Biometric Data Privacy Policy

When your Customers use the FR-APIaaS API, the following data is processed on their behalf:

• Face images — uploaded by the Customer's application for enrollment or recognition.
• Face embeddings — mathematical representations derived from face images. These are high-dimensional vectors and cannot be reverse-engineered back into a photograph.
• Liveness signals — per-request scores indicating whether the presented face is live. These are transient and not persisted.
• Metadata — arbitrary key-value data provided by the Customer (e.g. external user IDs). We do not interpret this data.

FR-APIaaS is a data processor, not a data controller. The Customer who operates the application collecting biometric data is the data controller and is responsible for obtaining lawful consent from their end users before calling our API.

• Face images are encrypted at rest and in transit (TLS 1.2+).
• Face embeddings are stored in an isolated, per-organization database namespace — no cross-tenant access is possible.
• API keys are hashed and never stored in recoverable form.
• All API operations are logged in a tamper-evident audit trail accessible only to the organization's owner.
• Employees have no access to Customer face data except for authenticated support requests explicitly authorized by the Customer.

By default, enrolled face data is retained for the lifetime of the Customer's account or until explicitly deleted via the API or dashboard.

Customers may configure a retention policy (in days) on any face collection. Once set, our system automatically purges face embeddings — and optionally stored images — that exceed the retention window. This feature is designed to support GDPR Article 5(1)(e) storage limitation and BIPA's destruction schedule requirements.

Liveness scores and face quality metrics from individual API calls are not persisted beyond the HTTP response.

End users (data subjects) whose biometric data has been enrolled by a Customer have the right to request erasure. To exercise this right:

1. Contact the Customer's application directly — they are the data controller and must process your erasure request.
2. The Customer can delete your data via the DELETE /collections/:id/faces?external_id=:your_id endpoint, which permanently removes all embeddings and stored images associated with your external ID.
3. If the Customer is unresponsive, contact us at privacy@fr-apiaas.io and we will assist in identifying the responsible controller.

By using FR-APIaaS, Customers agree to:

• Obtain explicit, informed consent from end users before enrolling their biometric data.
• Provide end users with a clear privacy notice describing the purpose, retention period, and right to deletion.
• Not enroll biometric data of minors under 13 (or the applicable local age threshold) without parental consent.
• Comply with applicable local laws including GDPR (EU), CCPA (California), BIPA (Illinois), PDPA (Thailand), and any other biometric privacy regulation in their jurisdiction.
• Implement a process for responding to data subject access and erasure requests within legally required timeframes.

FR-APIaaS infrastructure is hosted within the region selected at account creation. By default, biometric data is not transferred across regional boundaries.

For EU/EEA Customers, we operate under a Data Processing Agreement (DPA) aligned with GDPR Chapter V requirements. Contact us to request a signed DPA for your organization.

For privacy inquiries, DPA requests, or data subject complaints: