Avatar’s mission is to provide privacy to people and authenticity to the world. The notion that you must give up your privacy when you authenticate yourself to systems is false. It is possible to have both privacy and authenticity. No trade-off is needed. Software applications widely use people’s email addresses or phone numbers as unique identifiers and user-assigned passwords as private keys for people to authenticate themselves. This creates massive security vulnerabilities. Critically, it also allows the companies behind those software applications to map their users’ identities to their online profiles on other platforms and index vast amounts of information about them obtained from various sources.

At Avatar, we believe that the best way for us to protect your privacy is to not have access to your identity in the first place. Our system is designed such that you don’t need to trust us. All your Personally Identifiable Information is encrypted and stored on your device and is inaccessible to us at all times.

Conversely, the Personally Identifiable Information that you add to your Personal Data Vault within the Avatar app is verified either by using an automated verification system, or a third-party service whose sole purpose is to verify your identity and return a binary success/failure result that does not include any Personally Identifiable Information. All automated verification systems and third-party services redact your data immediately upon completing the verification process.

Avatar Inc is committed to maintaining the privacy, security, and accuracy of your Personal Data. This Privacy Policy describes how your personal information is handled, secured, and applied when you use any of our services, sign up for an account, or visit our website https://avatar.me or any associated domains, or use our mobile applications (collectively, the “Services”). By using any of our Services, you are accepting the practices described in our Privacy Policy and you consent to receive it via electronic form via online publication between you (“you,” “user,” “your”) and Avatar (“us,” we”, "our", "company"). This Privacy Policy is part of our Terms and Conditions which govern your use of the site and services. This Privacy Policy does not apply to any products, services, websites, or content that are offered by third parties (“Third Party Services”, “service providers”), which are governed by their respective privacy policies. Please read this policy carefully to understand our practices regarding your personal data and how we treat it. By using our website or services, you acknowledge that you have read and understood and consent to this Privacy Policy.

If you have any questions regarding this policy, please contact our Data Privacy Officer at privacy@avatar.me.

We do not collect any Personal Information. Our applications require you to authenticate your identity and allow you to add your authenticated Personal Information to the Personal Data Vault located within the application. However, all your Personal Information is encrypted and stored locally on your device. Avatar has no ability to access or decrypt your personal data.

To verify your identity, Avatar uses on-device third-party utilities. Neither Avatar nor the third-party utility vendors have access to your Personal Information. All verification is programmatically performed and all data is saved on your device only. The Personal Information included in the government-issued identification document such as a driver’s license, a passport, or an identity card, that you use to verify your identity, is extracted from your identification document and stored in the Personal Data Vault on your device. Additionally, we provide you ways to add other personal information to your Personal Data Vault, all of which is stored on your device and only accessible to you.

Avatar offers an optional data backup service. If you opt into this service you will have your data backed up on a storage system outside your local device. The backup data files are encrypted and can only be decrypted by you. Neither Avatar nor any third-party service provider handling such backup data files will ever have access to your unencrypted backup files.

The Avatar app architecture is designed such that we do not have access to your email address, phone number, or any other legacy identifier. Unlike other systems, our system creates a unique self-sovereign identity for you that is completely disconnected from all legacy identifiers. A utility within the app scans your face and generates a unique value that contains no biometric data or other personally identifying information. Our use of this unique and anonymous value enables us to offer you a variety of personalized services without ever knowing who you are or what you look like.

Avatar may ask you for your preferences for products, services, activities, and anything else that we feel may help us offer you personalized services. You will always have the option to not provide your preference information. Importantly, if you decide to provide such preference information, this information is anonymous and cannot be reasonably linked to your personal identity. Avatar will not attempt to extrapolate your identity based on such preference information.

Avatar does collect information automatically via a variety of methods, such as cookies, web beacons, JavaScript, and log files. This information may include user IP addresses, browser types, domain names, device type, time stamp, referring URL and other log file information; user activities within the Service; aggregate and statistical information regarding overall server/visitor traffic and navigation patterns for the Service. Web servers collect this type of basic information automatically as part of web log processes. However, just as with your preferences, this information is anonymized and de-identified. As Avatar has no access to your identity, this information is not connected to your personal information and Avatar will never attempt to extrapolate your identity based on this automatically collected information.

Despite Avatar’s systems and processes designed to prevent us from having access to your Personally Identifiable Information, if, for any reason, Avatar is exposed to your Personally Identifiable Information, Avatar will take steps to purge such PII from our servers and take further actions to ensure anonymization of your information. It is in our best interest not to have access to your Personal Information, and we will take all reasonable steps to ensure that you continue to be anonymous to Avatar.

While all your Personal Information is encrypted and stored locally on your device, we may use the anonymized and tokenized information you provide to the Service for the following purposes:

• To provide the Services to you
• To validate your identity through third-party service providers
• To tailor our content and information that we may send or display to you, to offer personalized help and instructions, and to otherwise personalize your experience with our Service
• To provide features available in the Service
• To enforce our terms, conditions and policies
• To prevent and investigate fraud and other misuses and
• To protect our rights and/or our property.

As your Personal Information is encrypted and stored locally on your device, Avatar has no access to it, thus eliminating the possibility of Avatar sharing it with Third-Parties outside the Avatar ecosystem.

Avatar offers you the ability to connect with mobile apps, websites, and other networked services (Connected Services) provided by third-parties that have made their systems interoperable with Avatar. Avatar’s features may enable Connected Services to be personalized for you.

When you use Avatar to sign up for a Connected Service owned and operated by a third-party, Avatar discloses to you the elements of your information that will be used to personalize the Connected Service for you. Avatar makes the best effort to determine the minimum information required to personalize a Connected Service, and only allows that information to be applied. Wherever possible, Avatar tokenizes your personal information and prevents the Third-Party offering the Connected Service from taking possession of your Personal Information.

Depending on the type of the Connected Service offered by the third-party, the information you share with the third-party may be anonymous, pseudonymous, or personally identifiable. Avatar takes all possible measures to protect your privacy online. However, when you sign up for a service offered by a third-party, the Privacy Policy of that third-party applies to your use of the Connected Service.

We may disclose information where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes. However, Avatar can only disclose what it has access to and possession of. As all of your Personal Information is encrypted and stored locally on your device, Avatar has no ability to share the encrypted information.

We reserve the right to transfer information to a third-party in the event of a sale, merger or other transfer of all or substantially all of the assets of the Company or any of its affiliates (including as part of a bankruptcy proceeding). Any transfer of information during a sale, merger or asset sale, will be in accordance with this Privacy Policy and the recipient will have no ability to access or decrypt your Personal Information. Similarly, we may disclose personal information about Service users to our affiliated companies, but our affiliates’ use of your personal information will be in accordance with the terms of this Privacy Policy.

We may provide aggregate, anonymous or de-identified information about users and the Service for marketing and research purposes. This process may include the use of a third-party service to conduct or provide the data analytics. For example, we might inform third parties regarding the number of unique users who visit the Service, the demographic breakdown of our registered users of the Service, and the educational progress of categories of users.

When you choose to share your Personal Information with third-parties through the Avatar Service, the information disclosed to the third-party is limited to only the information necessary for those service providers to provide their service.

However, if Users choose to share Personal Information directly with the service provider and not through the Avatar application, Avatar has no control over what that third-party receives or what that third-party does with that information. Users should review the privacy policies of any third-party prior to sharing any Personal Information with such third-party.

The Website utilizes cookie technology only to the extent necessary for the Website to function correctly. Your browser or device may allow you to block or delete cookies from our site. However, this may interfere with the functionality of our Service. Cookies collect information automatically even when a user is not logged into their account. The information collected may include information about the platform and operating system you are using, your browser type and version, computer and connection information, and what time you accessed the site. This information will be collected any time you access the website unless you opt out. Avatar will never attempt to extrapolate your identity based on this automatically collected information.

Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. They are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as “first-party cookies”), or by third-parties, such as those who serve content or provide advertising or analytics services on the website (“third-party cookies”). Both websites and HTML emails may also contain other tracking technologies such as “web beacons” or “pixels.” These are typically small transparent images that provide the website with statistics, for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way. As a result, if you disable cookies, web beacons may still load, but their functionality will be restricted.

Avatar only uses what are called “Essential Cookies” on its Website. Anytime you visit and use an Avatar website, the Company or a third-party may place Essential Cookies in your browser. Essential Cookies. These are cookies placed in your browser by the Company and are also known as “strictly necessary” cookies. These are necessary to allow you to move around the site and use some of its features.

Almost all browsers use cookies to track your internet use automatically. However, these browsers also allow you to change the settings in your browser to manage your cookie settings to delete any previously sent cookies and to not accept new cookies. Again, please keep in mind that disabling cookies will negatively impact your user experience with our site. Please review your browser’s settings and preferences for more information on how to manage and delete cookies. Browsers on mobile devices may have different ways to manage cookie settings.

Technology used on the Internet is constantly changing. However, the Company is committed to abiding by its Privacy Philosophy and only utilizing technologies that are aligned with that philosophy. We do not use pixel tags or other technologies that infringe on our user’s privacy.

We do not currently recognize automated browser signals regarding tracking mechanisms, which may include "Do Not Track" instructions. You can change your privacy preferences regarding the use of cookies and similar technologies through your browser. For more information on Do Not Track please visit http://www.allaboutdnt.org/

You must be at least 13 years old or older to gain access to our website or our services. This website is not intended for those who are under 13 years old. The Company does not knowingly collect any information from anyone who is under 13 years of age and does so in compliance with the Children’s Online Privacy Protection Act. The Services are directed solely to individuals who are at least 13 years old.

If we learn we that have collected Personal Data from a child under 13 without parental consent, we will delete that information, unless we are legally obligated to retain such data. If you have any reason to believe we may have unknowingly collected data from a minor under the age of 13 please immediately send us an email at privacy@avatar.me.

You have the following rights with respect to the personal data we hold about you:

• The right to know what data we hold about you:​ You can contact us at privacy@avatar.me to review the personal data you have provided to the Service. We seek to swiftly respond to your inquiry. We may charge a processing fee if less than twelve (12) months have passed since your last inquiry relating to personal data we hold about you.


• The right to have incomplete, incorrect, outdated, or unnecessary personal data corrected, deleted, or updated.​ The easiest way to correct, delete, or update the personal data you have provided to the Service is to access your Personal Data Vault and enter the necessary changes there. If you have additional questions regarding the correction, deletion, or updating of the personal data we hold about you, please contact us at privacy@avatar.me​.


• The right to opt out of receiving electronic direct marketing communications from us:​ All electronic direct marketing communications that you may receive from us, such as e-mail messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us at​ privacy@avatar.me.

The California Consumer Privacy Act provides some California residents with the additional rights listed below.

This section of the Privacy Policy is applicable to residents of the EEA, which consists of the member states of the European Union. This section also applies to residents of Switzerland and residents of the United Kingdom. Residents of the EEA, UK and Switzerland are referred to here as “EEA Residents.”

Under the GDPR, we are considered a “controller” and a “processor” of the Personal Data of EEA Residents. This is because the definition of “controller” and “processor” do not account for the safeguards we have put in place to prevent us from having access to your Personal Information. Simply by virtue of our application storing your Personal Information, even though that information is locally stored and encrypted, we are still considered a controller and processor of that information. This means that we must meet the strict standards of the General Data Protection Regulation (2016/679) of the European Parliament and of the Council on the protection of natural persons regarding the processing of Personal Data and on the free movement of such data (“GDPR”)

If you are resident in the United Kingdom, Switzerland, or the European Economic Area (“EEA”), which includes the member states of the European Union (“EU”), we must disclose that we may transfer Personal Data provided by you for processing in the United States, including Personal Information. While your Personal Data is stored encrypted locally on your device, when you initiate the sharing of that information, the information may be processed in the United States. By providing Personal Data to us for the purpose of using the Service, and initiating sharing that information with third parties through our application, you consent to the processing of such data in the United States. The transfer of your Personal Data to the United States is necessary for the performance of a contract between you and us for your use of the Service.

Our purpose for collecting and processing Personal Data from EEA Residents is to provide them with the features and functionalities of our website and mobile application and information regarding our services. The legal basis for collecting Personal Data is because it is necessary for performance of a contract between us to provide you with the website and mobile application and its related features and functionality. We also rely on your consent to receive the Services. You may withdraw consent at any time through the application. If EEA Residents do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such residents with certain features or functionalities of the Service.

If you are an EEA resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us at privacy@avatar.me.

Additionally, if you are an EEA resident, we are hereby notifying you that we are processing your information in order to fulfill contracts we might have with you, or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to the United States.

Our platforms all have security measures in place to help protect against the loss, theft, misuse and unauthorized access, disclosure, alteration and destruction of the information under the company’s control. All personal information is encrypted and stored locally on each user’s device. Unfortunately, no data storage system or data transmission over the Internet can be guaranteed to be 100% secure. Please also be aware that we may use third-party cloud service providers that provide hosting, data storage and other services pursuant to standard terms and conditions that may be non-negotiable; these service providers have informed us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures.

We may amend this Privacy Policy from time to time. We will provide notice of any material changes made to our Privacy Policy by prominently posting the revised Policy with an updated date of revision on our homepage. We encourage users to check this page periodically for any changes. If we make any material changes that affect information we have previously collected about you, we will provide you with notice via email or within the Service.

If you have any questions about this Privacy Policy or our security measures at Avatar, please contact our Data Privacy Officer at privacy@avatar.me. Users will be notified of any changes to this Policy with a summary of such changes. Your continued use of the Service following the changes to this Privacy Policy constitutes your acceptance of any such changes made.