Holic Selfie — Privacy Policy

Introduction

Welcome to the Holic Selfie Extension. This extension is designed to securely facilitate your selfie-based verification process. We are committed to protecting your privacy and handling your data with transparency. This policy outlines how the extension collects, uses, stores, and protects information.

1. Data Collected or Accessed by the Extension

The Holic Selfie Extension acts as an orchestrator to enable a secure verification workflow. It collects and uses specific information strictly for this purpose:

• User ID and Transaction ID: These identifiers are securely transmitted to the extension from the Holic backend. They are used solely to initiate and associate your selfie session with your unique transaction on the Holic platform and with the integrated verification SDK. These identifiers may be considered Personally Identifiable Information (PII) if they directly link to your identity.
• Session ID (Verification Session ID from SDK): Upon successful completion of the selfie verification, the integrated SDK generates a Session ID. This ID is received by the extension and securely transmitted back to the Holic backend to confirm the completion of your verification. It may be displayed to you for manual reference but is not persistently stored by the extension.
• Web History (Limited Use): The extension monitors the URL of the active browser tab (chrome.tabs.onUpdated) to detect when you navigate to a specific Holic verification page. This is only to automatically activate the extension. It does not collect, store, or transmit your overall browsing history.
• User Activity (Limited Scope): The extension tracks the progression of your selfie verification flow (e.g., initiation, loading, success, or error states) to provide UI feedback and update the Holic backend. It does not monitor unrelated browsing activity.

2. How Data is Used and Shared

The data collected by the extension is used exclusively for its stated purpose: facilitating the Holic selfie verification process.

• Internal Processing: User ID, Transaction ID, and Session ID are used to manage the workflow within the extension and between our backend services.
• Third-Party Verification SDK: The extension loads and interacts with the integrated Selfie Verification SDK. When launched, the SDK receives necessary identifiers. Important: The SDK directly handles the capture and processing of your biometric data (e.g., selfie image or video). The Holic Selfie Extension does not directly collect, transmit, or store your raw biometric data. All biometric data handling is governed by the SDK provider's own privacy policies and terms.
• Holic Backend Communication: The extension communicates with Holic backend APIs to fetch session details and report verification outcomes (e.g., Session ID or error status).
• No Sale of Data: We do not sell, rent, or trade any user data collected by this extension to third parties.

3. Data Storage and Retention

• Temporary Storage: Most data (User ID, Transaction ID, Session ID) is stored temporarily in the browser's memory or session storage during a single verification session and cleared once the session ends or the tab closes.
• No Cloud Storage by Extension: The extension itself does not store user data on cloud servers. Data transmission occurs directly between your browser, Holic backend, and the verification SDK.

4. Your Choices and Controls

• Installation/Uninstallation: You can install or uninstall the Holic Selfie Extension at any time through Chrome's extension management settings. Upon uninstallation, the extension automatically removes any applied rules.
• Browser Permissions: You may review and manage the permissions granted to this extension via Chrome settings. Restricting essential permissions may prevent the extension from functioning correctly.

5. Security Measures

We implement technical and organizational measures to protect the data handled by the extension, including:

• Using secure, encrypted communication protocols (HTTPS) for all data exchanges with Holic servers and the verification SDK.
• Minimizing data collection to only what is strictly necessary for the verification process.
• Ensuring biometric data is processed directly by the SDK; the extension does not handle raw biometric content.
• Using standard Chrome Extension APIs (e.g., chrome.storage) for secure local storage.

6. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post any new Privacy Policy on this page with an updated Last updated date. We encourage you to review this policy periodically.