A fact is just a piece of information about you. The most basic facts stored in the Self data store in your phone are the ones you use to sign up: your email address, street address, your phone number, date of birth the personal details on your passport or driving license.
If a fact has been verified as being true by an authoritative third party it will be marked with a tick.
You can only share facts over the Self Network which have been verified, so you should try to get as many facts verified as possible.
How is this useful?
Imagine if you've just finished a foreign language course – the course providers could attest to the fact that you've achieved a level of competence in French, and you could store this as a verified fact in Self. That would mean you could use that fact in the future, for example when registering on a job platform, so potential employers know that someone they can trust says that "Oui, ils peuvent parler français!".
One important thing is that someone doesn't need to know the details to know that a fact is true. If you're buying age restricted goods online, the retailer doesn't need to know your date of birth, they just need to know that you're over a certain age. This is a powerful way of protecting your data, while being able to prove useful things about yourself.
And all of this information is just on your phone, always under your control.
Put simply we don't have your data. You stored it in your phone on your Self personal data store, and only you can access it. If it leaves your phone it's because you’ve sent it as a message across the Self Network to a specific recipient.
We're not just saying this. It can be proved using our Public Key Infrastructure.
Self can be used as a factor in multi-factor authentication, but because Self is proving more than that you have access to some keys it delivers more value to the organisation requesting authentication than just an app. Self can tell them that it's the specific person who should be being given access in real time. It can also add to that payload things like whether the person being authenticated has passed a KYC check and if they are the same person as the one who did the previous KYC check. Giving the organisation authentication with real value in real time.
Your information in Self is protected by several layers of security:
1. It is only stored on the device in your hand. We don't send it over the Internet to any other databases until you click the "Approve" button, and even then, it's just that individual piece of data that’s shaered
2. Once you've unlocked your phone, you’ll only have full access to Self after you’ve passed a face scan to check that it’s actually you, not just someone with your phone’s PIN. You will also be asked to create a 6 digit PIN for accessing Self in an emergency, but it will only give you access to limited functionality. You must make sure no one else has access to your PIN, so it stays safe and private.
3. Everything is encrypted all the time (including backups), so only you or someone you permit can see your data.
All data stored in Self is encrypted on your mobile device. Any data you share is backed-up to your phone's cloud backup (e.g. iCloud or Google Drive) in a location nominated by you during the signup process. The backups of your data and account details will be encrypted end-to-end and then stored encrypted in your device's backups.
We don’t have any access to your backups.
It is your responsibility to keep your phone, login details and recovery details safe, and to prevent others from having unauthorised access to your data.
Your data belongs to you. Self's founders believe it is safer for people and better for business for you to control your data. We live by those beliefs and so we have built Self specifically to prevent us having access to your data unless - like you might with any company - you give us specific permission to see it.
*We would hold no personal data if we could get away with it.
Today we're allowing Self members to store commonly requested information as facts within the Self data store and their phones, – things like name and date of birth – but alongside those you can choose to share metadata like 'age' or 'age range' and data sources like 'Passport' or 'Bank' with developers, to avoid needing to share personal data just answer the question they really needed an answer to. Like "Does Bob's drivers licence confirm he's between 25 and 70?"
But this is just the start; Developers building apps integrating with the Self Network can define the fields they would like to see in Self – so as more organisations join the Self Network, they will be able to attest to more and more facts that people want to verify. Organisations like educational and professional development establishments verifying details of qualifications in Self; insurance companies can verify that you've got a current car insurance policy; proof of marketing permissions for GDPR and CCPA; access to a restricted research report; user managed credit ratings; even whether you've got a valid ticket to a gig.
And all of this information stays purely on your device, always under your control.
Self is free to join as an individual user for personal use and the core features will always be free to you in the future.
Our business model is to charge the businesses using Self a small amount of money every time they ask to check a fact about you – such as your phone number, address, qualifications, passport number etc. – when you choose to connect with them using Self. They get certainty that the information you've shared is true, and you can be sure that your data isn't being used in ways you haven't explicitly agreed to.
In the future we may release new features, which may carry a charge, but these will always be optional.
For full details of our pricing and packages for businesses, see our Pricing page.
Every time you grant access to a piece of your data to a third party, you do so for a purpose that says what they can and can't do with it and how long they can have it for. So for example a car hire company might need your address for as long as you have their car, but when you return the car they should delete your address.
Before Self they needed your details to contact you. Now, because you are connected to them through Self, they can contact you if they need to and they can ask for the address again if they need it. So they don't need to keep it, and it's very clear if they choose to use the data for something else that they are in breach of your agreement and the law.
Your face is a key to unlock the data you store in Self on your phone. Your App uses the selfies you take to be sure you are the person who should be accessing your data. It compares them to pictures of you on official documents and in other verified images you share with the App. Your app will learn about your face and use it to keep you and your data safe.
This knowledge helps you keep your data secure, and it helps the people and companies you're connected to know that you are you.
Like all the data you put into your app, your selfies are not stored on our servers, they're just in your phone.
Security, security, security.
Data stored in ‘the cloud’ is actually stored on servers located all over the world. These servers can be accessed from absolutely anywhere and the data on them is only as safe as the humans that set up the protection around them. As many high profile data breaches have shown (Twitter, British Airways, Zoom, the list goes on), these security measures are not up to the task of keeping out ever more skilled and ambitious hackers.
If your data is stored on your phone, it can’t be hacked like this. The fingerprint or face scan you use to unlock your phone is almost impossible to hack and, so is the data itself.
The other issue with allowing companies to store your personal data is that once you’ve given a company some of your personal information, it’s easy to forget what you’ve shared with them and impossible to control how they use it. This misuse of data is becoming more widespread as businesses try to squeeze more and more value out of the information that they hold about their customers.
When you store your data on your device you remain in complete control of that information. You decide exactly which pieces of data to share with a company and you will be able to decide precisely what they can use it for and how long they can keep it.
This information is all backed up when you perform your usual phone backups, either to Apple iCloud, Google Drive or whichever system you use. As these backups are also encrypted, it means that your backups can only be accessed by you.
That's why when you create your Self account we give you a recovery key. Keep a secure record of this, it is what will let you get your data back if you lose access to it or to your account.
When you use your email address to sign up for a service online, you're giving the company running it the ability to target you with advertising on social channels, send you marketing emails and potentially lose the data to hackers.
But Self is more than just a way to log in – it gives you the ability to share just the specific pieces of information that companies or other people need to deliver the service you've agreed to.
We'd love to talk to you. Drop us a line and we'll be in touch.
You can delete your account at any time by choosing “delete account” from the Settings menu. Doing so will remove all your data from your phone and from backups.
Once your account has been deleted, your member details can be recovered, but any other data you've stored in Self will no longer be available – we don't keep any of your data on our servers.