our database to manage accounts and billing.

Device attestation: We receive Apple App Attest or Google Play Integrity tokens to verify requests come from genuine devices. We store a hashed device identifier for rate limiting. We do not collect device model, OS version, or other device metadata.

2. Data we do not collect

• No analytics or tracking SDKs
• No crash reporting services
• No advertising identifiers
• No location data
• No usage telemetry
• No cookies (the API serves mobile apps, not browsers)

3. How identity data is shared

Identity data is only shared when you explicitly approve a verification request and authenticate with biometrics. Each sharing event requires a new approval. The data is encrypted end-to-end — only the requesting developer's private key can decrypt it. Our server never sees the plaintext.

Free verify flow: When an app uses the free sybil-resistance check, only an anonymous app-specific identifier is shared. This identifier is different for each developer, so your activity cannot be correlated across apps. No personal information is transmitted.

Full identity flow: The requesting developer specifies which fields they need. You see exactly what will be shared on the consent screen before approving. Sensitive fields (name, ID numbers) are always encrypted.

4. App-specific identifiers

Your app-specific ID is computed as SHA-256(ruonId || developerPublicKey) on your device. Your raw ruonId never leaves the device. Each developer receives a different identifier for you, preventing cross-app tracking.

5. Data retention

• Identity data: Stored on your device only. Deleted when you uninstall the app or clear app data.
• Server-side: We retain developer account data for the duration of the account. Billing events are retained for 7 years for tax compliance. Rate-limiting data is ephemeral and not persisted.
• Webhook idempotency records: Automatically deleted after 7 days.

6. Security

• AES-256-GCM encryption for all identity data at rest
• ECIES (secp256k1) for key wrapping during sharing
• SSL certificate pinning on iOS and Android
• AWS KMS for server-side signing keys (keys never leave KMS)
• Device attestation (App Attest / Play Integrity) on all verification requests
• Biometric gating on all data access

7. Your rights

You can delete all your data at any time by uninstalling the RuonID app. Since we don't store your identity data server-side, there is nothing to request deletion of. For developer account deletion, email privacy@ruonlabs.com.

8. Changes

We may update this policy. Material changes will be communicated through the app or by email (for developers). The effective date at the top indicates the latest revision.

10. Contact

For privacy questions: privacy@ruonlabs.com