Education

1. Privacy Policy Agreement Clearly explains what data is collected, why it's collected, how it’s used, stored, and shared.
Must be easily accessible and written in plain language.

2. Informed Consent for Data Collection Explicitly asks users for permission to collect specific types of data (e.g., biometric data, photos, national ID).
Should be granular (e.g., users can opt in to some data types and not others).

3. Biometric Data Disclosure Since fingerprints and facial photos qualify as biometric identifiers, you must disclose: Purpose of collection, Storage duration, Security measures, User rights (e.g., withdrawal of consent)

4. Data Sharing and Third-Party Disclosure Agreement Discloses if data will be shared with or processed by any third parties (e.g., vetting partners, AI analysis tools).
Must name or describe the third parties involved.

5. International Data Transfer Consent If user data is stored or processed outside their country, especially outside the EEA or UK, users must consent to cross-border data transfers under GDPR or similar frameworks.

6. Profiling and Automated Decision-Making Disclosure If VM uses AI/algorithms to assess trustworthiness, compatibility, etc., you must: Inform users, Explain how decisions are made, Allow users to request human review (depending on jurisdiction)

7. Right to Access, Correct, and Delete Data Users must acknowledge that they understand their rights under applicable laws (e.g., GDPR, CCPA), including: Accessing their data, Correcting inaccuracies, Requesting deletion or data portability

8. Revocation of Consent & Data Retention Policy Users must be able to withdraw consent at any time.
You should disclose how long data is retained and what happens to it after withdrawal or account closure.