Privacy Policy

Overview

This is the privacy policy for Indiid.net, an online Identity Provider (IDP) service. We hope to provide an authentication service with a high level of privacy and give our customers full control over their data.

Indiid.net is currently a very new service that is 'in beta'; it is not yet officially 'released' as a finished product.

Who we are

Indiid.net is owned by Digital Identity Ltd, a UK-registered company. In this policy Indiid.net and Digital Identity Ltd will be referred to as "we", and customers will be referred to as "you.".

Legal Obligations and Governance

As a business based in the United Kingdom we aim to comply with both UK regulations (in particular the Data Protection Act) and European standards.

Our servers and databases are hosted by European businesses. No unencrypted data is stored outside the EU.

Information that is collected

Service Logging

During normal operation Indiid.net stores a variety of simple logs of service activity. These will include IP addresses, web pages requested, message addresses, and so on. These log files are automatically deleted after a few months have passed. These log files are only visible to our technical staff.

If you a concerned about your computer's IP address being logged we recommend that you use an anonymizing proxy or VPN service.

Account History

Changes to each customers account are recorded and can be viewed by the user and by our support staff.

User profile data

Information about a customer than can be passed to other sites or displayed online is referred to as profile data or "attributes". This information is supplied and controlled by customers. Access is controlled by the customer that owns the data.

We request your real name when during signup but this is not published without your permission.

Credentials

Indiid.net uses secret information such as passwords, encryption keys, PINs and so on to provide login services. These are stored encrypted and are not shared. Customers may change or delete their credentials at any time.

Contact Addresses

Indiid.net stores contact addresses for each user, such as email addresses, phone numbers and instant messaging address, for use when logging in or to send messages and alerts. Contact addresses are only shared when released by users as part of a profile. They can be edited or deleted by users at any time.

Linked accounts

Indiid.net may store details of a user's other accounts (such as Twitter or Facebook) for use when logging in. This information can be changed by users at any time, and is only shared when included by users as part of a profile.

Login History

Indiid.net may store information about websites a customer has logged in to using Indiid.net. This is to remember login preferences, provide "favourites" and to manage profile publication. Users can choose to delete this information at any time.

Information that is not collected

Credit Card Details

Indiid.net does not store any credit card or direct debit information. Subscription information is stored on our behalf by Spreedly, a PCI-compliant company.

Messages to users and between users

Some Indiid.net subscription plans allow messages to be sent and received. We do not store or forward the content of any messages. Only message destination information is temporarily logged.

Most messaging services, particularly email, are not private unless some form of encryption is used. We encourage our customers to use email certificates or PGP/GPG to make their communication private.

Social network relationships

Indiid.net does not collect or process information about your friends, likes, dislikes, purchases, music preferences, relationships, and so on.

How information is used

We only use information that is required to provide the Indiid.net service to it's customers.

Settings and preferences

Indiid stores a variety of settings and preferences for each user. These are not publicly viewable and can be changed at any time by the user.

Outgoing messages from Indiid.net

We send messages to our customers when certain system events occur (alerts, information reports, etc). This can be configured by the customer.

Marketing

We only send marketing information about other Digital Identity products if the customer has opted-in. We do not send marketing material for any other businesses.

Advertising

We do not use any advertising in Indiid.net - no external advertising is shown, and no direct advertising for other Digital Identity products will be shown.

Information Sharing

We do not share any information about users with third parties without the explicit consent of the user or unless required to do so by law.

Publication in Directories

A user may choose to display searchable information from the profiles in a web-based directory. Only attributes chosen by the user will be shown, and the visibility of each profile can be controlled by the user.

Third Party Service Providers

When using Indiid.net to access service providers, you may choose to release information to that service provider as part of the login process.

After you have logged in to the Service Provider the data you have chosen to release is covered by the third-party's privacy policy; Indiid.net has no further control over it.

Requests by Law enforcement organisations

Information about you may be released to law enforcement organisations if we are required to do so by law. We require legal warrants for any information release, and will only comply to requests from UK authorities.

We will inform users that their information has been requested unless we are legally prohibited from doing so.

Offensive or Illegal Content

We do not scan messages for inappropriate, illegal, offensive or anti-social content. However we may close an account if it is reported to us that our Terms And Conditions of Use have been breached.

Information about children

We currently require that all customers be at least 18 years old so at present we do not knowingly store any information relating to children.

Information lifetime

System logging information is stored for at most three months.

User account data is normally stored for as long as the account is active, but options may be present to allow you to choose different expiry times.

Account deletion

Accounts may be archived or deleted whenever a customer wishes.

If archived accounts become inactive immediately but may later be restored if the user requests.

If deleted all account information is removed immediately or after a delay previously specified in account options (this is to prevent accidental or malicious deletion). Accounts on third party services that were accessed using the deleted account will become inaccessible. We therefore advise users to delete accounts on third-party services before removing their Indiid.net account.

When deletion occurs all live data is permanently removed. However it may not be possible to immediately remove data from backups, and logging information will remain.

Viewing and exporting personal data

We intend to provide an online facility to allow customers to review all data we hold on them online whenever they wise (apart from encrypted credentials). At present this facility is not available, but data can be provided on request.

Cookies

Cookies are small text files stored in a user's web browser by a web site. Indiid.net requires to use of cookies in order to function - they are needed to keep track of the login process. Cookies are used to store your session and to remember login preferences.

Indiid.net also uses cookies for simple analytics - checking visitor statistics - and measuring performance and reliability. No personal information is gathered.

We do not use any third party tracking cookies.

Indiid.net will not be usable unless cookies are enabled in your web browser.

Business Transfers

We do not intend to sell Indiid.net - we hope to build a sustainable independent business. However, if such a sale were to occur we would notify all users before ownership of the service (and customer data) is transferred, to give customers the opportunity to review any changed terms and delete their accounts.

Privacy Policy Changes

Our privacy policy will change over time. We expect most of these changes to involve fine-tuning the wording of the text for legal reasons, and to add more specific details. We intend to maintain high levels of privacy.

When changes occur we will notify all customers.


To keep our terms as open and accessible as possible we make working copies of them available on Github. We encourage others to fork them (they are Creative Commons licensed) and reuse them.

Do you have ideas about how we can improve our terms and policies? Please send us a pull request (a bit techie) or raise an issue on Github, or just send us an email.