1. INTRODUCTION
1.1. Overview
This document was created using the template provided under the current practicing documentation.1 Henceforth in this document, the “Company” shall refer to Identity Digital Inc., and its subsidiaries. This document comprises the practices utilized by the Company to operate DNS zones as it relates to the DNS Security Extensions. Unless stated otherwise within this document, these statements pertain to all TLD zones under the Company’s auspice that have been signed.
1.2. Document name and identification
Identity Digital DNSSEC Practice Statement (DPS) Version 2.00
1.3. Community and Applicability
This section describes the various “stakeholders” of the functionality provided by DNSSEC and a signed TLD.
1.3.1. The TLD Registry
The Company operates in two distinct modes: (1) As a Registry Operator (RO), where the TLD has been directly delegated to the Company by ICANN, and (2) as a Registry Service Provider (RSP), where the Company operates and performs the functions of maintaining the zone, on behalf of another entity (which acts as the RO). In the case where the Company is the RO for a zone, the Company is also acting as the RSP.
The Company is expected to perform the following functions:
1.3.2. Accredited Registrars
Registrars that are accredited by a given TLD RO are required to make changes to the zone using one of two mechanisms via: (1) the RFC-based Extensible Provisioning Protocol (EPP) directly, or (2) via a Web Administration Tool. The Web Administration Tool is a Company provided front end to EPP. For DNSSEC, registrars are expected to maintain Delegation Signer (DS) records with the Company on behalf of their customer, the registrant.
1.3.3. Registrants
Registrants are responsible for ensuring that their second level zones are properly signed and maintained. They must also generate and upload DS records for their signed zones to their registrar (who, in turn, sends these into the Company).
1.4. Specification Administration
1.4.1. Specification administration organization
The Company maintains this specification.
1.4.2. Contact Information
Questions or concerns regarding this DPS, or the operation of a signed TLD should be sent to the Company Customer Support Center.
They can be reached via:
1.4.3. Specification change procedures
The DPS is reviewed periodically and updated as appropriate.
All changes are reviewed by operations and security teams and submitted to executive management for approval. Once accepted, procedures are updated, and appropriate personnel are trained on any new or changed practice. Once all preparatory work has been completed, the DPS is published and becomes effective as of its publication.
2. PUBLICATION AND REPOSITORIES
2.1. Repositories
This DPS can be found at https://identity.digital/policies/dnssec-practice-statement/
Only the Company Operations department has the ability to update the contents of the website. ACLs on the file are Read-Only.
2.2. Publication of public keys
The Company generates DS-record data for all zones run in “Online KSK” mode. Key Signing Keys (KSKs) are signed with the Secure Entry Point (SEP) bit set. As soon as possible, the Company sends DS-record data pertaining to these KSKs for signed TLD zones to ICANN for publication in the root. No other trust anchors or repositories are used.
3. OPERATIONAL REQUIREMENTS
3.1. Meaning of domain names
Generally, domain names are defined in Section 2 of RFC 8499.2
Policies regarding restrictions on domain names within a given zone are specified by the registry operator, and vary from TLD to TLD.
3.2. Identification and authentication of child zone manager
Registry Operators must first give express permission to the Company to permit DNSSEC for child zones in a given TLD. Only registrars (on behalf of their registrants) are permitted to activate DNSSEC for a child zone. To activate DNSSEC, a registrar must submit a Delegation Signer (DS) record either via the Web Administration Tool, or via EPP (according to RFC 5910). It is the responsibility of the child zone manager to accurately maintain the chain of trust from the DS record for the child zone downward.
For EPP, each registrar has unique credentials to access the TLD registry, which are verified before EPP transactions of any kind can be conducted. For the Web Administration Tool, certificates are used to uniquely identify each registrar.
3.3. Registration of delegation signer (DS) resource records
DS records are sent to the registry by the registrar via EPP (specifically, according to RFC 5910). Once submitted to the TLD registry, the WHOIS data is changed, and the zone changes are automatically propagated out to the DNS infrastructure.
3.4. Method to prove possession of private key
It is the responsibility of the accredited registrar to ensure the integrity of the data submitted to the Company. There is no requirement that a corresponding DNSKEY already be published in a zone before a DS record is submitted to the parent. This makes proof of possession of a private key unpredictable. The Company therefore does not perform any tests to prove possession of a private key.
3.5. Removal of DS resource records
3.5.1. Who can request removal
Only the sponsoring registrar for a domain name can add, change, or delete DS records for that domain name. Registrars must provide an Auth-Info code to verify any change for this domain name.
3.5.2.Procedure for removal request
DS records are removed using the appropriate EPP command, as specified by RFC 5910. Only the Sponsoring Registrar can request a DS record be removed, and then only if they include the correct Auth-Info code
3.5.3.Emergency removal request
Because this is facilitated via EPP, and the system is updated continuously, there is no additional procedure required for an emergency removal request.
4. FACILITY, MANAGEMENT AND OPERATIONAL CONTROLS
4.1. Physical Controls
The Company uses four geographically separate sites located in different countries that are not part of our offices. Both sites are physically protected environments that deter, prevent, and detect unauthorized use of, access to, and disclosure of sensitive information and systems. Both facilities limit access to authorized personnel. Visitors are only permitted by escort from Authorized personnel, and for a specific purpose (such as hardware repair by a technician).
All facilities provide redundant and backup power, air conditioning, and fire suppression and protection services. The sites provide redundant and backup DNSSEC services for each other. Reasonable precautions have been taken to minimize the impact of water exposure to the Company’s systems.
Media with sensitive information is stored within the Company’s facilities with appropriate physical and logical access controls designed to limit access to authorized personnel.
Sensitive documents, materials, and media are shredded or rendered unreadable before disposal.
The Company performs routine backups of critical system data and maintains an off-site backup with a bonded third party storage facility.
4.2. Procedural Controls
There are at least two operational teams with access to and responsibility for the signer systems. Each team member holds a part of the password necessary to grant access to the signer systems. Any task performed on a signer system requires an authorized representative from each team to be present.
4.3. Personnel Controls
Personnel Controls
The Company requires that all personnel taking part in a trusted role have to have been working for the Company for at least one year and must have the qualifications necessary for the job role.
The Company provides training to all personnel upon hire as well as requisite training needed to perform job responsibilities. Refresher training and updates are provided as needed. Personnel and rotated and replaced as needed.
In limited circumstances, contractors may be permitted to occupy a trusted role. Any such contractor is required to meet the same criteria applied to a Company employee in a comparable position.
The Company provides all employees with the materials and documentation necessary to perform their job responsibilities.
4.4. Audit Logging Procedures
All key life cycle events, including but not limited to generation, activation, rollover, destruction, and use, whether successful or unsuccessful, are logged with a system that includes mechanisms to protect the log files from unauthorized viewing, modification, deletion, or other tampering.
Access to physical facilities is logged by the facility and the log is only accessible to authorized personnel.
The Company monitors all log entries for alerts based on irregularities and incidents. The Company security team reviews all audit logs at least weekly for suspicious or unusual activity.
4.5. Compromise and Disaster Recovery
In the event of a key compromise or disaster, the Company’s incident response team would be notified. The response team has documented procedures for investigation, escalation, and response. The team is responsible for assessing the situation, developing an action plan, and implementing the action plan with approval from executive management.
The Company maintains redundant facilities to ensure immediate availability of a disaster recovery site should one site become unavailable. Key data is cloned, encrypted, and sent to a hot spare in the same facility, and to two spares in the redundant facility. The ability to encrypt and decrypt the key data resides entirely within each system's High Security Module, and exists nowhere external to the signing systems.
4.6. Entity termination
The Company has adopted a DNSSEC termination plan in the event that the roles and responsibilities of the signing services must transition to other entities. The Company will coordinate with all required parties in order to execute the transition in a secure and transparent manner.
5. TECHNICAL SECURITY CONTROLS
5.1. Key Pair Generation and Installation
All key pairs are generated on the signer systems according to parameters set by the operational team. The signer systems meet the requirements of FIPS 140-3 level 3 or higher.
Key Pair Generation and Installation
All key pairs are generated on the signer systems according to parameters set by the operational team. The signer systems meet the requirements of FIPS 140-3 level 3 or higher.
5.2. Private key protection and Cryptographic Module Engineering Controls
All signing modules are FIPS 140-3 level 3 certified or higher. No unencrypted access to the private key is permitted. Access to the signer system is specified in the Procedural and Personnel Control sections.
Multiple redundant signing systems are maintained. The systems include a mechanism to backup key pairs and other operational parameters to each other in a secure manner. Private keys are not otherwise backed up, escrowed, or archived. When a private key is deactivated it is destroyed by the signing system.
A trusted team has the authority to create, activate, and deactivate key pairs, and executes the responsibility according to documented policies and procedures.
5.3. Other Aspects of Key Pair Management
5.3.1. Public key archival
Obsolete public keys are not archived.
5.3.2. Key Usage Periods
Zone Signing Keys (ZSKs) are used in production for approximately one month before being rolled. Key Signing Keys (KSKs) are rolled based on RO policy, but are expected to change at least every five years.
5.4. Activation Data
Activation data is a set of passwords corresponding to user accounts with key-generation privileges. The passwords are “split” to ensure that no single operator can perform these operations.
5.5. Computer Security Controls
The Company ensures that the systems maintaining key software and data files are trustworthy systems secure from unauthorized access. In addition, the Company limits access to production servers to those individuals with a valid business reason for such access. General application users do not have accounts on production servers.
5.6. Network Security Controls
The signing systems are placed in the Company’s production systems, which are logically separated from all other systems. Use of normal network security mechanisms such as firewalls mitigate intrusion threats; only restricted role users are allowed access to production systems, and their work is logged.
5.7. Timestamping
The signer systems securely synchronize their system clocks with a trusted time source inside the Company’s network.
5.8. Life Cycle Technical Controls
Applications developed and implemented by the Company conform to its development and change management procedures. All software is traceable using version control systems. Software updates in production are part of a package update mechanism, controlled via restricted role access and updated via automated recipes. All updates and patches are subject to complete verification prior to deployment. The Company also uses a third-party solution on its signer systems, where updates are tested in a secure lab environment prior to deployment.
6. ZONE SIGNING
6.1. Key lengths, Key Types and algorithms
6.1.1. Key Signing Key
The Company currently uses ECDSA Curve P-256 with SHA-256, as well as RSA/SHA 256 ( algorithm 83 ) with a key length of at least 2048 bits, as the generation algorithms. RSA/SHA 256 is in the process of being phased out. Ed25519 (algorithm 13) is under evaluation, and should be considered to be deployed as well.
6.1.2. Zone Signing Key
The Company currently uses ECDSA Curve P-256 with SHA-256, as well as RSA/SHA 256 ( algorithm 8) with a key length of at least 1024 bits, as the generation algorithms. RSA/SHA 256 is in the process of being phased out. Ed25519 (algorithm 13) is under evaluation, and should be considered to be deployed as well.
6.2. Authenticated denial of existence
Authenticated denial of existence is provided through the use of NSEC3 records as specified in RFC 51554 and RFC 92765.
6.3. Signature format
Authenticated denial of existence is provided through the use of NSEC3 records as specified in RFC 51554 and RFC 92765.
6.4. Key Rollover
6.4.1. Zone signing key roll-over
The Company rolls the ZSK with a pre-publishing scheme as described in RFC 46416, section 4.2.1.1. ZSK roll-over is carried out once a month.
6.4.2. Key signing key roll-over
The Company rolls the KSK with a double-DS scheme, as described in RFC 4641, section 4.2.1.2. There are no planned KSK rollover frequencies defined at this time.
6.5. Signature life-time and re-signing frequency
Zones are signed once every 8 or 9 days (4 times a month), with a signature life-time of 20 days. Jitter is introduced to avoid presumptive attacks during signing.
6.6. Verification of resource records
DNSKEY and SOA RRSet signatures are verified prior to publication.
6.6.1. Verification of zone signing key set
Verification of the zone signing key set is performed by validating the public key data contained in the Key Signing Record.
6.7. Resource records time-to-live
7. COMPLIANCE AUDIT
7.1. Frequency of entity compliance audit
Compliance Audits are intended to be conducted at least biennially.
7.2. Identity/qualifications of auditor
The auditor is an entity who is proficient in the technologies they are auditing.
7.3. Auditor's relationship to audited party
Auditors are independent of the Company.
7.4. Topics covered by audit
Environmental, network and software controls, operations, key management practices and operations.
7.5. Actions taken as a result of deficiency
Any gaps identified in the audit will result in the creation of an action map, which lists what actions are necessary for the resolution of each gap. Management will design and implement mitigating steps to close the gaps identified.
7.6. Communication of results
The Company will communicate internally to resolve any gaps designated by the action map. Should deficiencies be found in this document, it will be augmented to mitigate the issue, and posted with a new revision number.
8. LEGAL MATTERS
This DPS is to be construed in accordance with and governed by the internal laws of the United States without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of the United States.
The following material shall be considered confidential:
The Company does not implicitly or explicitly provide any warranty, and has no legal responsibility for any procedure or function within this DPS. The Company shall not be liable for any financial damages or losses arising from the use of keys, or any other liabilities. All legal questions or concerns should be sent to legal@identity.digital.
1 Definitions for many of the terms used in this document are defined in Section 2 of RFC 6841.
2 https://datatracker.ietf.org/doc/html/rfc8499
3 As defined in
https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1
4 https://datatracker.ietf.org/doc/html/rfc5155
5 https://datatracker.ietf.org/doc/html/rfc9276
6 https://datatracker.ietf.org/doc/html/rfc4641
Last Updated: May 14, 2025
This Privacy Policy describes how Identity Digital Inc. and our subsidiaries and affiliated companies (collectively, “Identity Digital,” “we,” or “us”) collect, use, disclose, and otherwise process information about you if you:
This Privacy Policy does not apply in all circumstances. For example, Identity Digital may operate as a “data processor” for certain third-party registry operators. In those instances, we handle domain name registrant personal information on behalf of such registry operators, subject to the terms of our agreements with them. Please carefully review the terms associated with registry operators you work with. In addition, Identity Digital may also provide different or additional notices of our privacy practices for certain offerings, in which case those notices will supplement or replace the disclosures in this Privacy Policy.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. If we make material changes, we will provide you with additional notice (such as by notifying your registrar, adding a statement to our Websites, or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
The information we collect about you depends on which Products you use and how you use our Websites or otherwise interact with us. In this section, we describe the categories of information we collect and the sources of this information.
We collect information you provide directly to us. For example, we collect information directly from you when you fill out a form on one of our Websites, create an account with us, request customer support, connect with us via email, or otherwise communicate with us. The types of information that we collect directly from you include your name, email address, postal address, phone number, and any other information you choose to provide. If you are a registrar or other party making a payment to us, we work with a third-party payment processor to process your payment information.
We automatically collect information about your interactions with us, including:
We obtain information from other sources. For example, you may purchase one of our registration products from your registrar, in which case they may provide us with certain information including your registrant name, organization, address, email, fax, phone number, and contact information for various stakeholders, including administrative, technical, and billing contacts. We may also collect information from entities that gather and license business contact information, industry partners, and advertising networks.
We may derive information or draw inferences about you based on the information we collect. For example, if you use our Domain Engine Product or visit our Websites, we may make inferences about your approximate location based on your IP address.
We use the information we collect in the following ways:
We engage others to provide analytics services, advertise Identity Digital and our Products to you on third-party sites and services, and perform related services across the web and in mobile applications. To do this, Identity Digital and these partners may use cookies, web beacons pixels, SDKs, and similar technologies to collect information about your use of our Websites and third-party services, including your device identifiers, IP address, web browser and mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information is used to deliver advertising targeted to you on other companies’ websites and mobile apps, understand the effectiveness of this advertising, analyze and track data, and better understand your activity. When you arrive on our site, you will be presented with consent options upon arriving at our websites and can subsequently change those choices using the “Your Privacy Choices” link. Your choice will be linked to your browser only; therefore, you will need to renew your selections if you visit our website from a new device or browser, or if you clear your browser’s cookies.
In addition to ad targeting activities that rely on cookies and similar technologies, we work with advertising partners to translate other identifiers, such as your email address or phone number, into a unique identifier (called a hashed value) that such partners can then use to show ads that are more relevant to you across the web and in mobile apps. You may opt out of these disclosures by contacting us at privacy@identity.digital.
The activities described in this section may constitute “sharing,” or “selling” under the California Consumer Privacy Act. See the Additional Information for California Residents section below for details.
You can also learn more about interest-based ads, or opt out of having your web browsing information used for behavioral advertising purposes by companies that participate in the Digital Advertising Alliance, by visiting www.aboutads.info/choices or www.youronlinechoices.eu (if you reside in Europe) or https://youradchoices.ca (if you reside in Canada). Your device may also include a feature that allows you to opt out of having certain information collected through mobile apps used for behavioral advertising purposes.
We disclose information about you as described in the Targeted Advertising and Analytics section above and in the following scenarios:
We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. We maintain and use this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.
You can update certain information stored within your account with us at any time by logging in and navigating to the settings menu.
Identity Digital uses cookies and similar tracking technologies on our Websites, as described above. You can usually adjust your browser settings to remove or reject browser cookies. In addition, if you are in the United States, you may opt out of cookie-based ad targeting on our website by clicking the link titled “Your Privacy Choices ” on the footer of our Websites. If you are outside of the United States, you will be presented with consent options upon arriving at our Websites and can subsequently change those choices using the “Cookies Settings” link.
You may opt out of receiving promotional emails from us by following the instructions in those communications. If you opt out, we may still send you non-promotional emails, such as those about your orders with us or our ongoing business relationship. Depending upon where you live, we may only send you promotional emails where we have your consent to do so.
California has enacted the California Consumer Privacy Act (“CCPA”), which grants California residents certain rights and requires specific disclosures. If you reside in California, this section applies to you and also serves as our California notice at collection.
In the preceding sections, we explain how we collect, use, and disclose information about you, as well as our targeted advertising and analytics practices. As required by the CCPA, we use the tables below to explain this same information.
Use and Disclosure of Personal Information for Business Purposes
We do not collect information that is deemed “sensitive” under the CCPA.
As described in the Collection of Information section above, we collect personal information from various sources, including directly from you, automatically when you access or use our Websites or Domain Engine Product, from registrars and from other third-party sources.
We retain personal information for as long as necessary to carry out the purposes for which we originally collected it and for other purposes described in this Privacy Policy.
Sales and Sharing Activities
We also disclose certain categories of personal information to show you targeted ads on third-party properties and for related purposes. These disclosures may be considered “sales” or “sharing” under the CCPA, and the table below provides more information about our practices.
We do not engage in sales, sharing, or targeted advertising using personal information about consumers we know to be under the age of 18.
Opt Out of Sales and Sharing
You may opt out of activities that we engage in that constitute “sharing” or “sales” of personal information under the CCPA by:
If you reside in California, you can also opt out by visiting our website with a legally recognized universal opt-out signal enabled, such as the Global Privacy Control.
Access, Correction, and Deletion
If you are a California resident, you have the right to (1) request to know more about and access your personal information, including in a portable format, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information.
To request access, correction, or deletion of your personal information, please contact us at privacy@identity.digital. To authenticate your request, we may ask you to provide some additional information, such as about previous interactions with us.
Nondiscrimination
You have the right not to be discriminated against for exercising any of your privacy rights.
Authorized Agents
You may also designate an authorized agent to submit rights requests on your behalf. For access, correction, or deletion requests, we may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may contact the individual who is the subject of the request to verify their own identity or confirm the authorized agent has permission to submit the request. If you are an authorized agent seeking to make a rights request on behalf of a California resident, please email us at privacy@identity.digital.
Identity Digital is based in the United States, and we and our service providers process and store personal information on servers located in the United States and other countries. Whenever we make restricted international transfers of personal information, we take steps to ensure that your personal information receives an adequate level of protection (by putting in place appropriate safeguards, such as contractual clauses) or ensure that we can rely on an appropriate derogation under data protection laws. Where relevant, you may request access to any safeguard which we use to transfer your personal information outside of the European Economic Area, the United Kingdom, or Switzerland (although we may need to redact data transfer agreements for confidentiality reasons).
For personal information about EEA, Swiss, and UK individuals, Identity Digital complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks and the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Frameworks”), each as set forth by the U.S. Department of Commerce. As described in our Frameworks certification, Identity Digital has certified that it adheres to the Frameworks Principles with regard to the processing of personal information received from the EEA, Switzerland, and the UK in reliance on the Frameworks. In accordance with the Frameworks, we remain responsible under the Onward Transfer Principle for personal information that we disclose to third parties for processing on our behalf. To learn more about the Frameworks or to view our certification, please visit the Frameworks website. The Federal Trade Commission has jurisdiction over Identity Digital’s compliance with the Frameworks.
Identity Digital commits to resolve Frameworks Principles-related inquiries and complaints about our processing of personal data under the Frameworks. Individuals located in the EEA, UK, and Switzerland can contact us with inquiries or complaints at privacy@identity.digital. If we are unable to resolve the complaint, such individuals may refer the complaint to your local data protection authority, and we will work with them to resolve the issue. Contact details for the relevant data protection authorities can be found using the links below:
In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Framework Principles.
The following US-based Identity Digital affiliates adhere to the Frameworks: Afilias Inc.; Afilias USA, Inc.; Binky Moon, LLC; Covered TLD, LLC.; Dog Beach, LLC; Domain Protection Services, Inc.; Domainsite, Inc.; Dozen Donuts, LLC; DTLD Holdings, LLC; DTLD Parent, Inc.; Identity Digital Capital LLC; Identity Digital Inc.; Identity Digital Ventures LLC; Monolith Registry, LLC; Name.com, Inc.; Name.net, Inc.; Name105, Inc.; Name106, Inc.; Name117, Inc.; Nametrust, LLC; Ruby Glen, LLC; Spring McCook, LLC.
The Identity Digital family of companies also includes the following non-U.S. based companies: Afilias (Shanghai) Information Technology Co., Ltd.; Afilias India Pvt. Ltd.; Afilias Resolution Services Ltd.; Capable Network Technology (Shanghai) Co., Ltd.; Domain Registry Services Ltd.; doMEn d.o.o.; Donuts (HK) Limited; Dot Global Domain Registry Ltd.; Global Website Asia Ltd.; Global Website TLD Asia Ltd; HOTEL Top-Level-Domain S.a.r.l.; Identity Digital Australia Pty Ltd.; Identity Digital Canada Corp.; Identity Digital Domains Ltd.; Identity Digital Holdings Ltd.; Identity Digital Limited; and Internet Computer Bureau Ltd..
If you are located in Europe or another jurisdiction that requires a lawful basis for processing personal information, please note that when we process your personal data as described in this Privacy Policy, we do so in reliance on the following lawful bases:
If you are located in Europe or another jurisdiction that grants you data subject rights, you have the right to (1) access your personal data, including in a portable format, (2) request erasure of your personal data, and (3) request correction of inaccurate personal data. In addition, you may have the right to object to certain processing or request we restrict certain processing. To exercise any of these rights, please email us at privacy@identity.digital.
If you have a concern about our processing of personal data, we encourage you to contact us in the first instance. However, if we are not able to resolve it, you may have the right to lodge a complaint with the Data Protection Authority where you reside (if you live in the EEA, UK, or Switzerland, see links in the International Data Transfers section for contact information).
If you are a Canadian resident, this section applies to you.
By submitting personal information to Identity Digital, our service providers, or our agents, you consent to the collection, use, disclosure, and transfer of your personal information in accordance with this Privacy Policy and as permitted or required by law.
You may withdraw your consent at any time to the collection, use, disclosure, or transfer of your personal information by contacting Identity Digital as set forth in the Contact Us section below. If you withdraw your consent (or if you decide not to provide certain personal information), you acknowledge that Identity Digital may not be able to provide you, or continue to provide you, with certain products, services, or information that may be of value to you.
Identity Digital will only send you commercial electronic messages (“CEMs”) where we have your express or implied consent to do so. Your consent to receive CEMs is implied where we have an existing business relationship with you, or you have reached out to us and made an inquiry within a certain time frame. You may unsubscribe from receiving CEMs at any time, by clicking the unsubscribe button on an email. If you opt out, we may still send you non-promotional messages, such as those about your account or our ongoing business relations.
If you have questions about this Privacy Policy, please contact us at privacy@identity.digital.