persona-logo

Website Privacy Policy 

Last Updated: April 8, 2026

This Website Privacy Policy describes how Persona Identities, Inc. (“Persona,” “we,” “us,” or “our”) collects, uses, and discloses personal data when you visit withpersona.com or any other website that links to this policy, including when you visit as a business customer. 

Where Persona processes "nonpublic personal information" subject to the GLBA, such data will be governed by our GLBA Privacy Notice.

Personal Data We Collect and Process

We collect personal data from website visitors including current or prospective business customers who visit our website, create a customer account, sign up to receive a demo or marketing material, download one of our guides or otherwise communicate with us. For example: 

  • Information you provide directly

    • Name and contact information, such as username or alias, email address and phone number.

    • Demographic data. In some cases, such as when you register or participate in surveys, we request that you provide age, gender, and similar demographic details.

    • Payment information. If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.

    • Content and files. If you upload content to our services or communicate with us through forms, surveys and other channels, we collect the information, documents and other files you may choose to share with us.  

  • Information we collect automatically from you

    • Identifiers and device information. When you visit our websites, our web servers log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. We use cookies, web beacons, mobile analytics and advertising IDs, and similar technologies to operate our websites and to help collect data, including usage data, identifiers, and device information. For more information about what cookies and similar technologies we use and how we use them, see our Cookie Policy

    • Geolocation data. Depending on your device and app settings, we collect geolocation data. We do not collect precise geolocation data.

    • Usage data. We log your activity including pages you viewed, access times, from which IP address, and other details about your use of and interactions with our website.

  • Information we create or generate

    • Inferences. We infer information from other data we collect, including your likely preferences. 

  • We also obtain the types of information described above from third parties. These third-party sources include:

    • Service providers. Parties that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address. 

    • Third party partners.  Third party applications and services, including social networks you choose to connect with or interact with through our services.

    • Co-branding/marketing partners.  Partners with which we offer co-branded services or engage in joint marketing activities.

    • Data brokers. Data brokers and aggregators from which we obtain data to supplement the data we collect.

    • Publicly available sources.  Public sources of information. 

When you are asked to provide personal data, you may decline. You may also use web browser or operating system controls to prevent certain types of automatic data collection. If you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

We use the personal data we collect for the following purposes and in reliance on the legal bases described below: 

  • Product and service delivery, including to provide and deliver the requested services in reliance on performance of contract with you and our legitimate interests;

  • Business operations, including to operate our business, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity. We perform this processing to the extent it is necessary to pursue our legitimate interests to operate our business, to protect our rights or to comply with our legal obligations;  

  • Development and research, including to develop new services or features based on demand and usage trends on the website, and conduct research on same in reliance on our legitimate interests;

  • Personalization, including to understand you and your preferences to enhance your experience and enjoyment using our website in reliance on our legitimate interests; 

  • Customer support, including to provide customer support and respond to your questions in reliance on our legitimate interests;

  • Communications, including to send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages in reliance on our legitimate interests;

  • Marketing, including to communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners as necessary for our legitimate interests in conducting our marketing or to the extent you have provided your consent. You can stop marketing communications by following the directions in that message or by contacting us as described in the Contact Us section below; and

  • Advertising, including display advertising to you to the extent it is necessary for our legitimate interest in advertising our services or, where necessary, to the extent you have provided your consent (see our Cookie Policy for information about personalized advertising and your advertising choices).

How We Disclose Personal Data

  • Service providers working on our behalf for the purposes described in this Website Privacy Policy. For example, our data storage and hosting provider, and companies we've hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions.

  • Financial services & payment processing: When you provide payment data, for example to make a purchase, we will provide payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.

  • Advertising partners: Third party analytics and advertising companies also collect personal data through our website including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in our Cookie Policy. These third party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.

  • Subsidiaries, only where access is needed to provide our services and operate our business.

  • Corporate transactions, only where required as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.

  • Legal enforcement, only where necessary to comply with applicable law.

  • Security, safety, and protecting rights. We will disclose personal data if we believe it is necessary to:

    • protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;

    • operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or

    • protect the rights or property of ourselves or others, including enforcing our agreements, terms and policies.

We make these disclosures for purposes of providing and delivering our website and services to you; promoting security of the website and services and detecting fraudulent acts; improving the website and services; and providing customer support.

Data Retention 

We retain personal data for as long as necessary to fulfill the purposes described in this policy. We may retain certain personal data to comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes, such as fraud detection and prevention and enhancing safety and security across our services. 

Your Rights and Choices 

We provide a variety of ways for you to control the personal data we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law. We respond to all requests we receive from individuals in accordance with applicable laws.

Depending on where you are located and subject to applicable privacy laws, you may have the following privacy rights: 

  • To access, correct, update or request deletion of your personal data.

  • To object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data (i.e., your data to be transferred in a readable and standardised format).

  • If we have collected and processed your personal data with your consent, then you can withdraw consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent. 

  • Website visitors may opt out of the “selling”, “sharing” or processing for targeted advertising by clicking “Do not sell or share my personal information” in our website footer. 

  • We do not sell your personal data for money. 

  • We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. 

  • For residents of Oregon, you may also have the right to request from us a list of specific third parties to whom we have disclosed your personal data. 

  • For residents of France, you can send us specific instructions regarding the use of personal data after your death. 

You also have the right to lodge a complaint with your local supervisory authority, but we encourage you to first contact us with any questions or concerns. For more information, please contact your local supervisory authority. If you are a UK resident, you may lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/

If we decline to take action on a request, you may have the right to appeal our decision. In these cases, we will notify you providing our reasons for denying the request and instructions for how you can appeal the decision in accordance with applicable law. 

To exercise any of your privacy rights, please contact us using the information found under the “Contact Us” section. When contacting us, please do not send us any personal data beyond what is required for us to communicate with you, such as copies of your government ID.  

Residents of California may have certain additional privacy rights. Please refer to the “Supplemental California Consumer Privacy Act Privacy Policy” for more information. 

For information about how you can control cookies and other similar tracking technologies please see our Cookie Policy

Processing Locations and Data Transfers 

Persona is headquartered in the United States, with offices in San Francisco and New York City as well as employees globally. 

The personal data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, service providers or third-party data partners process data. This means that we may process your personal data in and transfer your personal data to countries outside of the country in which you are based. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). We take steps designed to ensure that personal data is processed and protected as described in this policy and in accordance with applicable law wherever the data is located.

Currently, we primarily use data centers in the United States and Germany to host your personal data. The storage location(s) are chosen to operate efficiently and improve performance. 

We transfer personal data from the European Economic Area (EEA), United Kingdom (UK), and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use legal mechanisms, including the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, the European Commission’s Standard Contractual Clauses (and similar measures in the UK and Switzerland) or other available transfer mechanisms, to help ensure your rights and protections.

Compliance with Data Privacy Framework Principles

Persona complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Persona has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Persona has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Website Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If third-party agents process personal data on our behalf in a manner inconsistent with the Data Privacy Framework Principles, we remain liable unless we prove we are not responsible for the event giving rise to any damages. If you have a question or complaint related to our compliance with the Data Privacy Framework Principles, please contact us as described in the Contact Us section below.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Persona commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Finally, under limited circumstances and after other available dispute resolution mechanisms have been exhausted, binding arbitration is available to address certain residual complaints under the EU-U.S. Data Privacy Framework Principles, Swiss-U.S. DPF Principles, and the UK-Extension Framework not resolved by other means.

Security 

We take reasonable and appropriate technical and organizational measures to protect personal data that we collect and process about you. The measures are designed to provide a level of security appropriate to the risk of processing your personal data. 

Changes to this Website Privacy Policy 

We will update this Website Privacy Policy when necessary to reflect changes in how we use personal data in relation to our website in accordance with applicable law. When we post changes to the Website Privacy Policy, we will revise the “Last Updated” date at the top of the Website Privacy Policy. If we make material changes to the Website Privacy Policy, we will provide additional notice regarding such changes if required by law.

Contact Us 

If you have a privacy concern, complaint, or a question for Persona, please feel free to use this form or contact us at idv-privacy@withpersona.com.

Our postal address is Persona Identities, Inc., 981 Mission Street #95, San Francisco, CA 94103, United States.

Our data protection representative for the European Economic Area and Switzerland is Darina Byrne, 88 Harcourt Street, Dublin 2, DUBLIN, Ireland, D02 DK18. To make an inquiry to Darina Byrne, please contact idv-privacy@withpersona.com.

Our data protection representative for the UK is: S. Alec Lawton, Graigwen, Plasycoed road, Pontypool Torfaen, NP4 6QH, UK. To make an inquiry to S. Alec Lawton, please contact idv-privacy@withpersona.com

To contact our data protection office (DPO) please feel free to contact them at dpo@withpersona.com

Supplemental Notice for Australian Residents 

Persona will comply with the Privacy Act 1988(Cth) including the Australian Privacy Principles. If you wish to complain to the OAIC about how Persona has handled your personal information, you should first complain to us in writing. You may contact Persona with questions at idv-privacy@withpersona.com, or submit a complaint about any privacy issues through this webform. If we receive a complaint from you about how Persona has handled your personal information, we will acknowledge receipt of your complaint, investigate it in a timely manner, and determine what (if any) action should be taken to resolve the complaint. If we decide that a complaint should be investigated further, the complaint will usually be handled by our privacy and compliance team. We will take reasonable steps to address any substantiated issues and notify you of the outcome of our investigation. We will assess and handle complaints in accordance with our internal complaint handling policy. 

If you believe that we have failed to resolve the privacy complaint satisfactorily, you have the option of contacting the Office of the Australian Information Commissioner (OIAC). Contact details of the OIAC may be found here.

Supplemental Notice for California Residents

If you are a California resident, please also see our Supplemental California Consumer Privacy Act Privacy Policy.