Biometric Data Policy

This Biometric Data Policy (“Policy”) describes how AiPrise, Inc. (“AiPrise,” “we,” “us,” or “our”) collects, uses, stores, and destroys biometric data in connection with our identity verification services. This Policy supplements our Privacy Policy and applies to individuals located in the United States whose biometric data is processed through our services.

AiPrise provides identity verification, fraud detection, and compliance services to our business customers (“Customers”). When you verify your identity through a Customer’s application or website using AiPrise’s technology, we may collect biometric data as described below.

Definitions

For purposes of this Policy:

“Biometric Data” means biometric identifiers and biometric information as defined by applicable law, including scans of facial geometry extracted from photographs or video of your face (“Facial Scan Data”), and any mathematical representations, templates, or embeddings derived from such scans.

“Source Images” means the photographs, video, or other visual recordings of your face and identity documents that you submit through the services, from which Biometric Data may be extracted.

“Customer” means the business or organization that directed you to AiPrise’s identity verification services.

What Biometric Data We Collect

When you submit a selfie, photograph, or video for identity verification, AiPrise may extract Facial Scan Data — a mathematical representation of your facial geometry — from the image of your face. We may also extract Facial Scan Data from the photograph on your government-issued identity document (such as a driver’s license or passport).

We use Facial Scan Data to perform:

Facial verification (one-to-one comparison): comparing the image of your face against the photograph on your identity document to confirm that you are the person depicted on the document.
Liveness detection: analyzing your selfie or video to determine that you are physically present at the time of capture, rather than presenting a photograph, video, mask, or other spoofing method.

AiPrise processes Biometric Data at the direction of, and on behalf of, our Customers. Your Customer determines the purpose and scope of the identity verification.

How We Use Biometric Data

We use Biometric Data solely for the following purposes:

verifying your identity by comparing your Facial Scan Data against the Facial Scan Data extracted from your identity document;
detecting liveness and preventing spoofing during the verification process;
detecting and preventing fraud, including identifying potentially fraudulent identity documents; and
improving the accuracy and security of our identity verification services.

We do not use Biometric Data to:

identify you against a database of individuals (one-to-many facial recognition), except to the extent necessary to detect duplicate or fraudulent submissions across verifications at your Customer’s direction;
track your movements or behavior;
make automated decisions that produce legal effects for you; or
serve advertisements or for marketing purposes.

Biometric Data and the AiPrise Network

AiPrise operates a fraud detection and identity verification network across its customer base. Biometric Data is not shared through this network. De-identified fraud flags and verification status indicators may be shared across network participants, but Biometric Data (including Facial Scan Data, Source Images, and identity documents) is never included in network data.

Cross-customer verification status is determined using non-biometric identifiers (such as entity name, date of birth, and document number). AiPrise does not perform facial comparison across customers or use Facial Scan Data to match individuals across different Customer verifications.

For more information about our network data practices, please contact us or refer to the Network Intelligence Data section of the applicable Customer agreement.

Consent

We collect and process Biometric Data only with your express consent. Before any Biometric Data is captured, you will be presented with a consent notice that asks you to acknowledge this Policy and consent to the collection and processing of your Biometric Data.

If you do not consent, AiPrise will not extract Biometric Data from your images, and the identity verification will not proceed. You should contact your Customer to discuss alternative verification methods.

You may withdraw your consent at any time by contacting us at privacy@aiprise.com. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal. If you withdraw consent, AiPrise will destroy your Biometric Data in accordance with the Retention and Destruction section below, unless retention is required by law or legal process.

Retention and Destruction

Retention Schedule

We retain Biometric Data and Source Images for the shortest period necessary to fulfill the purpose for which they were collected. Retention periods vary based on the type of data and the service context:

Data Category

Maximum Retention Period

Facial Scan Data (biometric templates, embeddings, facial geometry)

Advertising networks

Source Images (selfies, photographs, video)

3 years from verification completion, or a shorter period set by the Customer

Identity Document Images

3 years from verification completion, or a shorter period set by the Customer

Facial Scan Data (ongoing monitoring)

Duration of the Customer’s monitoring subscription plus 365 days, or 3 years from your last interaction, whichever is shorter

Biometric Data (failed or flagged verifications)

Duration of any active fraud investigation plus 180 days, subject to the 3-year maximum

In all cases, Biometric Data will be destroyed no later than the earlier of: (a) the date on which the initial purpose for collecting the data has been satisfied; or (b) three (3) years after your last interaction with AiPrise’s services.

Where AiPrise acts as a service provider to a Customer, the Customer may instruct AiPrise to retain data for a shorter period. Customers may also request early deletion of your data through AiPrise’s API or dashboard.

Destruction Methods

When Biometric Data reaches the end of its retention period or is no longer needed, AiPrise permanently destroys it using commercially reasonable methods, including:

cryptographic erasure (rendering encrypted data unrecoverable by destroying the encryption keys);
secure deletion of electronic records in accordance with NIST 800-88 guidelines; and
purging of all backup and disaster recovery copies within 90 days of the primary deletion.

Destruction Upon Request

You may request early destruction of your Biometric Data by contacting us at privacy@aiprise.com. We will acknowledge your request within 30 days and complete destruction within 15 days of acknowledgment, unless retention is required by applicable law, legal process, or an active fraud investigation.

Disclosure of Biometric Data

We do not sell, lease, or trade Biometric Data.

We may disclose Biometric Data only in the following circumstances:

Recipient

Purpose

Your Customer

To provide the identity verification results requested by the Customer that directed you to our services

Service Providers

3 years from vTo third-party service providers who process Biometric Data on our behalf for the purposes described in this Policy, including cloud infrastructure providers and our identity verification data vendors, which perform facial verification and liveness detection on our behalf and do not store Biometric Data, and, where applicable, AI model providerserification completion, or a shorter period set by the Customer

Law Enforcement

When required by a valid warrant, subpoena, or court order issued by a court of competent jurisdiction

Legal Proceedings

To establish, exercise, or defend legal claims

We require all service providers who process Biometric Data on our behalf to maintain appropriate security measures and to process Biometric Data only as instructed by AiPrise.

Our identity verification data vendors processes your Biometric Data when performing facial verification and liveness detection on AiPrise’s behalf. These vendors do not store Biometric Data after processing is complete and are contractually required to maintain security and privacy standards consistent with this Policy. For questions about our data vendors, please contact us at privacy@aiprise.com.

Data Security

We protect Biometric Data using security measures that are at least as protective as those used for other sensitive personal information, including:

encryption in transit using TLS 1.2 or higher;
encryption at rest using AES-256 or equivalent;
strict access controls limiting Biometric Data access to authorized personnel with a legitimate business need;
regular security audits and vulnerability assessments; and
SOC 2 Type II certification.

Destruction Upon Request

Your Rights

Depending on where you are located, you may have additional rights regarding your Biometric Data under applicable law:

Your Right

How to Exercise It

Access — Confirm whether we hold your Biometric Data and request a copy

Deletion — Request destruction of your Biometric Data

Withdraw Consent — Revoke your consent to Biometric Data processing

Correct — Request correction of inaccurate Biometric Data

Complaint — Lodge a complaint with a supervisory authority

Contact your applicable data protection authority

Because AiPrise processes Biometric Data at the direction of our Customers, we may direct you to contact your Customer for certain requests, particularly where the Customer controls the retention period or verification workflow.

Consumer Health Data

AiPrise’s collection and use of Biometric Data for identity verification and fraud prevention does not constitute the collection of “consumer health data” as defined by the Washington My Health My Data Act, Nevada SB 370, or similar state health privacy laws. Biometric Data processed by AiPrise is used solely to prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, or malicious or deceptive activities, and is not used to identify or infer any information about your past, present, or future physical or mental health status.

Children

AiPrise’s identity verification services are not directed to individuals under the age of eighteen (18). We do not knowingly collect Biometric Data from children. If you believe Biometric Data has been collected from an individual under eighteen, please contact us immediately at privacy@aiprise.com.

Changes to This Policy

We may update this Policy from time to time by posting a revised version on our website. If we make material changes to how we collect, use, or disclose Biometric Data, we will provide notice through our website or through our Customers before the changes take effect. Your continued submission of Biometric Data after the effective date of any revised Policy constitutes your acceptance of the changes.

Contact Us

If you have questions about this Policy or wish to exercise any of your rights, please contact us:

AiPrise, Inc. - 2880 Zanker Rd., Ste. 203, San Jose, CA 95134

Attn: Privacy Team - privacy@aiprise.com

See your full compliance picture in one place

Use AI agents and global data to review businesses and users faster and more accurately

See AiPrise in action