Privacy Policy

The International Modeling Foundation ("IMF," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Model ID platform and related services.

We comply with the General Data Protection Regulation (GDPR), the Dutch Implementation Act of the GDPR (UAVG), and other applicable data protection laws. Please read this policy carefully to understand our practices regarding your personal data.

The data controller for your personal data is:

For any privacy-related inquiries or to exercise your data protection rights, please contact our Privacy Team at the email address above.

3.1 Information You Provide:

• Account Information: Name, email address, password, profile photo
• Professional Information: Stage name, agency affiliations, work history, portfolio
• Certification Data: Application responses, consent records, professional documents
• Identity Verification Data: Government ID information, verification photos (processed by Stripe Identity)
• Payment Information: Payment method details (processed by Stripe)
• Communications: Support requests, feedback, report submissions

3.2 Information Collected Automatically:

• Usage Data: Pages visited, features used, time spent on Platform
• Device Information: IP address, browser type, operating system
• Analytics Data: Aggregated usage statistics (via Plausible Analytics - privacy-focused)

3.3 Information from Third Parties:

• Stripe Identity: Identity verification results and confidence scores
• Stripe Payments: Transaction confirmations and payment status
• Report Submissions: Information provided by third parties in reports

4.1 Identity Verification: Our certification process requires identity verification through Stripe Identity. This service may process biometric data including facial geometry from your submitted photos and identity documents.

4.2 Stripe's Processing: Stripe Identity processes biometric data on our behalf to verify your identity. Stripe acts as a data processor and maintains its own privacy practices. We recommend reviewing Stripe's Privacy Policy.

4.3 Our Access: IMF does not directly access or store raw biometric data (facial scans, fingerprints). For standard verifications, we receive only verification status. When discrepancies require review, we may receive additional identity data as detailed in Section 5.2.

4.4 Consent: By completing the certification process, you provide explicit consent for the processing of biometric data for identity verification purposes. You may withdraw consent by discontinuing the certification process, though this will prevent certification.

4.5 Retention: Stripe retains biometric data according to their retention policy. Verification results stored by IMF are retained for the duration specified in Section 10.

To maintain platform integrity and prevent fraud, all users must complete identity verification before receiving certification. We use Stripe Identity for automated document verification.

5.1 What Data Stripe Processes:

Stripe Identity processes the following during verification:

• Government-issued ID or passport photos
• Facial recognition via selfie matching
• Document authenticity checks
• Age verification

See Stripe's privacy policy for details on their data handling and retention.

5.2 Data We Receive and Store from Stripe:

5.3 Why We Need This Data:

This information is necessary to:

• Accuracy: Compare application data with government-issued ID to ensure certificates display legally accurate names
• Fraud Prevention: Detect and prevent identity fraud and false certifications
• Age Verification: Verify age requirements are met, especially for minors requiring parental consent
• Duplicate Prevention: Prevent the same individual from obtaining multiple certifications under different accounts
• Document Validity: Ensure government IDs used for verification are not expired
• Platform Safety: Maintain platform integrity and protect all users

5.4 Identity Hash for Duplicate Detection:

To prevent fraud, we generate an anonymized hash (a one-way cryptographic transformation) from your verified identity data. This hash cannot be reversed to reveal your personal information, but allows us to detect if the same identity attempts to create multiple certifications. The hash is retained permanently for fraud prevention purposes, even if you delete your account.

5.5 Manual Verification:

If automated verification fails or is unavailable, you may upload documents directly for manual review:

• Government ID or passport (front)
• Government ID or passport (back, if applicable)
• Selfie holding your document

Manual verification data handling:

• Documents are uploaded to Cloudinary (encrypted cloud storage)
• Reviewed by authorized IMF verification staff only
• Stored for 90 days after certification approval
• Deleted after 30 days if application is rejected
• Access logs maintained for security auditing

5.6 Retention of Verification Data:

• Verification status: Retained for the duration of your certification (minimum 1 year, renewable)
• Identity data (when collected): Retained for 7 years after certification expiration for fraud prevention and legal compliance
• Identity hash: Retained permanently for duplicate detection (anonymized, cannot identify you)
• Manual verification documents: 90 days after approval, 30 days after rejection

5.7 Legal Basis:

We process identity verification data under:

• Article 6(1)(b) GDPR - Performance of contract: Our certification service requires verified identity to function
• Article 6(1)(f) GDPR - Legitimate interests: Fraud prevention, child protection, and platform safety

5.8 Your Rights:

You have the right to:

• Access all verification data we hold about you
• Request correction of inaccurate data
• Request deletion (note: certification will be revoked)
• Object to processing (note: certification cannot be issued without verification)
• Lodge a complaint with your data protection authority
• Withdraw consent at any time

Contact support@model-id.com to exercise these rights. Note that requesting deletion of verification data will result in certification revocation.

We use your personal data for the following purposes:

• Certification Services: Processing applications, verifying identity, issuing certificates
• Public Directory: Displaying certified users in our searchable verification directory
• Account Management: Creating and maintaining your account, authenticating access
• Communication: Sending service notifications, responding to inquiries
• Enforcement: Processing reports, conducting investigations, taking enforcement actions
• Platform Improvement: Analyzing usage to improve our services
• Legal Compliance: Meeting legal obligations and responding to lawful requests
• Safety: Protecting the rights, safety, and property of IMF, users, and the public

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide our certification services
• Legitimate Interests (Article 6(1)(f)): Processing for platform security, fraud prevention, service improvement, and enforcement activities
• Consent (Article 6(1)(a)): Where you have given specific consent, such as for biometric processing or marketing communications
• Legal Obligation (Article 6(1)(c)): Processing required by law, including tax and accounting requirements

For special categories of data (including biometric data), we rely on your explicit consent under Article 9(2)(a) of the GDPR.

We may share your personal data with:

8.1 Service Providers:

• Stripe: Payment processing and identity verification
• Vercel: Website hosting
• Railway: Backend infrastructure
• Cloudinary: Image storage and processing
• Plausible Analytics: Privacy-focused website analytics

8.2 Public Directory: Certified users' professional names, certification status, and certification IDs are publicly visible in our verification directory.

8.3 Legal Requirements: We may disclose data when required by law, court order, or government request.

8.4 Safety and Enforcement: We may share information to protect rights, safety, or property, or to investigate policy violations.

We do not sell your personal data to third parties.

Some of our service providers are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework certification (where applicable)
• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission

You may request a copy of the safeguards we use by contacting us at the address in Section 18.

We retain personal data for the following periods:

• Account Data: Duration of account plus 2 years after deletion
• Certification Records: 7 years after certification expiration or revocation
• Reports: 3 years from filing date (longer if related to ongoing enforcement)
• Payment Records: 7 years (Dutch tax law requirement)
• Analytics Data: 26 months (aggregated, anonymized)

After retention periods expire, data is securely deleted or anonymized. We may retain data longer if required by law or for legitimate business purposes.

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

How to Exercise Your Rights: Contact us at privacy@model-id.com. We will respond within 30 days as required by GDPR.

Right to Complain: You have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

12.1 Future Feature: Our Digital Twin Authorization system (launching Q2 2026) will allow certified models to manage permissions for AI-generated representations of their likeness.

12.2 Data Collected: When available, this feature will process:

• Authorization preferences and consent records
• Permitted use cases and restrictions
• Third-party authorization requests and responses
• Audit logs of Digital Twin usage

12.3 Your Control: You will have full control over your Digital Twin authorizations, including the ability to grant, modify, or revoke permissions at any time.

12.4 Policy Updates: This Privacy Policy will be updated with detailed information about Digital Twin data processing before the feature launches.

13.1 Overview: The Likeness Monitor is a feature available to certified models that scans the web for unauthorized use of their likeness. This section explains how we collect, process, and store data related to this feature.

13.2 Biometric Facial Data:

To use the Likeness Monitor, you upload reference photos of yourself. These photos contain biometric facial data (facial geometry and features) that is used to identify matches across the web. We process this data solely for the purpose of scanning for unauthorized use of your likeness.

13.3 Third-Party Processing:

Your reference photos are sent to third-party face search services (currently FaceCheck.id) for the purpose of conducting web scans. These services process your photos to find visual matches across publicly accessible web pages. Your reference photos are used for scanning purposes only and are not permanently stored by these third-party services.

13.4 Scan Results:

When a scan is performed, the following data is collected and stored in our database, tied to your account:

• URLs of web pages where potential matches were found
• Match confidence scores indicating the likelihood of a match
• Thumbnail images of the matched content
• Page titles, domain names, and geographic information
• Your classification of each result (authorized, violation, etc.)

13.5 Evidence Capture:

When you request an evidence capture for a scan result, we collect and store additional data:

• Full-page screenshots of the web page at the time of capture
• HTML source code of the web page
• HTTP response headers and metadata
• SHA-256 integrity hashes for tamper verification
• A generated PDF evidence report combining the above

Evidence packages are stored securely in encrypted cloud storage (Cloudinary) with authenticated access controls. They are accessible only to you via signed URLs.

13.6 Data Retention:

All Likeness Monitor data — including reference photos, scan results, and evidence packages — is retained until you request deletion. You can delete all your likeness monitoring data at any time via the Likeness Monitor page in your dashboard. Deletion is permanent and irreversible.

13.7 Consent Records:

We maintain an immutable audit log of consent actions (granted and withdrawn) for the Likeness Monitor. This log includes timestamps, IP addresses, and user agent information. Consent logs are retained permanently for legal compliance purposes and are not deleted when you delete your likeness data.

13.8 Legal Basis:

We process Likeness Monitor data under the following GDPR legal bases:

• Article 6(1)(a) — Consent: You provide explicit consent before using the Likeness Monitor. You may withdraw consent at any time by deleting your data.
• Article 9(2)(a) — Explicit consent for special categories: Facial biometric data is a special category of personal data. We process it only with your explicit, informed consent.

14.1 What Are Cookies: Cookies are small text files stored on your device when you visit websites. They help websites function properly and provide information to website owners.

14.2 Cookies We Use:

14.3 Third-Party Cookies: Our payment processor (Stripe) may set cookies for fraud prevention and payment processing. These are governed by Stripe's cookie policy.

14.4 Managing Cookies: You can control cookies through your browser settings. Disabling essential cookies may affect Platform functionality.

14.5 Privacy-Focused Analytics: We use Plausible Analytics, which does not use cookies or collect personal data. It provides aggregate statistics without tracking individuals.

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure authentication with password hashing
• Regular security assessments and updates
• Access controls limiting employee access to personal data
• Incident response procedures for data breaches

While we take security seriously, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

16.1 Minimum Age: Users must be at least 16 years old to create an account.

16.2 Parental Consent: Users aged 16-17 require verified parental or guardian consent to complete certification. We collect parent/guardian contact information solely for consent verification purposes.

16.3 Special Protections: We take additional care to protect the personal data of users under 18, including limiting public profile information and requiring consent for all data processing.

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a notice on our Platform before the changes take effect.

The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.

For privacy-related questions, concerns, or to exercise your data protection rights:

We aim to respond to all privacy inquiries within 30 days. For complex requests, we may extend this period by up to 60 additional days, notifying you of the extension.