Privacy & Security

Technology for good with privacy at its core

Simprints is committed to upholding the trust of the communities we serve. That’s why data protection by design and default is baked into the core of our work.

Deploy Simprints

Transparency and accountability

  • We have award-winning consent protocols designed by human rights lawyers.
  • Detailed Data Protection Impact Assessments are built into every project.
  • We’re fully compliant with GDPR and local regulations.
  • Our technology is end-to-end encrypted and validated by 3rd party security teams.
  • We’ve worked with the World Bank, WEF, and ICRC to advocate for higher standards of privacy.

A Responsible Biometric Deployment Handbook

In 2023, we released this ground-breaking resource which details best practices for the ethical and secure adoption of biometric technology in frontline humanitarian and development settings.

 

Download now
image

Award-winning consent protocols

Our layered consent protocols were designed by human rights lawyers. They’re easy to understand, even with little to no formal education. In fact, the World Bank’s Mission Billion challenge awarded our consent protocols the top prize for “privacy-by-design” in digital ID.

image

Data Protection Impact Assessments

Ensuring privacy & security is core to our approach. Our services team can help you conduct a best-in-class Data Protection Impact Assessment before deployment, making sure every component from data storage to legal compliance is safe and ethical.

image

Frontline training

True privacy is realised on the frontlines, when participants understand their data rights and make informed decisions. We can help you train your frontline workers to follow protocols and make meaningful privacy a reality.

Dig deeper into data security

At Simprints, we implement high-security standards, protecting people’s personal data from the point of capture to its place of storage as our biometric solution is end-to-end encrypted.

When Simprints connects with partner applications, a series of authentication and verification steps occur to ensure that SimprintsID is being used securely and that the Android device is not compromised. 

All data processed by Simprints is end-to-end encrypted. Following a Data Protection Impact Assessment, biometric data can be stored in secure cloud servers or locally on-premises based on project requirements. We work with our partners to implement and regularly ensure strict access control.

Biometric data is protected during its journey from the user’s device to our backend thanks to the encryption provided by HTTPS (Hypertext Transfer Protocol Secure). This means that the biometric data is transformed into a secure code during transmission, making it unreadable to anyone trying to intercept it without the proper decryption key.

By using HTTPS, the channel is secured through the use of SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols, ensuring that the data exchanged between any device and our backend remains confidential.

As a Controller, Simprints will always undertake a DPIA to ensure we have identified and worked to minimise any possible risks before processing begins. In line with best practice, Simprints will also complete a DPIA in its capacity as a Processor, given the high-risk nature of biometric data.

No. While SimprintsID does use a matching algorithm to identify individuals by their biometric data, the decision of whether or not to grant access to services is ultimately made by the SimprintsID User, who will confirm or reject the match produced by SimprintsID.

For more information, read our Privacy Policy, email our Data Protection Officer, and download Simprints’ UK Information Commissioner’s Office registration certificate by entering Simprints Technology Limited in the Name field.

Vulnerability testing

A third-party company conducts a penetration test/security assessment annually across all of Simprints’ architecture. These tests enable Simprints to identify potential vulnerabilities and proactively implement corrective measures to ensure the integrity and confidentiality of people’s data and the overall security model. 

The NCC Group conducted the last test between 19/11/2023 and 1/12/2023.

The 2023 security assessment consisted of several phases, was broad in scope, and included the SimprintID source code for the first time.

Pseudonymisation

We use Globally Unique Identifiers (GUIDs) as a pseudonymous representation of biometric data. They act as references to biometric templates stored securely in our backend and analytics data stored in our partners’ backend, ensuring accurate identification without compromising individual privacy. 

Furthermore, all data that is made available for general consumption by Simployees will undergo a tokenisation process. This involves substituting sensitive or personally identifiable information with token values. Tokens preserve the relationship with the original data, but access to the original information will be strictly controlled and limited.

In terms of general consumption of the data, we refer to specific Simployees such as Project Managers and Data Scientists who will have access to analytical data which allows them to monitor and provide insights into project progress.

Data-siloing

Simprints implements data-siloing for all of its projects. Randomly generated Globally Unique Identifiers (GUIDs) are used as the bridge between Simprints’ biometric dataset for a specific project and our partner’s datasets. This makes it more difficult to identify an individual if a personal data breach were to occur, as both datasets would have to be compromised.