persona-logo

Privacy Policy

Last updated: December 4, 2025

This Persona Identities, Inc. (“Persona,” “we”, “us”, or “our”) Privacy Policy applies to individuals using the Persona Service to verify their identities or age as part of our Service offered to our business customer Roblox.

Privacy Policy applicable to individuals verifying their identity through the Persona Service

Persona’s Customers offer the Persona service (the “Service”) to securely verify the identity of individuals (“you”). Persona processes Personal Data of individuals at the direction of its Customers. This section of the Privacy Policy explains how Persona, under the direction of its Customers, processes Personal Data in order to provide the Service for its Customers. Personal Data provided to Persona by Customers, and Personal Data provided to Customers from Persona, is subject to the Customers’ Privacy Policy. This section explains what Personal Data (defined below) we collect through the Service, how we use and share that data, and how individuals can exercise choices regarding their Personal Data.

How We Collect and Use Personal Data to Provide the Service

This section describes the Personal Data we collect and how we use it in order to provide the Service to our Customers. Personal Data means information that relates to an identified or identifiable individual.

You provide Personal Data to us at the direction of our Customers so that our Customer may verify your identity, verify their age and/or prevent fraud. In the course of performing the Service, we may also obtain Personal Data from other sources such as third party databases, government records, and other publicly available sources. The Personal Data we collect varies based on what you provide, what the Customer has directed us to analyze, and what Personal Data is available from third parties.

You may directly provide:

  • Name and contact information, including name, email address, address, and phone number; 

  • Demographic data, including birthdate and age; 

  • Files you upload, such as tax forms and utility bills;

  • Government documents, barcodes, and identifiers, such as driver's license and Social Security Number; and

  • Audio, Video, and Photos of you, namely from the selfie or video you provide and from your government identification document.

Our Services may also collect the following from you, our Customer, or third parties: 

  • Current and previous name and contact information, including name, email address, address, and phone number; 

  • Demographic data, including birthdate and age, gender, marital status, and similar demographic details; 

  • Government documents, barcodes, and identifiers, such as drivers license and Social Security Numbers;

  • Device information, including IP address, device type, your device’s operating system, browser, cookie and device identifiers, and other software including type, version, language, settings, and configuration;

  • Account information, such as details about your account with our Customer or other third parties;

  • Publicly available data, including data from governmental public records, the public internet and social media; 

  • Geolocation data as we may infer your general geographic location (such as city, state, and country) based on your IP address; 

  • Biometric Data, only with your express consent, including a scan of your facial geometry based on the photos or video you provide. For more information about Biometric Data, see the Facial Scan and Biometrics Information section below.

Based on the Personal Data we collect from you and other sources, we infer information about you for identity verification and fraud prevention purposes.  For example, we may use certain information about you including your IP address and home address to inform our verification process.

Some data that we collect automatically is collected through cookies and similar technologies.  See our Cookie Policy to learn more. 

We use Personal Data to provide our Customers with the Service so they can verify the identity of individuals and prevent fraud. This processing is necessary to perform our contract with our Customers. As part of providing the Service, we do not use your Personal Data to improve our Services.  

Notice for Individuals Verifying their Age

For age assurance use cases, Persona's default setting is to automatically delete personal data as soon as processing is complete and an outcome has been determined. However, Persona's business customers may choose to retain certain data for longer periods as necessary to detect, investigate, or prevent suspicious or fraudulent activity.

When you use Persona's Age Assurance, Persona acts as a service provider (or data processor) on behalf of the business customer requesting verification. This means the Persona customer is the data controller responsible for determining how your personal information is processed. You should contact that business directly with any questions about how your data is used, retained, or deleted.

Persona does not sell or share personal data collected for age assurance with third parties. Persona also does not use such data for marketing or for any purpose other than providing the verification service. As part of providing the Service, we do not use your personal data to improve our Services.  

Wireless Operator Authorization 

To assist our customers  in meeting business operations needs and to perform certain services and functions, you authorize your wireless carrier to use or disclose information about your account and your wireless device, if available, to us or our service provider for the duration of your business relationship, solely to help them identify you or your wireless device and to prevent fraud. See this Privacy Policy for how we treat your data.

How We Disclose Personal Data

We may engage third parties to assist us in providing the Services, in which case we may disclose Personal Data to them. We may also disclose Personal Data to service providers, including hosting, cloud services and other information technology services providers; email communication and SMS software providers; and identity verification services, mobile device operators, background check providers, public and private records database providers, consumer reporting services, and fraud and identity management providers. For example, we may disclose your name and address to a third party database provider in order to request information they may have about you. Pursuant to our instructions, these parties will access, process or store Personal Data while performing their duties to us. We may also disclose Personal Data when required to do so by law.

Facial Scan and Biometrics Information

This section describes how Persona treats scans of facial geometry extracted from photos. 

Persona, acting as a service provider to the Customer:

  • compares the data from a scan of facial geometry extracted from the government identification document that you upload to the data from a scan of facial geometry extracted from the photos of your face that you upload, in order to help verify your identity (“Verification”); and

  • may also use your information, including data from scans of facial geometry extracted from the government identification document and photos of your face that you upload, to detect and prevent fraud (“Fraud Prevention”).

The images obtained from government identification document and photos of your face that you upload, and data from scans of facial geometry extracted from the government identification document and photos of your face that you upload, are collected, used and stored directly by Persona on behalf of Customer as Customer’s service provider through Customer’s website or app that you accessed.  Depending on our relationship with the Customer, the Customer may upload your government identification document and photos of your face directly to us.

Persona securely stores all photos of identity documents that you upload, photos of your face that you upload, and data from scans of facial geometry extracted from the photos of your face that you upload in an encrypted format. Persona’s third-party vendors may have access to the data from scans of facial geometry extracted from the photos of your face that you upload to provide some or all of the analysis, to store the data, to maintain backup copies, and to service the systems on which such data is stored. Persona will permanently destroy data from scans of facial geometry extracted from the photos of your face that you upload upon completion of Verification or within 30 days of your last interaction with Persona, consistent with the Customer’s instructions unless Persona is otherwise required by law or legal process to retain the data.   

Persona uses the reasonable standards of care within its industry to store, transmit, and protect from disclosure data from scans of facial geometry extracted from the photos of your face that you upload in a manner that is the same as or more protective than the manner in which it stores, transmits, and protects other confidential and sensitive information. Persona will not sell, lease, trade, or, other than to provide the Verification and Fraud Prevention services to Customer described in this policy, otherwise benefit from data from scans of facial geometry extracted from the photos of your face that you upload. Other than as set forth herein, Persona will not disclose, redisclose, or otherwise disseminate data from scans of facial geometry extracted from the photos of your face that you upload unless doing so: 

  • Completes a Customer transaction requested and authorized by you or your legally authorized representative; 

  • Is required by state or federal law, or municipal ordinance; 

  • Is required pursuant to a warrant or subpoena issued by a court of competent jurisdiction; or 

  • Is expressly consented to by you.

Data Subject Rights

Persona is the data processor for the processing of Personal Data on behalf of its Customers. If you are an individual whose identity has been verified through Persona, please contact the appropriate Customer to exercise any rights that you may have under applicable law (including the UK, EU, Swiss, California or other applicable state or international laws). If you have further concerns or questions regarding the processing of your Personal Data, please fill out this form or email [email protected].

Class Action Waiver - US Residents Only

YOU (IF YOUR ARE A RESIDENT OF THE UNITED STATES) AND PERSONA IDENTITIES, INC., INCLUDING ITS PARENTS, SUBSIDIARIES, AFFILIATES, SUCCESSORS, AND ASSIGNS (“COMPANY”) AGREE THAT ANY PROCEEDINGS TO RESOLVE OR LITIGATE ANY DISPUTE WILL BE CONDUCTED SOLELY ON AN INDIVIDUAL BASIS, AND THAT NEITHER YOU NOR COMPANY WILL SEEK TO HAVE ANY DISPUTE HEARD AS A CLASS ACTION, A REPRESENTATIVE ACTION, A COLLECTIVE ACTION, A PRIVATE ATTORNEY-GENERAL ACTION, OR IN ANY PROCEEDING IN WHICH YOU OR COMPANY ACTS OR PROPOSES TO ACT IN A REPRESENTATIVE CAPACITY. YOU AND COMPANY FURTHER AGREE THAT NO PROCEEDING WILL BE JOINED, CONSOLIDATED, OR COMBINED WITH ANOTHER PROCEEDING WITHOUT THE PRIOR WRITTEN CONSENT OF YOU, COMPANY, AND ALL PARTIES TO ANY SUCH PROCEEDING. THIS CLASS ACTION WAIVER COVERS ALL DISPUTES BETWEEN YOU AND COMPANY AND ALSO INCLUDES ANY DISPUTE BETWEEN YOU AND ANY OFFICER, DIRECTOR, BOARD MEMBER, AGENT, EMPLOYEE, VENDOR, AFFILIATE, OR CLIENT OF COMPANY, IF COMPANY COULD BE LIABLE, DIRECTLY OR INDIRECTLY, FOR SUCH DISPUTE.

THE TERM “DISPUTE” SHALL BE INTERPRETED AS BROADLY AS PERMITTED UNDER THE LAW AND SHALL APPLY TO ALL PAST, PRESENT, AND FUTURE LEGAL DISPUTES AND LEGAL CLAIMS BETWEEN YOU AND COMPANY THAT ARE NOW IN EXISTENCE OR THAT MAY ARISE IN THE FUTURE, INCLUDING, BUT NOT LIMITED TO LEGAL DISPUTES OR LEGAL CLAIMS ARISING OUT OF OR RELATING IN ANY WAY TO THESE TERMS, THE COLLECTION OF FACIAL SCANS OR BIOMETRIC INFORMATION, THE PRIVACY POLICY OR COMPANY’S SERVICES; YOUR RELATIONSHIP WITH COMPANY; YOUR USE OF ANY COMPANY PRODUCT OR SERVICE; COMPANY’S CONDUCT; AND ANY FEDERAL, STATE, OR LOCAL STATUTE, LAW, RULE, REGULATION OR ORDINANCE APPLICABLE TO THE RELATIONSHIP BETWEEN YOU AND COMPANY AS TO WHICH A COURT WOULD BE AUTHORIZED BY LAW TO GRANT RELIEF IF THE CLAIM WERE SUCCESSFUL (“DISPUTE” OR “DISPUTES”).

Notice for Australian Residents

Persona will comply with the Privacy Act 1988(Cth) including the Australian Privacy Principles. You may contact Persona with questions or to complain about any privacy issues by contacting Persona at [email protected]. If you believe that we have failed to resolve the privacy complaint satisfactorily you have the option of contacting the OAIC. Contact details of the OAIC may be found here.

Location of Personal Data

The Personal Data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers process data. Currently, we primarily use data centers in the United States and Germany. The storage location(s) are chosen to operate efficiently and improve performance. We take steps designed to ensure that Personal Data is processed and protected as described in this policy wherever the data is located.

Location of Processing European Personal Data. We transfer Personal Data from the European Economic Area (EEA), United Kingdom (UK), and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use legal mechanisms, including contracts, to help ensure your rights and protections.

Compliance With Data Privacy Framework Principles. Persona complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Persona has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Persona has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If third-party agents process Personal Data on our behalf in a manner inconsistent with the Data Privacy Framework Principles, we remain liable unless we prove we are not responsible for the event giving rise to any damages. If you have a question or complaint related to our compliance with the Data Privacy Framework Principles, please contact us as described in the Contact Us section below.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Persona commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Finally, under limited circumstances and after other available dispute resolution mechanisms have been exhausted, binding arbitration is available to address certain residual complaints under the EU-U.S. Data Privacy Framework Principles, Swiss-U.S. DPF Principles, and the UK-Extension Framework not resolved by other means.

Changes to the Privacy Policy

We will update this Privacy Policy when necessary to reflect changes in our services, how we use Personal Data, or the applicable law. When we post changes to the Privacy Policy, we will revise the “Last Updated” date at the top of the Privacy Policy. If we make material changes to the Privacy Policy, we will provide notice or obtain consent regarding such changes as may be required by law.

Contact Us

If you have a privacy concern, complaint, or a question for Persona, please feel free to use this form or contact us via email at [email protected].

Our postal address is Persona Identities, Inc., 981 Mission Street #95, San Francisco, CA 94103, United States.

Our data protection representative for the European Economic Area and Switzerland is George Barry, 4 St Christopher's Rd, Montenotte, Cork, T23 E9TR, Ireland. To make an inquiry to George Barry, please contact [email protected].

Our data protection representative for the UK is: S. Alec Lawton, Graigwen, Plasycoed road, Pontypool Torfaen, NP4 6QH, UK. To make an inquiry to S. Alec Lawton, please contact [email protected].

To contact our data protection office (DPO) please feel free to contact them at [email protected]