Identity for Enterprise

NextGen Identity+ Credential Policy
Table of Contents
  1. Introduction
  2. Publication and Repository Responsibilities
  3. Identity Provider (Idp) Credential Enrollment and Issuance
  4. Internal Audit
  5. Legal
  6. Fees

1. Introduction

1.1 Overview
  1. The purpose of this Credential Policy Statement (CrP) is to describe the policies under which NextGen Identity+ SHALL be operated and delivered. These policies will support NIST 800-63A IAL2 requirements as covered by the applicable Kantara Service Assessment Criteria.

  2. CLEAR's NextGen Identity+ is a supervised enrollment that is done to support expedited access through a security checkpoint. Enrollment in this service SHALL be completed by using a CLEAR pod at one of the airport locations in which CLEAR operates. The NextGen Identity+ service is distinct from the CLEAR Verified enrollment workflow which is also NIST 800-63A IAL2 compliant. 
  1. CLEAR's NextGen Identity+ service enables applicants to enroll in NextGen Identity+ and join the Registered Traveler Program. This program permits applicants whose identities have been verified to not have to show identity documents every time they traverse the TSA Travel Document Check. Once a confirmed and enrolled applicant has passed the Travel Document Check they will proceed to screening. The applicant benefit is a faster access to security screening process. 

1.2 Service Administration

1.2.1 Organization administering the document

Secure Identity, LLC

85 10th Ave, 9th Floor

New York, NY 10011

1.2.2 Credential Policy (CrP) Approval

The CrP is reviewed annually by CLEAR’s Product, Information Security, and Technology teams to confirm changes are adequately reflected. Once reviews and updates have been addressed, the CrP SHALL be approved by the CLEAR Chief Information Security Officer (CISO).

1.2.3 Jurisdictions

CLEAR operates the NextGen Identity+ in the United States only. 

2. Publication and Repository Responsibilities

CLEAR SHALL publish its Credentialing Policy (CrP) regarding the NextGen Identity+ service, on its website and applicable devices, along with other terms of service as may be required to fully advise all necessary and appropriate parties, in its Terms of Use, Member Terms and Privacy Policy. These publications SHALL be maintained such that they always reflect the service as it is operated at any given time.

CLEAR SHALL maintain an internal repository of information relating to individual credentials, their statuses and a applicant’s characteristic attributes and eligibilities as necessary to provide the NextGen Identity+ service and comply with applicable obligations, including legislative and policy obligations and obligations arising under CLEAR's Terms of Use, Member Terms and Privacy Policy.

CLEAR’s Member Terms and Privacy Policy SHALL govern the circumstances under which applicant data may be shared.

3. Identity Provider (Idp) Credential Enrollment and Issuance

3.1 Overview
  1. CLEAR NextGen Identity+ is an in-person, supervised IAL2 enrollment;
  1. Biometric verification is needed to prove the applicant's identity for the purposes of traversing the Travel Document Check.

3.2 Applicant Enrollment

CLEAR’s Privacy Policy and Member Terms are invoked by this document. 

3.2.1 Enrollment 

Applicants SHALL be able to enroll in NextGen Identity+ based solely on the evidence provided. Applicants SHALL complete their NextGen Identity+ enrollment workflow on a dedicated, secured CLEAR-owned pod at an airport location.

3.2.2 Account Creation

  1. Applicants SHALL be presented with CLEAR’s CrP, Member Terms and Privacy Policy.
  2. Applicants SHALL be required to accept CLEAR’s CrP and Member Terms before being permitted to proceed with CLEAR NextGen Identity+ Enrollment. 
  3. NextGen Identity+ applicants SHALL be required to re-accept Member Terms every 5 years. 


3.2.2.1 CLEAR NextGen Identity+ Availability

The CLEAR NextGen Identity+ system has a goal availability Service Level Agreement (SLA) of at least 99%. 

3.2.3 Identity Proofing and Verification 

3.2.3.1 Minors 

Minors SHALL not be permitted to enroll through CLEAR’s NextGen Identity+ service.  CLEAR’s NextGen Identity+ SHALL only be available to users that are 18 years of age and older. 

3.2.3.2 Minimum Collection of PII 

Information collected in CLEAR’s identity proofing process SHALL be the minimum required to complete CLEAR’s identity checks for the NextGen Identity+ service. This information MAY include:

  • Name (first / middle / last)
  • Date of birth
  • Physical address (e.g. street, city, zip code), where applicable
  • Mobile phone number
  • Email address
  • Identity document details (ID type, ID number, issuer, issue date, expiry, epassport chip payload) and images
  • Facial image
  • Fingerprint and/or iris scan

Applicants’ information SHALL be retained until the applicant requests a purge of their data (or as required by applicable law or CLEAR policy), as are the results of the validation checks on the information described below.

3.2.3.3 Evidence Collected from User

CLEAR SHALL establish user identity for the NextGen Identity+ by collecting one piece of identity evidence—a Passport, validating the evidence with the issuing source as being genuine and verifying it as belonging to the applicant.

Users SHALL provide full and correct responses to requests for information. 

3.2.3.4 Errors and Redress

Applicants MAY contact CLEAR customer service via a variety of channels for assistance. CLEAR customer service support is available Monday - Sunday from 8:00 am - 9:00 pm ET. CLEAR aims to handle all requests in a timely manner through the different mediums that we support including phone and email. 


Full information can be found by going to CLEAR Support & FAQs.

3.2.3.5 Account Maintenance 

After the applicant creates an account by adding email and phone (requiring a one-time password to confirm possession), accepting Member Terms, they will receive an email from CLEAR indicating they MAY set a password for their CLEAR account, which allows the user to re-authenticate into the CLEAR online applicant account and access their account details to complete administration tasks. No information relevant to the enrollment can be changed on the online applicant account. The applicant must select a password that is at least 8 characters long. There are no challenge questions set. For avoidance of doubt, the password is only usable for CLEAR online applicant account authentication, NEVER for pod authentication.

3.2.3.6 Notification of Proofing

Notification that the applicant has enrolled in NextGen Identity+ SHALL be delivered by email once proofing has been completed.

3.2.3.7 Ceasing Identity Verification 

In the event CLEAR ceases to conduct identity proofing and enrollment processes for the NextGen Identity+ service, while maintaining other CLEAR services, CLEAR SHALL retain data in accordance with its Privacy Policy and section 3.3.3 below. 

Where applicable, data is disposed of and destroyed using methods in accordance with the NIST-800-88 guidelines for data disposal. This includes ensuring secure deletion or destruction of PII including originals, copies, and archived records from all of CLEAR’s databases.

3.2.3.8 Updating Existing Enrollment 

If the applicant updates relevant aspects of their identity after the enrollment, they SHALL update their identity on the pod using the appropriate evidence. This evidence SHALL be verified using the same processes specified above in 3.2.3.2 through 3.2.3.3. 

3.3.3 Retention of User Data 

All PII collected as part of the enrollment process including information from validation and verification sources are protected with safeguards that comply with NIST 800-53 high baselines. CLEAR retains a user’s data including authentication data and the PII listed in Section 3.2.3.2 indefinitely or until either the user has requested a purge of their data, or CLEAR policy or applicable law requires that it be purged in part or in whole. Purging of data will disable your account and prevent use of CLEAR services. An applicant can request a purge of their data at any time by one of the following methods: 

  1. Contact us at: privacy@clearme.com
  2. Call 1-855-253-2763
  3. Submit a request here (for access and deletion requests only); or
  4. Write to us at:
CLEAR
Attention: Chief Privacy Officer
85 10th Avenue, 9th Floor
New York, New York 10011
Refer to the Privacy Policy for more details. 


4. Internal Audit

CLEAR conducts activities to validate continuous compliance with applicable NIST 800-53 controls and will annually conduct an audit for the effective provision of the NextGen Identity+ service.

The third party technology that CLEAR utilizes for audit management retains audit records for greater than 36 months. The safeguards to protect the security of the audit records management system are evaluated as part of CLEAR’s third-party risk management process and validated that these safeguards are in conformance with CLEAR’s information security policies and standards. The safeguards are evaluated as part of CLEAR’s controls for risk management to ensure that they are consistent with CLEAR’s internal policies and standards for securing confidential information.

5. Legal

Stipulations relating to fees, insurances, warranties (see section 4.2 of Member Terms), disclaimers, limitations of liability, indemnities, terms of supply, termination, confidentiality, privacy, notices, amendments, dispute resolution, governing law and other representation and legal matters are set forth in the, Member Terms and Privacy Policy, which are brought to the applicant’s attention during enrollment (see also §3.2.2).

5.1 Notices and Updates to Programs and Terms 

Notices from CLEAR are governed by Section 1.5 of the Member Terms.  Modifications to our programs and terms services are governed by Section 3 and 7 of the Member Terms.    

6. Fees

Applicable fees SHALL be presented to the Applicant prior to any charges. Up to date information relating to fees or charges SHALL be found on CLEAR.