Biometric Data Retention Policy
This policy governs how FaceAccess collects, retains, and destroys biometric identifiers and biometric information in compliance with applicable state and federal law.
โ ๏ธ Biometric Identifier Notice
FaceAccess collects biometric identifiers as defined under the Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington My Health MY Data Act. This policy fulfills our written retention and destruction schedule obligations under these laws.
1. Scope and Definitions
This policy applies to all biometric data collected by FaceAccess across its products and services including FaceAccess Home, FaceAccess Business, FaceAccess Mobile, and the FaceAccess Web Dashboard.
Biometric Identifiers
As used in this policy, "biometric identifiers" means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. FaceAccess specifically collects facial geometry scans in the form of encrypted 128-dimensional mathematical templates derived from camera imagery.
Biometric Information
"Biometric information" means any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual. FaceAccess biometric information includes facial recognition embeddings and associated liveness and quality scores stored per enrolled face.
๐๏ธ Illinois BIPA Compliance
Pursuant to the Illinois Biometric Information Privacy Act (740 ILCS 14/), FaceAccess maintains this publicly available written policy establishing its retention schedule and guidelines for permanently destroying biometric identifiers and biometric information.
2. Purpose of Collection
Biometric data is collected solely for the following purposes:
- Identity verification and authentication for access control systems
- Multi-factor authentication to secure accounts and devices
- Liveness detection to prevent spoofing and fraud
- Matching against enrolled templates for door and gate access events
Biometric data is never used for advertising, employee monitoring beyond stated purposes, data mining, or sale to third parties.
3. Informed Written Consent
Prior to collecting biometric identifiers, FaceAccess:
- Informs the subject in writing that biometric identifiers are being collected and stored
- Provides this written policy to the subject
- Receives a written release (via checkbox consent at enrollment) from the subject or their legally authorized representative
Consent records are stored with a timestamp and may be accessed by the subject upon request.
4. Retention Schedule
Biometric identifiers and biometric information collected by FaceAccess are retained according to the following schedule:
| Event / Trigger | Retention Action | Timeframe |
|---|---|---|
| User deletes face enrollment in account settings | Permanent deletion | Within 30 days of request |
| Account deletion / termination | Biometric data permanently destroyed | Within 30 days of account closure |
| Initial purpose fulfilled (access event logged) | Raw frame data deleted; template retained for ongoing auth | Immediately (raw frames) |
| User inactivity (no logins or access events) | Retention review; deletion if purpose no longer active | After 3 years of inactivity |
| User submits deletion request to support | Permanent deletion from all systems | Within 30 days of verified request |
| Consent withdrawal | Biometric data permanently destroyed | Within 30 days |
| Maximum retention period (from last active use) | Automatic deletion regardless of other status | 3 years from last activity |
In all cases, biometric identifiers are destroyed no later than the earlier of: (a) when the initial purpose for collecting or obtaining such identifiers has been satisfied, or (b) within 3 years of the individual's last interaction with the Company.
5. Destruction Method
Biometric data is permanently destroyed using the following methods:
- Database records: Cryptographic zeroing and row deletion with cascading foreign key removal from all associated tables
- Backup systems: Biometric data fields are excluded from routine database backups; existing backups containing the data are overwritten or purged within 90 days of the deletion event
- Encryption keys: Per-user encryption keys associated with biometric data may be permanently destroyed to cryptographically render stored data unrecoverable
FaceAccess maintains deletion logs for compliance audit purposes. These logs contain the timestamp and type of data deleted but do not re-contain the deleted biometric data itself.
6. Storage and Security
During the retention period, biometric data is:
- Stored only on access-controlled, encrypted infrastructure operated by FaceAccess or its infrastructure provider (Cloudflare)
- Encrypted at rest using AES-256 or equivalent
- Transmitted only over TLS 1.2+ encrypted connections
- Never stored as raw photographs or video โ only as mathematical templates
- Access-controlled so that only authorized systems can query biometric templates during authentication
7. Prohibition on Sale or Profit
FaceAccess does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information. This prohibition applies permanently and is not subject to waiver.
8. Third-Party Disclosure
Biometric data is disclosed to third parties only:
- When required by applicable law, warrant, or court order (and, to the extent legally permissible, with prior notice to the subject)
- With the express written consent of the subject
- To Cloudflare as our infrastructure provider under a strict Data Processing Agreement that prohibits Cloudflare from independently accessing or using biometric data
9. State-Specific Compliance
Illinois (BIPA โ 740 ILCS 14/)
FaceAccess complies with all BIPA requirements including: obtaining written informed consent, maintaining this publicly available retention policy, prohibiting sale or profit from biometric data, and implementing reasonable security measures.
Texas (CUBI โ Tex. Bus. & Com. Code ยง 503.001)
FaceAccess captures biometric identifiers only for identity verification purposes. Biometric data is destroyed within a reasonable time no later than one year after the purpose for collection has been fulfilled, consistent with our schedule above.
Washington (My Health MY Data Act)
Washington residents may request deletion of all biometric data at any time through account settings or by contacting support@faceaccess.com. Deletion will be completed within 30 days.
California (CCPA / CPRA)
California residents have the right to know what biometric data is collected, request deletion, opt out of sale (FaceAccess does not sell biometric data), and not be discriminated against for exercising these rights. Submit requests via support@faceaccess.com.
10. Subject Rights and Requests
To exercise any right under this policy:
- In-app: Account Settings โ Privacy โ Manage Biometric Data
- Email: support@faceaccess.com with subject "Biometric Data Request"
FaceAccess will respond to verified requests within 30 days. Identity verification may be required prior to processing deletion or access requests.
11. Policy Updates
This policy may be updated to reflect changes in law or business practices. Material updates will be communicated via email and in-app notice. The retention schedule will never be extended beyond statutory maximums without renewed consent.
12. Contact
Biometric Data Privacy Officer:
support@faceaccess.com