Effective Date: May 19, 2026
Version: 1.0
General Department of Identification (GDI)
Ministry of Interior, Royal Government of Cambodia
This Privacy Policy explains how the Khmer-eID platform (“Platform”, “we”, “us”) collects, uses, stores, shares, and protects the personal data of citizens (“you”) who use the Khmer-eID mobile application and related services.
By registering for and using Khmer-eID, you agree to the practices described in this Policy. If you do not agree, do not use the Platform.
Khmer-eID is operated by the General Department of Identification (GDI), Ministry of Interior, Royal Government of Cambodia.
GDI is the data controller for all personal data collected through the Platform.
Collected during eKYC verification, sourced from and validated against the national Integrated Population Information System (IPIS):
Collected during the eKYC process only:
Biometric data is processed by our eKYC verification provider (EKYC Solutions) solely for identity verification.
Raw biometric data is not retained after the verification decision is made.
Scanned images of your National ID card (front and back), stored in encrypted object storage.
Data you voluntarily provide when applying for government services, including:
Names and details of family members you voluntarily add to your profile for pre-filling service applications.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Identity verification (eKYC) | Identity, biometric, document data | Legal obligation / Public task |
| Issuing digital identity credential (VC) | Identity data from IPIS | Public task |
| Account authentication & security | Phone number, Passkey, session data | Contract / Legitimate interest |
| Processing government service requests | Service request data, identity data | Public task |
| Identity sharing via QR code | Identity data (only what you approve) | Your explicit consent |
| Push notifications & announcements | Phone number, device token | Public task / Consent |
| Platform security & fraud prevention | Usage and technical data | Legitimate interest |
| Compliance and audit | All data types | Legal obligation |
We do not use your data for commercial advertising and do not sell your data to any third party.
When you share your identity via QR code:
Your data is only shared in the following circumstances.
Your identity data is validated against and sourced from IPIS, the authoritative national population database.
All identity reads and writes flow through IPIS.
Your service applications are forwarded to GDI Online for processing by GDI officers.
Application status is returned to you through Khmer-eID.
Official announcements and communication hub content are sourced from E-Service.
We engage the following processors who act under our instructions and are bound by data protection obligations.
| Provider | Purpose | Data Shared |
|---|---|---|
| EKYC Solutions Co., LTD | OCR and biometric verification | Document images, live facial scan |
| Firebase (Google) | Push notification delivery | Device token, notification content |
We may disclose data when required by:
We do not share your data with foreign governments or commercial third parties beyond what is listed above.
| Data Type | Retention Period |
|---|---|
| Identity and credential data | Duration of account, plus as required by Cambodian law |
| Biometric processing data | Deleted immediately after verification decision |
| National ID card images | Retained in digital vault while account is active |
| Service request records | Per GDI record-keeping requirements |
| Session and access logs | 90 days rolling |
| QR sharing logs (audit) | 12 months |
| Account data after deletion | Up to 30 days, then purged |
View all identity data held in your digital vault within the app at any time.
If your identity data is incorrect, contact GDI directly.
Data sourced from IPIS must be corrected at the national level.
Freeze or disable your digital ID card at any time from within the app.
A frozen ID cannot be verified by third parties.
Request deletion of your Khmer-eID account.
Identity records held by IPIS and GDI may still be retained under separate regulatory requirements.
Where processing relies on your consent (for example, identity sharing via QR), you may withdraw consent at any time by simply not approving share requests.
To exercise any of these rights, contact us using the information in Section 12.
Khmer-eID is intended for Cambodian citizens of legal age to hold a National ID card.
We do not knowingly collect data from minors without parental or guardian authorization.
Service applications for minors must be submitted by a parent or guardian.
We may update this Privacy Policy to reflect changes in:
We will notify you through push notifications and display the updated Policy in the app before changes take effect.
Continued use of the Platform after notification constitutes acceptance of the updated Policy.
For privacy inquiries, data access requests, or complaints:
General Department of Identification (GDI)
Ministry of Interior, Royal Government of Cambodia
Address
National Road No. 1
Sangkat Niroth
Khan Chbar Ampov
Phnom Penh
info@gdi.gov.kh
Phone
1271