Privacy and Security Policy

1.1. This privacy policy sets out how Fides Cloud Technologies (Pty.) Ltd. Trading as (“WhoYou”) uses and protects any information that you give WhoYou when you use this service. Fides is the Responsible Party as defined in the Protection of Personal Information Act, 2013 (“the POPI Act”). All information is processed and stored in compliance with the POPI Act. WhoYou’s solutions have had numerous IT audits from clients both in government and the private sector to ensure the safe storage of information related to an individual.

1.2. WhoYou is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified you can be assured that it will only be used in accordance with this privacy statement.

1.3. WhoYou may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1 June 2020.

What we collect

1.4. We may collect the following information:

  • Full name
  • Identity number or passport number
  • Contact information including email address
  • Employment information such as the name of employer and job title
  • Demographic information such as postcode, preferences and interests
  • Biometric information in the form of fingerprint, facial or other biometric scans
  • Credit card or other information required to pay for the services offered by Fides
  • Other information relevant to identity verification
What we do with the information we gather

1.5. We require this information to be able to accurately verify your identity either against your existing enrolled fingerprint or face biometric image or against a third-party database. This information will not be shared with any third parties without your specific approval. The app is used for Fraud Prevention Purposes and according to the National Credit Regulator (NCR) is a permissible purpose in order to collate biometric data, including fingerprint or face data in order to verify who you say that you are. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. Should you wish this information to be no longer stored you may advise Fides in writing and your information will immediately be permanently deleted.

Security Policy

2.1. We are committed to comply with all relevant legislation, including the POPI Act and GDPR, and to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

2.2. You may be concerned about allowing your personal information and your fingerprint and/or face biometric data to reside on a server in the cloud because you fear that this very identity could be misused. WhoYou addresses this issue by following best practices and stringent security guidelines for identity protection and ensuring it complies with all legislation and best practices for protection of personal information.

2.3. In order to achieve this, the demographic data for users is held separately to the fingerprint or face biometric data. The link between the two can only be established by applying a unique algorithm based association, generated and managed by WhoYou Protection Algorithm (WhoYou PA) that combines the application certificate and unique record identifiers. The WhoYou PA server itself is held separately from the WhoYou Trusted Identity (WhoYou TI) physical infrastructure. The data is encrypted and meaningless to a hacker and can only be retrieved via secured HTTP access onto WhoYou TI with a biometrically verified user. Your data can only be accessed or modified when your identity has been biometrically confirmed. Only the WhoYou PA server knows where your biometric identity is hidden in the cloud; only the WhoYou TI server can communicate with the WhoYou PA server, and the WhoYou TI server itself can only be accessed with biometric authentication. In addition, You are informed every time “you” are verified online or your details are amended. For the first time, You are guaranteed of knowing what the digital “you” is doing. A complete audit trail is kept of all enquiries, amendments, additions or deletions to your personal information. This audit log records the date and time of the activity as well as who accessed the information.

We do not use cookies

3.1. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

3.2. This Service does not use these “cookies” explicitly. However, the app may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

Log Data

4.1. Whenever you use our Service we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

Links to other websites

5.1. Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

6.1. You may choose to restrict the collection or use of your personal information in the
following ways:

  • whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at

6.2. If you believe that any information we are holding on you is incorrect or incomplete, or you wish your information to be deleted, please write to or email us as soon as possible, at the above address. We will promptly correct any information or delete it if required.

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us.