Privacy
Policy

Last updated: April 2, 2026

Who we are

Gradient Zero Deutschland GmbH
Vogesenring 57, 79219 Staufen, Deutschland
HRB 722891, Amtsgericht Freiburg
USt-IdNr.: DE335929671

Contact: privacy@idonce.com

What idonce does

idonce is a human verification system. It allows users to prove that a real person is actively present on a device, without revealing personal identity. idonce is designed with privacy as a core principle, not as an afterthought.

What data we collect

Short answer: almost nothing. idonce does not collect, store, or process personal data. No name, no email, no phone number, no location, no browsing history, no device identifiers beyond a pseudonymous cryptographic hash.

Specifically:

  • Device ID: A SHA-256 hash of your device's public key. This is pseudonymous — it cannot be traced back to your name, phone number, or any other identifier. It is generated locally on your device.
  • Credentials: SD-JWT-VC credentials are stored exclusively on your device in encrypted secure storage (iOS Keychain / Android EncryptedSharedPreferences). They are never uploaded to our servers.
  • Verification history: Stored locally on your device only. No server has access to your verification log.
  • IP addresses: Our servers process your IP address to serve requests. IP addresses are not stored or logged in association with your Device ID.

What data we do NOT collect

  • Name, email, phone number, or any personal identifiers
  • Biometric data (FaceID/Fingerprint data never leaves your device's Secure Enclave)
  • Location data
  • Browsing history or app usage patterns
  • Device identifiers (IDFA, GAID, IMEI)
  • Contacts, photos, or any other on-device data

Credential issuance

When you request a credential from the idonce Issuer:

  • Your device sends a cryptographic proof of key possession (a signed JWT). This proves your device controls a specific key pair — nothing more.
  • If device attestation is provided (Apple App Attest / Google Play Integrity), the attestation data is verified and discarded. We do not store attestation objects.
  • The issued credential (SD-JWT-VC) is sent to your device and not retained on our servers.

Credential presentation

When you share a credential with a platform (verifier):

  • You choose which claims to disclose via selective disclosure. The platform only sees the claims you selected.
  • The presentation is sent directly from your device to the verifier. idonce does not act as an intermediary and does not see or log the presentation.

Third-party services

  • Apple App Attest / Google Play Integrity: Used for optional hardware attestation. Subject to Apple's / Google's respective privacy policies.

All fonts are self-hosted. We do not use Google Fonts, analytics, tracking pixels, advertising networks, or any other third-party data collection services.

Data retention

We do not retain personal data. Server-side data is limited to:

  • Revocation list: A list of revoked Device IDs (pseudonymous hashes). Retained permanently for security.
  • Server signing key: Used to sign credentials. No personal data.

Your rights (GDPR)

Since we do not process personal data in the GDPR sense, most data subject rights do not apply. However:

  • Right to deletion: You can delete all local data by removing the app. You can revoke your device identity via the app settings.
  • Right to information: This privacy policy describes all data processing.
  • Complaint: You may contact the data protection authority of Baden-Württemberg (LfDI).

Children

idonce does not knowingly collect data from children under 16. The app requires biometric capability, which is typically controlled by parents on children's devices.

Changes

We may update this policy. Changes will be posted on this page with an updated date.

Contact

Gradient Zero Deutschland GmbH
Vogesenring 57, 79219 Staufen, Deutschland
privacy@idonce.com