Individuals who want to receive a World ID are not required to share their name, phone number, email address or home address. Face and iris images collected by the Orb are used to generate a unique iris code. This iris code is compared against priorly collected iris codes without decrypting them. The iris codes are stored in an encrypted manner. Subsequently, all images and image derivatives are packaged, encrypted, and “signed” by the Orb to ensure authenticity and security, then sent to the user’s phone through the Orb backend server (importantly the backend cannot decrypt your phone). All images are then deleted from the Orb.
Note: The process described above relates to Personal Custody, not the entire Worldcoin system. The iris code is not deleted from the Worldcoin backend upon sign up. This enables Worldcoin to continue to determine an individual's uniqueness. To enable this in a privacy-preserving way, the iris code is split into multiple different secret shares that are stored and encrypted across multiple secure databases (read more about SMPC in the blog post). This allows for unprecedented level of privacy protection. Upon request by the user, these iris code shares can be deleted from the Worldcoin backend.
The Orb-verification process is only intended to verify an individual’s uniqueness—i.e., that they have not previously verified their unique humanness at an Orb for their World ID.
Worldcoin users may choose to share additional data, but this is never required. As an example, a user may provide their email address to sign up for the Worldcoin newsletter.
Importantly, the Worldcoin Foundation and its contributor Tools for Humanity do not, and never will, sell anyone’s personal data, including biometric data.
To learn more about the Worldcoin approach to data collection, handling and privacy, visit the protocol’s privacy page here or the Worldcoin blog.