Scan to download app
Apple Store
Google Play
.svg)
Identity For Your Business
Maximize security and minimize friction with CLEAR’s comprehensive
identity solution.
LEARN MORE
.svg)
©2025 Secure Identity, LLC. All Rights Reserved.
1. The purpose of this Credential Policy Statement (CrP) is to describe the policies under which CLEAR Verified is operated and delivered. These policies will support NIST 800-63A IAL-2 and NIST 800-63-B AAL2 requirements.
2. CLEAR Verified is a mobile, self-directed, unsupervised enrollment flow that allows individuals to verify and validate themselves at IAL2 and AAL2. Enrollment in this service SHALL be completed remotely and unsupervised.
3. CLEAR Verified is a commercially-available product that organizations purchase to verify their downstream end-users at no cost to the individual. Individuals enroll in the IAL2 flow in a remote, unsupervised medium by way of their mobile device.
1.2.1 CLEAR Applicant
Applicants who have completed the CLEAR Verified verification MAY use their CLEAR identity in other use cases upon the applicant’s consent.
1.2.2 CLEAR Partner
CLEAR’s enrollment to the Registered Traveler Program falls under the purview of the Transportation Security Administration (TSA). The proofed identity at the NIST 800-63A IAL2 compliant workflow is reusable.
1.3.1 Organization administering the document
Secure Identity, LLC
85 10th Ave; 9th Floor
New York, NY 10011
1.3.2 Credential Policy (CrP) approval
The CrP is reviewed annually by CLEAR’s Product team, Information Security, and Technology to confirm changes are adequately reflected. Once reviews and updates have been addressed, the CrPS is approved by the CLEAR Chief Technical Officer (CTO).
1.3.3 Jurisdictions
CLEAR operates the CLEAR Verified service in the United States only.
CLEAR SHALL publish its Credentialing Policy (CrP) regarding the CLEAR Verified service, as well as other terms of service as may be required to fully advise all necessary and appropriate parties, in its Terms of Use, Member Terms and Privacy Policy. These publications SHALL be maintained such that they always reflect the service as it is operated at any given time.
CLEAR SHALL maintain an internal repository of information relating to individual credentials, their statuses and a member’s characteristic attributes and eligibilities as necessary to provide the CLEAR Verified service and comply with applicable obligations, including legislative and policy obligations and obligations arising under CLEAR's Terms of Use, Member Terms and Privacy Policy.
CLEAR’s Member Terms and Privacy Policy SHALL govern the circumstances under which member data may be shared.
1. CLEAR Verified is a remote, un-supervised IAL-2 enrollment;
2. CLEAR Verified authenticates proofed individuals at AAL2 with the use of multi-factor cryptographic software (passkeys)
CLEAR’s Privacy Policy and Member Terms are invoked by this document.
3.2.1 Enrollment
Applicants SHALL engage with the enrollment by way of:
1. Unsupervised Enrollment - Applicants SHALL complete their CLEAR Verified enrollment workflow on their mobile device with the submission of the required evidence and successful verification of passive, backend identity verification checks.
3.2.2.1 CLEAR Verified Scope of Responsibility
CLEAR Verified SHALL NOT be used to determine access to benefits or services. CLEAR Verified’s scope of responsibility is providing a result of the IAL2 enrollment.
3.2.2 Account Creation
3.2.2.1 CLEAR Verified Availability
The CLEAR Verified system SHALL perform at Service Level Agreement (SLA) of at least 99%.
3.2.3 Identity Proofing and Verification
3.2.3.1 Minors
Minors SHALL not be permitted to enroll through CLEAR Verified’s service. CLEAR Verified SHALL only be available to users that are 18+ years old.
3.2.3.2 Minimum Collection of PII
CLEAR SHALL collect the minimum necessary information to perform proofing at the IAL2 level. This information may include:
Applicants’ information SHALL be retained until the applicant requests a purge of their data (or as required by applicable law or CLEAR policy).
3.2.3.3 Evidence Collected from User
CLEAR SHALL establish a user’s identity for the CLEAR Verified service by collecting 2 pieces of identity evidence and SHALL validate the evidence as being genuine and verifying it as belonging to the applicant. Identity evidence consists of:
CLEAR SHALL only use users’ PII for the purpose to which they consented including authentication, fraud mitigation, and to comply with legal requirements.
3.2.3.4 Enrollment Code Address of Record
CLEAR SHALL send a 6 character alphanumeric enrollment code to the Applicant to enter the CLEAR Verified flow.
CLEAR SHALL use the Applicant’s phone number as their address of record for submitting their enrollment code.
The enrollment code SHALL be valid for up to 10 minutes when sent via SMS.
The enrollment code SHALL not be reused.
3.2.3.4.1 Additional security details
CLEAR SHALL protect all Personal Identifiable Information (PII) with safeguards that comply with NIST 800-53 moderate and high baselines.
3.2.3.5 Errors and redress
CLEAR SHALL provide a direct means to contact customer service in-line as part of the enrollment flow for applicants who have problems with identity proofing.
CLEAR’s Member Care agents MAY help applicants navigate the enrollment process upon their re-attempt, and offer tips on how to address common issues (e.g, how to take a suitable photo of their document, or take an acceptable "selfie").
Customer service SHALL record Applicant feedback and pain points to be shared with CLEAR's product team for ongoing product quality improvements.
Applicants MAY also contact CLEAR customer service via a variety of other channels for assistance. CLEAR customer service support is available Monday - Sunday from 8:00 am - 9:00 pm ET. CLEAR aims to handle all requests in a timely manner through the different mediums that we support including phone and email. Our SLAs are:
Full information can be found by going to CLEAR Support & FAQs.
3.2.3.6 Quality Management
CLEAR SHALL continuously review enrollment pass and fail rates to identify areas of improvement and underlying issues.
3.2.3.7 Notification of proofing
CLEAR SHALL send the Applicant a notification once their profile is completed after finishing the IAL2 flow to the email address on record.
3.2.3.8 Ceasing Identity Verification
In the event CLEAR ceases to conduct identity proofing and enrollment processes for the CLEAR Verified service, CLEAR SHALL dispose of or destroy any sensitive data including PII, or protect such data from unauthorized access for the duration of retention.
3.2.3.9 Updating Existing Enrollment
Applicants who desire to update an existing enrollment SHALL contact CLEAR Member Care to facilitate purging their account and re-proofing.
3.3.3 Retention of User Data
CLEAR SHALL retain a user’s data including authentication data and the PII listed in Section 3.2.3.2 until the user has requested a purge of their data or as required by applicable law.
3.3.1 Revocation by CLEAR
CLEAR MAY revoke any credential in order to address instances of false representation, failure to comply with Member Terms, or for any other reason, at its sole discretion.
3.3.2 Revocation by Other Means
In the event of a user’s passing (death) or other legal concern around a user’s account, CLEAR Customer Support and CLEAR’s Legal Team SHALL handle any and all actions with regards to closing down the account.
3.3.3 Revocation by User
Once a revocation request is received and executed by CLEAR’s team, the user SHALL immediately lose their ability to authenticate identity and complete transactions with CLEAR.
3.3.4 Revocation Notification
Applicants SHALL receive a reference number to confirm the revocation of their CLEAR account and the purging of their personal data. This confirmation is provided by CLEAR customer service upon processing a member purge request, or within 24 hours where an account is revoked by CLEAR.
3.3.5 Authentication Request Lifetime
CLEAR SHALL terminate the session if the user does not authenticate within 10 minutes.
CLEAR SHALL start a new authentication session if the previous authentication session terminates for any reason.
3.3.6 Single Use
Each authentication SHALL be specific to a single transaction and SHALL NOT be reusable. CLEAR does not place an expiration on authenticators.
CLEAR SHALL NOT allow authentication if the system is down in any capacity.
CLEAR SHALL inform Partners when the system is down.
Applicants SHALL re-authenticate each time they complete a transaction with a partner to confirm their identity or transfer user data.
Applicants SHALL proactively protect against loss or theft of their authenticators (mobile device and biometrics) via enabling device lock protections.
If the user has lost or has compromised any of their authenticators, then they MAY contact CLEAR to request a purge of their account. Once the account is purged, the user SHALL re-verify themselves at the IAL2 level to establish a new CLEAR identity.
As per our Terms of Use, the user SHALL inform CLEAR in the event that any authenticator including a device or phone number has been compromised, lost, or stolen.
3.7.1 End User Authentication
CLEAR SHALL only authenticate the user at AAL2.
CLEAR SHALL require the user to demonstrate the intent to be authenticated through their use of the multifactor cryptographic software authenticator (passkey).
CLEAR SHALL NOT use the unlocking of the device as an authentication factor.
CLEAR SHALL allow users up to 10 minutes to authenticate before the authentication session is terminated. CLEAR allows a maximum of 20 attempts to be authenticated before the user’s account is locked.
CLEAR SHALL require members to re-enroll if they are accessing the CLEAR Verified flow from a different device than what they enrolled on.
With regards to Partner (Relying Party) configurations, CLEAR’s Solution Engineers record the following as part of the implementation process:
3.7.2 Authenticator Binding
CLEAR SHALL bind authenticators to a user’s account upon a successful proofing event. Authenticators are provided by the user and CLEAR does not issue any authenticators.
CLEAR supports passkeys, or multifactor cryptographic software, which satisfies (something you know or something you are) and (something you have) as the passkey is on the mobile device.
In the event that a user has a new authenticator device after having been proofed at IAL2, the user will have to re-proof themselves at IAL2 to add the new authenticator.
3.7.3 Consent for data sharing in connection with specific transactions
Prior to authenticating and starting the CLEAR Verified IAL2 flows, applicants will be prompted to consent to sharing their PII. Applicants are given an option to not consent which will prevent them from moving forward. Any such information sharing must comply with CLEAR’s Privacy Policy and Member Terms, and the member may be presented with an in-time consent related to the specific transaction prior to any data sharing. Member consents regarding data sharing are recorded in CLEAR’s systems in a manner that complies with applicable laws.
CLEAR SHALL NOT exercise any additional logic to determine suitability for services or benefits once an identity proofing transaction has been performed.
3.7.4 Protection
Member authentication details and member data are transmitted to partners only through secured, authenticated means (TLS), from CLEAR’s backend systems to the partner’s backend systems.
CLEAR SHALL maintain administrative, technical and physical safeguards to protect personal information against accidental, unlawful or unauthorized: destruction, alteration, access, disclosure or use. To safeguard certain sensitive information (such as biometric data and government-issued identification information), CLEAR implements security measures such as encryption, firewalls, and intrusion detection and prevention systems. Our customer service call centers do not have access to biometric data.
CLEAR SHALL employ an Information Security Management System which SHALL be independently assessed and certified on annual basis.
Stipulations relating to fees, insurances, warranties, disclaimers, limitations of liability, indemnities, terms of supply, termination, confidentiality, privacy, notices, amendments, dispute resolution, governing law and other representation and legal matters SHALL be communicated to Users CLEAR Terms of Use, Member Terms, Privacy Policy and other documents, all of which shall be brought explicitly to the member’s attention and relying party's attention. (see also §3.2.2). Notices from CLEAR are governed by Section 1.5 of the Member Terms. Modifications to our programs and terms services SHALL be governed by Section 3 and 7 of the Member Terms.
Stipulations relating to fees, insurances, warranties, disclaimers, limitations of liability, indemnities, terms of supply, termination, confidentiality, privacy, notices, amendments, dispute resolution, governing law and other representation and legal matters SHALL be communicated to the Relying Parties by way of a Privacy Policy and other contractual documents.
CLEAR Verified SHALL NOT impose fees onto the applicant to use the service.