menuMistho

Trust Framework Addendum

Last updated: 18th September 2025.

This Addendum applies to Mistho partners and customers who use Mistho’s services in the context of the UK Digital UK Digital Identity and Attributes Trust Framework (the “Framework”). It forms part of the Partner Terms and is binding on all relying parties consuming attributes provided by Mistho under the Framework.

Purpose

With the Gamma uplift of the UK Digital Identity and Attributes Trust Framework, attribute providers are required to ensure that their relying parties comply with the same core trust, privacy, and inclusion principles.

These requirements are not unique to Mistho: they reflect obligations that already apply to relying parties under UK GDPR, data protection law, and general consumer protection regulation. This Addendum makes those obligations explicit and ensures consistency across all parties participating in the Framework.

Data Use and Retention

  • You may only use attributes provided by Mistho for the specific purpose for which the individual has given consent.
  • You must not retain attribute data longer than necessary, and you must securely delete such data in accordance with the Framework’s requirements.
  • You may not repurpose attribute data for profiling, marketing, or other unrelated purposes.

Transparency, Complaints & Incident Procedure, and Identity Repair

  • You must provide clear and accessible information to end-users about how their data will be used.
  • If a complaint involves data collected or shared via Mistho, you must cooperate with Mistho in resolving the matter.
  • For data subject access requests, corrections, or deletions, you must work with Mistho to ensure these are addressed promptly.
  • You must also cooperate with Mistho in addressing identity repair requests. Where Mistho facilitates communication with you and an end-user about suspected identity misuse, you must engage promptly and take reasonable steps to support resolution.

Fraud and Security

  • You must maintain processes to identify and respond to potential fraud or misuse of attribute data.
  • You must notify Mistho promptly if you suspect or detect fraudulent use of attribute data.
  • You must cooperate with Mistho and relevant authorities in fraud investigations as required under the Framework.

Accessibility and Inclusion

  • You must ensure that services you offer to end-users using Mistho’s attributes are accessible and inclusive, by following at least WCAG 2.2 AA or EN 301 549 standards.
  • Where an end-user is unable to complete a verification through Mistho after retries, you are responsible for offering an alternative verification route (such as manual or in-person checks). This obligation ensures that no user is unfairly excluded, in line with inclusion requirements of the Framework and general consumer protection standards.

Audit and Cooperation

  • You agree to provide Mistho with reasonable assistance to demonstrate compliance with this Addendum and the Framework, including making records available for review by Mistho or relevant authorities.
  • Mistho may suspend or terminate your access to its services if you fail to comply with this Addendum.

Contact

  • If you have questions about this Addendum, please contact us at info@mistho.io.