This policy explains how Maltibase (“we”, “our”, or “us”) collects, uses, stores, and protects user data obtained through DIDIT.ME identity verification services.

This policy applies only to data processed via DIDIT.ME and does not cover other Maltibase data practices.

1. Purpose of Using DIDIT.ME

Maltibase uses DIDIT.ME to perform identity verification and compliance checks in order to:

  • Verify user identity
  • Prevent fraud, impersonation, and unauthorized access
  • Meet regulatory, KYC, and AML requirements
  • Ensure platform security and trust
  • Enable access to restricted or financial features (where required)

2. Data Collected via DIDIT.ME

When a user completes identity verification through DIDIT.ME, the following data may be collected with the user’s explicit consent:

  • Full legal name
  • Date of birth
  • Nationality
  • Government-issued identification details (ID type, issuing country, ID number – where applicable)
  • Facial image or biometric verification data (for identity matching only)
  • Verification status and reference identifiers
  • Device and session metadata used for fraud prevention

⚠️ Important Clarification:
Maltibase does not collect DIDIT.ME account passwords and does not control the identity capture process itself.
Identity data is securely collected directly by DIDIT.ME during verification.

3. How We Collect the Data

Data is collected through the following process:

  1. The user is redirected to or interacts with DIDIT.ME’s secure verification interface
  2. The user explicitly consents to identity verification
  3. DIDIT.ME processes the identity data and performs verification checks
  4. Maltibase receives only the verification results and permitted identity attributes via secure APIs

Maltibase does not intercept or scrape identity data outside approved DIDIT.ME workflows.

4. How We Use the Data

DIDIT.ME-related data is used strictly for the following purposes:

  • Confirming user identity
  • Granting or restricting access to Maltibase services
  • Fraud detection and prevention
  • Regulatory and compliance obligations
  • Security audits and internal risk assessment

Identity data is never used for advertising, profiling, or resale.

5. Data Storage & Protection

Maltibase applies strict technical and organizational safeguards to protect DIDIT.ME-related data, including:

  • Encrypted data transmission (HTTPS / TLS)
  • Secure server and database storage
  • Role-based access controls
  • Limited internal access on a need-to-know basis
  • Secure storage of verification references rather than raw documents where possible
  • Continuous monitoring for unauthorized access or breaches

Biometric or sensitive identity data is not reused beyond verification purposes.

6. Data Retention & Deletion

  • DIDIT.ME verification data is retained only as long as necessary to meet legal, regulatory, and security requirements.
  • Where possible, Maltibase stores verification results or references, not full identity documents.
  • Users may request deletion of their DIDIT.ME-related data, subject to legal retention obligations.

Data Requests:
Email: privacy@maltibase.com

7. Data Sharing & Third Parties

Maltibase does not sell or rent DIDIT.ME-related data.

Data may only be shared with:

  • DIDIT.ME, as the authorized identity verification provider
  • Regulatory or law-enforcement authorities when legally required
  • Essential compliance or security service providers under confidentiality agreements

All parties are required to maintain adequate data protection standards.

8. User Rights & Consent

Users have the right to:

  • Know what identity data is collected
  • Withdraw consent where permitted by law
  • Request access, correction, or deletion of data
  • Decline identity verification (with limited access to certain services)

Verification is performed only after explicit user consent.

9. Compliance & Legal Basis

Maltibase processes DIDIT.ME data in compliance with applicable laws and standards, including:

  • Data protection and privacy regulations
  • KYC / AML requirements
  • DIDIT.ME platform policies and agreements

Data is processed lawfully, transparently, and for legitimate purposes only.

10. Policy Scope Limitation

This policy applies only to DIDIT.ME-related identity data.
Other Maltibase data activities are governed by Maltibase’s general Privacy Policy.

11. Contact Information

For DIDIT.ME data inquiries or privacy concerns:

Maltibase Privacy Team
Email: privacy@maltibase.com
Website: https://policy.maltibase.com

DIDIT Compliance Checklist (Covered)

✔ Explicit consent stated
✔ Identity verification purpose limited
✔ Secure collection & storage explained
✔ Retention & deletion defined
✔ No resale or misuse