Privacy Policy

Last updated: {{LastUpdatedDate}}

This Privacy Policy describes how {{CompanyName}} (“we”, “us”, “our”) collects, uses, discloses, and protects personal data—including biometric information—when you use our real-time biometric solutions (the “Services”), our websites, and related products. By accessing or using the Services, you agree to this Policy.

1. Data We Collect

• Biometric Inputs & Templates: Fingerprint/face/voice inputs processed to generate mathematical templates for authentication. Where possible, we discard raw inputs after template creation.
• Identity & Account Data: Name, email, phone, role, organization, login credentials, identifiers (user ID, device ID).
• Usage & Device Data: Logs, timestamps, IP address, browser/device info, app version, diagnostics, and performance metrics.
• Transactional Data: Subscription details, purchase history, and support interactions.
• Cookies & Similar Tech: See “Cookies” below for details.

2. How We Use Data

• Authenticate users and provide real-time biometric verification.
• Prevent fraud, detect anomalies, and maintain security.
• Operate, maintain, and improve the Services (including analytics and quality assurance).
• Provide customer support and communicate important updates.
• Comply with legal obligations and enforce our terms.

3. Legal Basis (Where Applicable)

• Consent: For biometric processing where consent is required.
• Contract: To deliver the Services under our agreement with you or your organization.
• Legitimate Interests / Legal Obligation: Security, fraud prevention, and compliance (as permitted by law).

4. Biometric Data Practices

• We strive to process biometric inputs ephemerally and store only derived templates where feasible.
• Templates are stored using encryption at rest and in transit.
• Access to biometric data is strictly role-based and logged.
• We do not use biometric data for purposes unrelated to identity verification without your explicit consent.

5. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy (e.g., for the duration of your account or contract) and as required by law. When no longer needed, we delete or de-identify data using reasonable measures. Organization admins may request earlier deletion subject to legal/contractual constraints.

6. Sharing & Disclosure

• Service Providers: Cloud hosting, analytics, support tools—bound by confidentiality and data processing terms.
• Organization/Admin: For enterprise accounts, admins may access user activity or configuration data.
• Legal & Safety: To comply with applicable law or protect rights, safety, and security.
• Business Transfers: In case of merger, acquisition, or asset sale, consistent with this Policy.
• No Sale: We do not sell personal data.

7. International Transfers

Data may be processed in countries other than your own. We implement safeguards such as contractual clauses and technical controls to protect your data consistent with applicable law.

8. Security

• Encryption in transit (TLS) and at rest.
• Least-privilege access controls, audit logging, and network segregation.
• Secure development lifecycle, vulnerability management, and incident response procedures.
• User responsibilities: maintain strong credentials and report suspected compromise.

9. Your Rights

Subject to applicable law, you may have the right to access, correct, update, port, or delete your personal data; withdraw consent; or object/restrict certain processing. To exercise rights, contact us at {{Email}}. We may need to verify your identity.

10. Children’s Privacy

Our Services are not directed to children under the age of {{ChildAgeThreshold}}. We do not knowingly collect personal data from children without appropriate consent as required by law. If you believe a child has provided data to us, contact {{Email}}.

11. Cookies & Similar Technologies

We use essential cookies to operate the site, and (where applicable) analytics cookies to understand usage. You can manage cookies via your browser settings. See our Cookie Policy for details.

12. India – DPDP Act, 2023

For users in India, we process personal data in accordance with the Digital Personal Data Protection Act, 2023. Where consent is the basis, you may withdraw consent at any time by contacting us. You may also file grievances with our Grievance Officer (details below).

13. Additional Disclosures (If Applicable)

• GDPR (EEA/UK): {{CompanyName}} acts as a controller or processor depending on your contract. You may lodge a complaint with your local supervisory authority.
• CCPA/CPRA (California): We do not “sell” or “share” personal information as defined by the CPRA. California residents can request access or deletion via {{Email}}.

14. Third-Party Links

Our site may contain links to third-party websites or services. Their privacy practices are not covered by this Policy. Review their policies before providing personal data.

15. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by updating the “Last updated” date or via other appropriate means. Continued use of the Services after changes means you accept the updated Policy.

16. Contact & Grievance Officer

Note: This template is for general informational purposes and does not constitute legal advice. Consult counsel to adapt it to your specific product, data flows, and regulatory obligations.