Privacy Policies
for MetaState Foundation applications and services
Privacy Policy for 'eID for W3DS' application
Effective Date: 01 July 2025

MetaState develops services for digital identity and personal data management based on Web 3.0 Data Space architecture.
When you use our services, MetaState collects a limited set of personal information about you. This document describes the way MetaState handles your personal information.

Who is MetaState?
Legal Entity: Stichting MetaState Foundation
Keizersgracht 391A, 1016 EJ, Amsterdam
KVK-nummer 96231424
MetaState is the controller for purposes of the General Data Protection Regulation (GDPR).

Purpose of eID for W3DS application
The eID for W3DS is a privacy-preserving identity tool that allows users to scan their government-issued passport and generate a set of decentralized credentials: eName, ePassport, and eVault. These credentials serve as a basis for interoperable identity across the Web 3.0 Data Space.
We Collect, Use, Share and Otherwise Process Information
MetaState relies on a number of legal bases to collect, use, share, and otherwise process the information we have about you for the purposes described in this Privacy Policy, including:
  • as necessary to provide the services and fulfill our obligations pursuant to the Terms of Service. For example, we cannot issue eID credentials unless we verify your passport;
  • where you have consented to the processing, which you can revoke at any time;
  • where necessary to comply with a legal obligation, a court order, or to exercise and defend legal claims;
  • to protect your vital interests, or those of others, such as in the case of emergencies;
  • where you have made the information public;
  • where necessary in the public interest; and
  • where necessary for the purposes of MetaState’s or a third party’s legitimate interests.
Our Legitimate Interests
We process your information in furtherance of our legitimate interests, including:
  • providing and improving the services, including personalized security and identity features. We do so as it is necessary to pursue our legitimate interests in developing reliable identity infrastructure;
  • keeping the services safe and secure. We do so as it is necessary to ensure the services are secure, and to protect against fraud and abuse.
What information does MetaState collect and process, and for what purpose?
MetaState provides digital identity services through eID for W3DS. We collect specific personal data from your passport and process it in order to issue your decentralized identity credentials.
Data collected if you use eID for W3DS
If you use eID for W3DS, you will be asked to scan your government-issued passport. This scan is processed by our identity verification partner Veriff, and only textual information is extracted and stored. This includes:
  • Full name
  • Document number
  • Date of birth
  • Nationality
  • Date of issuance and expiry
  • Issuing country
The image of your passport is not stored by MetaState or in your eVault. It is only used temporarily during the verification process by Veriff. MetaState only receives and stores structured data fields from the document, never images or biometrics.
Once verified, these data fields are stored in your personal eVault, a secure data container under your control.

MetaState can use this information to:
  • issue your eID credentials (eName, ePassport, eVault access)
  • allow you to log in and interact with Web 3.0 services;
  • maintain secure access control and auditing for your credentials;
  • respond to any complaints and/or questions;
  • protect, adjust and update MetaState’s identity infrastructure.
MetaState does not analyze your behavior, store your IP address, or track your location when using the eID for W3DS.

Use of External Verification Service
To validate the authenticity of your passport, eID for W3DS integrates with Veriff, a third-party identity verification provider.
  • The image of the document and you personal photo is transmitted securely to Veriff.
  • Once verified, only textual passport data is stored.
  • Veriff processes this data under its own GDPR-compliant policy.
We do not retain the photo or biometric data. These are discarded immediately after verification unless you explicitly allow Veriff to retain them under their policy.

Where Your Data Is Stored
Once verified, the passport data is stored only in your personal eVault — a secure, cryptographically protected data container controlled solely by you.
MetaState and third-party platforms cannot access this data without your explicit permission.

IP Address and Browser Information
No browser-level analytics or device tracking is performed during the use of the eID for W3DS app. We do not use cookies or collect metadata beyond what is required for essential service operation.

Data collected for communicating with you
If you contact MetaState via email (e.g., for support or privacy inquiries), we will store your email address and message history in order to respond appropriately. This data will not be used for marketing purposes or shared with third parties.

How does MetaState protect your personal information?
MetaState takes appropriate technical and organizational measures to protect your (personal) information against loss or any form of unlawful use. All verified data is stored in encrypted eVaults fully under user control, and access is granted via cryptographic keys and selective disclosure protocols.

Transfer to third parties
As noted above, MetaState uses Veriff as an external identity verification provider. Veriff may temporarily process your document image to verify authenticity. MetaState only retains structured data fields and does not share them with any third parties unless required by law.
MetaState may provide your personal data to third parties if required to do so by law, case law and/or regulation, and where necessary to defend its own rights.
Other than the cases mentioned above, MetaState will not transfer your data to third parties or provide third parties access to your data.
MetaState shall not provide your personal information to third parties for the purpose of direct marketing.

What happens when I delete my account?
MetaState does not manage user accounts centrally. All verified data is stored in your eVault. You may delete your credentials or eVault at any time. MetaState does not retain copies.

Cookies and Analytics
eID for W3DS does not use cookies or analytics services such as Google Analytics.
Viewing, changing and deleting your data
All personal data is stored in your eVault, where you can view, edit, or delete it at any time. If you need assistance, contact us at: info@metastate.foundation

Transfer of data to countries outside the EU
Veriff may process identity verification in jurisdictions outside the EU, subject to their own GDPR-compliant procedures. MetaState does not transfer or store any data outside of your eVault.

May minors use MetaState services?
If you have not yet reached the age of sixteen (16) years, you are obliged to obtain consent of your parents or legal guardian before using eID for W3DS. By using the service, you confirm that you are sixteen (16) years old or older, or have permission from your parents/legal guardian.

Can this privacy policy be changed?
It is possible for this privacy policy to be amended in the future. That would then be mentioned on our website, so it is recommended to regularly check this page.

Contact
MetaState Foundation
Email: info@metastate.foundation
Web: https://metastate.foundation/privacy