aswad
Sign in Get Paswad
Product
Passkeys Web passport Transaction signing Pricing
Solutions
For Banks For Fintech For Governments Case studies
More
Security Compare Blog Sign in Get Paswad
⚠︎ Placeholder for design review — not legal advice. Replace entity details, jurisdiction, and dates, and have counsel review before publishing.

Privacy Policy

Last updated: June 12, 2026 · Paswad Inc., Delaware, USA

Paswad provides passwordless authentication and verified-identity services. This policy explains what we collect, what we deliberately don't collect, and the choices you have. Because Paswad is built on passkeys, the most sensitive secret in authentication — your private key — never reaches us.

1. What we never collect

  • Passwords. Paswad has none. There is no password to store, leak, or be subpoenaed.
  • Private keys. Your passkey's private key is generated and stored on your device by your operating system. It is never transmitted to us.
  • Biometrics. Your face or fingerprint never leaves your device; we only receive the result of a successful local check.

2. What we collect

Category
Purpose
Public keys
Verify your passkey at sign-in
Account email
Send security alerts & account notices
Activity metadata
Device, app, approximate location, time — for your audit log and fraud detection
KYC data (fintech)
Verify identity where a regulated partner requires it

3. How we use it

To authenticate you, alert you when your passkey is used, detect fraud, meet legal and regulatory obligations, and operate the service. We do not sell your personal data, and we do not use it for advertising.

4. KYC & verified identity

When a partner such as a fintech requires identity verification, we (or our verification provider) process government-ID and liveness data to confirm you are who you claim. Verified attributes form your "web passport," which you present to apps you choose. We retain KYC records only as long as law requires, then delete them.

5. Sharing

We share data only with: the apps you connect (limited to what's needed to authenticate you), service providers under contract (e.g. email delivery, KYC verification), and authorities where legally compelled. A list of sub-processors is available on request.

6. Your rights

Subject to your region (including GDPR and CCPA), you may access, correct, export, or delete your data, and object to certain processing. Manage passkeys, connected apps, and your activity log anytime from your Paswad dashboard, or email [email protected].

7. Data retention & security

We keep data only as long as needed for the purposes above or as law requires. All data is encrypted in transit and at rest. Because there is no password database, the most common cause of mass credential breaches simply doesn't exist here.

8. Contact

Paswad Inc., Privacy Office — [email protected]. For data-protection inquiries in the EU, contact our representative listed in the published version of this policy.