DMV Privacy Notice for Commercial Products
This Privacy Notice applies to the California Department of Motor Vehicles (“DMV”) mobile, web-based and cloud-hosted commercial product applications (the “Services”) and governs the collection and use of data in connection with the Services. DMV is committed to protecting the personally identifiable information (“PII”) and other non-PII data (“Data”) of its customers and end-users (collectively “Users”) that is collected and used in connection with the Services. This Privacy Notice does not apply to any information an entity collects for its own use. Use of the Services constitutes agreement and consent to the practices described in this notice only.
The Services provide a way to securely authenticate identification documents and verify user identity and/or interact with third-party websites (“Websites”). However, this Privacy Notice does not cover any Websites of third parties. DMV encourages Users to review the privacy notices of other Websites that the User interacts with using the Services to understand how those Websites collect, use, and share PII and other data. DMV is not responsible for the privacy notices or other content on Websites outside of the Services or the practices of any third parties which a User wishes to interact with in using the Services.
- PII and Data Collected
DMV Services collects PII on individuals only as authorized by law. DMV Services may collect PII and Data which may include the following:
- User PII provided during the download and use of the Services, including:
- date of birth
- driver’s license/identification card
- biometric information (e.g., face, fingerprints).
- Data about a User’s use of the Services, including crash logs and usage statistics.
- Data about a User’s device and its interaction with the Services, including the type of mobile device, unique user ID, IP address and operating system, and type of browser(s) in use.
- Data about the location of a user’s device, including geo-location information.
- Analytics and statistics such as the number of identity documents processed within a time interval, the pass/fail rate of a type of identity document or of a document authentication process, pass/fail codes, date and/or location of document issuance.
- DMV does not collect SSNs as part of the mobile driver’s license enrollment process.
2. Retention and Use of Pll and Data
DMV may use the information collected through the Services in the following way:
2.1 Retention and Use of PII
Stateful Services deliver value through the long-term storage of User PII. An example of a stateful Service is the storage of biometric information to perform 1:1 and 1:N matching for User identification and verification. Stateless Services provide User’s value without the need for long-term storage of PII. An example of a stateless product and/or service is the process of determining if a presented document is authentic (e.g., determining the authenticity of a US Driver’s License).
PII for Stateful Services will be retained until one of the following events occurs:
- The User manually deletes PII stored in connection with the Service.
- The User cancels the Services, in which case, PII may be retained for 30 (thirty) calendar days to support a potential re-activation of the Service. After the re-activation period expires, all PII related to the User will be purged from our system(s) during the next scheduled purge of PII.
PII for Stateless Services will be used as follows:
- In general, PII for Stateless Services will be stored for a 30-calendar day period and purged monthly. PII older than 30 days will automatically be purged from the system during the next scheduled Data purge.
- For User support purposes, PII will remain in the system until either 30 days from the date on which the support request is resolved, or the next scheduled purge process after the support request is resolved.
- DMV will release your PII only to those third parties you have authorized to receive such Information (“Relying Party”). Once we disclose your Information in accordance with your consent, DMV does not have control over third party use of such Information and DMV disclaims any liability for any third party use or misuse of such Information.
2.2 Retention and Use of Data
Data that does not contain PII or has been anonymized will be retained indefinitely to test and improve the Services and related products, including:
- To monitor and improve quality of Services.
- To improve or develop functionality.
- To provide anonymized analytics and statistics on the Services.
3. Security of PII
DMV uses security safeguards to protect against the unauthorized use, access, and/or disclosure of PII. This includes encrypting PII at rest and in transit. All PII is protected on computer servers in a controlled, secure environment. When PII is transmitted, it is protected through the use of encryption, such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols.
4. How to Contact Us
Questions or comments regarding this Privacy Notice should be directed to DMV at https://www.dmv.ca.gov/portal/contacting-dmv/.
Users may opt-out of the collection of PII and Data by DMV under these Services by canceling the Services and uninstalling the applications from all User devices.
6. Changes to this Notice
DMV will occasionally update this Privacy Notice. The latest version of the Privacy Notice is listed below. Downloading or use of the Services after any changes to this Privacy Notice constitutes consent to the revised Privacy Notice.
Effective date: January 1, 2023
Last revised date: April 15, 2023