Back to Home

IdentIA Privacy Policy

Last updated: March 18, 2026

At IdentIA, your data privacy and security are our top priorities. As an Identity-as-a-Service (IDaaS) provider, this policy explains how we collect, use, protect, and manage the information of users interacting with our platform and integrated services.

1. Information We Collect

We collect three main types of information to ensure a secure and efficient service:

A. Information Provided by the User

  • Identity Data: First name, last name, email address, username (nickname), and identity document (ID/Passport).
  • Credentials: Passwords (stored exclusively in encrypted format using high-security algorithms like Bcrypt with advanced cost factors).
  • Custom Attributes: Specific data required by linked platforms (e.g., job title, department, access level).

B. Automatically Collected Information

  • Session Data: IP address, browser type (User-Agent), screen resolution, and precise access timestamps.
  • Audit Records (Logs): Immutable and detailed history of actions performed in the system, including resource changes, privilege escalations, and logins.
  • Cookies and Tokens: We use RSA-signed JSON Web Tokens (JWT) to maintain secure sessions. The cookies used are strictly technical and necessary for the service's operation.

C. Third-Party Information

  • Identity Providers (OAuth): If you use "Login with Google" or other providers, we receive a unique identifier (SUB) and your validated email to link your account without sharing your external password.

2. How We Use Information

We use your data exclusively for the following legitimate purposes:

  1. Service Provision: Centralized authentication, active session management, and Role-Based Access Control (RBAC).
  2. Security and Forensic Auditing: The Chatter Engine processes data to prevent fraud, detect brute force attacks, and document critical changes for compliance purposes.
  3. Security Communications: Sending temporary codes (OTP) and alerts about suspicious logins.
  4. Technical Optimization: Error and performance analysis to improve authentication latency.

3. Data Protection and Security

We implement an armored architecture designed for the modern enterprise:

  • End-to-End Encryption: All data in transit is protected via TLS 1.3.
  • Token Security: 4096-bit RSA signatures ensure that identity tokens cannot be forged or altered.
  • Proactive Defense: Intelligent rate-limiting and automatic blocking of suspicious IPs based on behavioral patterns.
  • Data Isolation: Multi-tenant architecture ensuring that data from different organizations never mixes.

4. International Transfers

To ensure high global availability, IdentIA uses distributed cloud infrastructure. Data may be processed in data centers located in various regions, always under the protection of Standard Contractual Clauses (SCCs) and guaranteeing levels of protection equivalent to those required by EU regulations and local privacy laws.

5. User Rights (GDPR/Global Standards)

As a data subject, you have fundamental rights that IdentIA respects and facilitates:

  • Access and Portability: You can request a copy of your identity data in JSON format.
  • Rectification: Immediate ability to correct inaccurate data through the control panel.
  • Deletion (Right to be Forgotten): Permanent removal of your profile, subject only to audit log retention required by legal or cybersecurity regulations.
  • Processing Limitation: Possibility to temporarily suspend the use of certain non-critical attributes.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the described purposes. Audit logs are kept for an extended period according to each client organization's compliance policies, generally between 1 and 5 years, to allow for forensic investigations if necessary.

7. Contact and Legal Information

IdentIA is a service operated by Multipacha. If you have technical or legal questions about the processing of your data, you can contact us at:

Email: privacy@identia.cc
Attn: Data Protection Officer (DPO)