Comms IDComms.ID
Get Started

Comms.ID ISP and ASP Privacy Notice

Last Updated: 19 August 2025 Version: 1.0.3

1. Purpose of This Notice

This notice provides detailed information about how we handle your personal information when you create and manage your Comms.ID Digital ID. When we perform these functions, we are acting as an Identity Service Provider (ISP) and an Attribute Service Provider (ASP) in alignment with the Australian Government Digital ID System (AGDIS) framework.

Creating a Comms.ID is a prerequisite for using our services. This process involves verifying your identity to a high level of assurance and requires your explicit consent for the collection and storage of identity documents and biometric information, which are necessary for our high-security model.

2. Verifying Your Identity (Our Role as an ISP)

To issue you a secure, reusable Digital ID, we must first verify you are who you say you are.

  • What Information We Collect: We will ask you to provide information from, and capture images of, your Australian government-issued identity documents. This includes:

    • An image of the identity document itself.
    • An image of you holding your identity document.

  • How We Verify It: We use the details from your document to perform a real-time check with the Australian Government's Document Verification Service (DVS), confirming the details match the issuing agency's records.

  • How and Why We Store Document Images: To enable high-assurance features and comply with regulatory expectations, we securely store the images of your identity document. This is necessary to:

    • Allow for offline or in-person verification (e.g., a venue checking your ID against your face).
    • Meet the requirements for higher Identity Proofing Levels (such as IP4).
    • Assist in high-priority fraud investigations.

3. Your Biometric Information: The Key to Your Security

Our platform is designed to be password-free. Your security is guaranteed by binding your verified identity to you as a person. This requires the use of your biometric information (your face) for both creating your Digital ID and for every subsequent authentication.

This section explains how we handle this sensitive information. Your explicit consent to these practices is mandatory to create and use a Comms.ID account.

What We Collect and Why

During setup and subsequent authentications, we will ask you to perform a facial scan using your device's camera. This process includes a "liveness check" to ensure you are a real person.

From these scans, we create and securely store:

  1. A biometric template: A mathematical representation of your face used for automated matching.
  2. A limited gallery of your authentication images and videos: These are retained to provide a higher level of confidence and security for your account.

Storing this information is mandatory because it is essential for our security model. It allows us to:

  • Effectively investigate fraud or transaction disputes (e.g., if you report an unauthorised event).
  • Securely verify your identity if you register a new, untrusted device.
  • Maintain an auditable, high-confidence record of authentications.

How We Use Your Biometric Information

Your biometric data is used exclusively for identity verification and authentication purposes. This is always a one-to-one (1:1) match to confirm your presence and identity. We will never use your biometric information for one-to-many (1:N) searching or for any other purpose.

Your Explicit Consent

By creating an account and ticking the specific consent checkbox during registration, you provide your express and informed consent for Comms.ID to collect, use, and store your biometric template, as well as the images and videos from your identity setup and subsequent authentications, as described in this section.

Data Retention and Your Right to Withdraw Consent

You have the right to withdraw your consent at any time. If you close your account or withdraw your consent:

  • Your biometric template and all associated authentication images and videos will be immediately and permanently destroyed.

Please note that withdrawing consent for biometric processing will result in the closure of your Comms.ID account, as it is essential for the security and operation of our service.

4. Verifying Your Attributes (Our Role as an ASP)

  • Beneficial Ownership: Our service can verify your status as a beneficial owner or director of a company. We do this by checking your details against information held in official government sources, such as the Australian Business Register (ABR).
  • Other Attributes: We do not currently verify other attributes, such as professional qualifications, unless it is to conduct simplified verification of a regulated entity that is itself a Relying Party, as permitted by law.

5. Record Keeping and Your Data

As outlined in our Privacy Policy, we are subject to legal obligations, including the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. This requires us to keep records of identity verification actions and the evidence used for that verification for a minimum period of 7 years. This retention requirement applies to the images of the identity documents you provided during setup.

However, this legal retention requirement does not apply to your biometric data. As stated above, all biometric templates, authentication images, and videos are permanently destroyed upon account closure.

Document integrity hash:

5b4fe0e72de40d4f8c000828fa745a02f7a64edc0a3e083ab34aa2469dc2e027