How we built privacy into the Yoti app

How we built privacy into the Yoti app

Just as the right to identity is a fundamental human right, we believe privacy is too.

Yoti was built to give everybody a simple and secure way of proving and protecting their identity, online and in person. 

With the free Yoti app, you can create a Yoti Digital ID that allows you to prove who you are in the most privacy-friendly way. It is built with data minimisation at the core and allows you to share less data to prove your identity or age. You’re in control to show only the details you need, to the businesses and people you trust. 

Today, our design team take us through the innovative design of the app, built with privacy at its core.

First things first

We don't have your ID document details unless you have chosen to add them to your account. This is totally your choice. If you don't add your ID document, you can use other features on the app such as our password manager or get an estimated age, but you do not have a Yoti Digital ID. 

We make sure it's really you

When registering your account, we ask you to take a quick video to prove you’re a real human being. If you want to create a Yoti Digital ID, you can upload an official ID document. This is either checked automatically or sent to our team of expert super recognisers who check your document is real and that the photo matches up with the image from your video and the information taken from your document.

This video is called a liveness test and is where we ask you to move your face according to instructions on the screen. If this test fails, you may be asked to say a few words so our security centre can check you’re a real person. From this video, we take a face scan which is your biometric template. We can then compare any future image you take to this template if we need to prove it’s really you.

We enable you to share less data

Unlike a physical ID document, we store your personal information as individual pieces of data. We call these attributes – individual pieces of information that identify you as you, such as your name, date of birth etc.

By storing them separately, this allows you to show them separately, and only share the minimal amount of information needed. 

With your Yoti Digital ID, you can prove your age by just sharing the fact that you are over 18, nothing else.

The Yoti vault protects against privacy breaches and cyber attacks

This innovative approach to storing data as attributes makes it incredibly hard for a hacker to access your information because we encrypt each attribute and store them separately on the Yoti server. In the highly unlikely situation that the database got hacked, they would not be able to locate and decrypt each user’s shareable data attributes.

Imagine it like your ID is put through a shredder and each piece of data is stored in a different safe in a vault. Only you have the key to all of these safes, which is your master key that is stored on your phone. 

Only you hold the key

When you unlock your app with your five-digit PIN or biometric template, you activate your master key. This master key is stored on your phone and is the only way of pulling together your attributes and turning them into a readable text. Yoti also encrypts your master key for extra security.

We use advanced biometric technology to keep you safe

We use biometric (and non-biometric) technologies to carry out anti-spoofing, fraud prevention and security checks. This is the most effective way of verifying that you are a real person and that you can only set up your own genuine digital identity. It allows us to keep our users safe and make sure that only genuine identities are on our platform.

We double check that you're the one calling the shots

To take certain actions, like deleting your account or changing your PIN, we ask you to take a selfie or redo the liveness process. We then compare your image to the biometric template to check it’s really you taking the action.

We're clear and transparent

We tell you what we’re doing and why in the app, in our privacy policy and in FAQs. Our customer support team are also incredibly friendly and super speedy at replying so you can get in touch at any point if you need any help.  

You can always opt out

Our Research and development team use some user data to develop, test and improve our age estimation technology and our anti-spoofing, fraud prevention and security checks. We do this to keep our community safe but if you are not comfortable with this, you have the option to opt out in the app. 

Go ID-free

We’ve also built age estimation technology so you don’t even need an ID document to have an estimated age on your account. This technology can be used to allow anonymous proof of age in situations such as buying age-restricted goods at self-checkouts or proving you are over a certain age to access age-restricted content online. For all the technical bits, take a read of our Age Scan whitepaper. You can also read about our commitment to building facial recognition responsibly and our support of the Safe Face Pledge.