pointidentity.com

logoWhite02
Menu
Become a Design Partner

privacy

Privacy Policy

Last updated : 12 January 2026 – Version 0.1

Your privacy is not an option: it is a founding principle.

At Point Identity, data protection is not merely a regulatory requirement but a pillar of our sovereign architecture. This Privacy Policy explains transparently how we collect, use, secure and retain your personal information, within a model designed to ensure your control, your security and your trust.

1. DEFINITIONS

This section clarifies the technical terms used in the Policy to ensure transparent understanding in line with the GDPR. It enables every user, client or partner to clearly understand the security, identity and compliance mechanisms embedded in our services.

DID (Decentralised Identifier)

A self‑sovereign digital identifier, generated and stored in a decentralised manner.

VC (Verifiable Credential)

A verifiable digital attestation linked to an identity or attribute.

KYC / KYB

Regulatory processes for verifying the identity of natural persons (KYC) and legal entities (KYB).

GDPR

European regulation governing the protection of personal data.

AML‑CFT

Legal obligations relating to anti‑money laundering and counter‑terrorist financing.

PQC

Cryptography resistant to quantum attacks.

Zero Trust

A security model in which no access is trusted by default.

API

Interface enabling secure data exchange between systems.

Cookie

A text file stored in the browser to facilitate navigation or audience measurement.

Data Controller

The entity determining the purposes and means of processing personal data.

 

2. DATA CONTROLLER

The data controller is: Point Identity 21 Allée des Saules, 78480 Verneuil‑sur‑Seine, France

Contact: privacy@pointidentity.com

We determine the purposes, means and security guarantees applied to each processing activity. Our architecture is designed to integrate GDPR compliance by design and by default.

 

3. DATA COLLECTED

We strictly apply the principle of minimisation. We only collect data necessary for operation, security and compliance.

Identification data

Name, surname, email, organisation, account identifiers.

Technical data

IP address, logs, cookies, connection information, browser configuration.

Transactional data

Use of identity services (DID, VC, KYC/KYB), blockchain interactions, payment operations.

Sensitive data

Only when required by law and with explicit consent.

Data not collected

Point Identity never stores your private keys. DIDs and VCs remain under your exclusive control.

 

4. PURPOSES AND LEGAL BASES

We use data for the following purposes:

Service provision

Account creation, identity management, issuance of VCs. Legal basis: contractual performance.

Security and compliance

Fraud prevention, logging, AML‑CFT obligations. Legal basis: legal obligation.

Continuous improvement

Anonymised analysis, performance optimisation. Legal basis: legitimate interest.

Support and communication

Assistance, notifications, exchanges. Legal basis: consent.

Regulatory checks

KYC/KYB and associated obligations. Legal basis: legal obligation.

 

5. DATA SHARING

Point Identity never sells your data. Data may be shared only with:

  • technical service providers (hosting, secure cloud, KYC services),
  • banking partners,
  • competent authorities when legally required.

All third parties are bound by strict confidentiality and security commitments.

 

6. SECURITY AND HOSTING

We apply advanced technical and organisational measures:

  • AES‑256, TLS 1.3 and PQC encryption,
  • access segmentation and continuous logging,
  • Zero Trust architecture,
  • decentralised identity management,
  • hosting on servers located in France.

Our architecture ensures holistic protection, resilient to current and future threats.

 

7. DATA RETENTION

  • Account data: until deleted by the user.
  • KYC/KYB data: 5 to 10 years depending on legal obligations.
  • Technical logs: up to 12 months.
  • Cookies: variable duration depending on type.

We never retain data longer than necessary.

 

8. DATA BREACHES

In the event of a personal data breach, we:

  • notify the CNIL within 72 hours,
  • inform affected individuals if a high risk is identified.

We apply a strict internal incident‑management procedure.

 

9. YOUR RIGHTS

You have the following rights:

  • access,
  • rectification,
  • erasure,
  • restriction,
  • objection,
  • portability,
  • withdrawal of consent.

To exercise your rights: privacy@pointidentity.com A response is guaranteed within 30 days.

 

10. COOKIES

We only use cookies that are strictly necessary for:

  • the proper functioning of the website,

  • secure authentication,

  • anonymised audience measurement.

No advertising or marketing‑tracking cookies are used.

For more information, please refer to our Cookie Policy.

 

11. INTERNATIONAL TRANSFERS

In the event of a transfer outside the EU, we apply:

  • Standard Contractual Clauses,
  • assessment of the protection level,
  • additional measures where necessary.

No transfer is carried out without adequate safeguards.

 

12. THIRD‑PARTY SERVICES

Our services may integrate third‑party APIs or tools. We recommend consulting their privacy policies. No data is shared with unauthorised third parties.

 

13. PROTECTION OF MINORS

Our services are not intended for individuals under 18. Any data collected in error is immediately deleted.

 

14. APPLICABLE LAW

This Policy is governed by French and European law. Competent court: Versailles, unless otherwise required by mandatory provisions.

 

15. CONTRACTUAL INTEGRATION

This Policy forms an integral part of the General Terms of Use.

 

16. CHANGES

The date at the top of this page indicates the latest update. Any substantial modification will be communicated to users.

 

17. CONTACT

For any question relating to data protection: privacy@pointidentity.com

Address: Point Identity, 21 Allée des Saules, 78480 Verneuil‑sur‑Seine, France