Singapore Personal Data Protection Act (PDPA) Compliance
March 2025

Applicability of the PDPA to Biometrica Systems, Inc.

Biometrica Systems, Inc. affirms its commitment to compliance with the Personal Data Protection Act (PDPA) of Singapore (as amended). The PDPA governs the collection, use, and disclosure of personal data, including biometric data, within Singapore.

Biometrica’s Core Compliance Principles:

  1. No Biometric Data Retention
    • Biometrica does not access, transmit, store, or retain biometric data, biometric identifiers, faceprints, or any biometric templates.
    • Facial recognition comparisons are performed by an independent, NIST-evaluated, third-party provider in a black box environment. Biometrica has no access to or visibility into this process.
  2. Data Minimization
    • Unmatched images are immediately deleted after processing.
    • Only data associated with a relevance-based, human-verified alert is retained for law enforcement or public safety purposes.
    • No mass surveillance or continuous video monitoring is conducted by Biometrica systems.
  3. Purpose Limitation & Public Safety
    • Biometrica only supports law enforcement and public safety missions, including missing persons recovery, public safety threat identification, and employee risk monitoring, in partnership with government or quasi-governmental entities.
    • All alerting is relevance-based and subject to human verification.
  4. Human Oversight
    • All real-time threat and victim alerts are reviewed by trained human analysts in Biometrica’s Rapid Action Center (RAC) prior to dissemination.
    • Automated alerting without human validation is strictly prohibited.
  5. Security Safeguards
    • Biometrica employs strong technical, administrative, and physical safeguards consistent with internationally recognized security frameworks to protect all data handled by its systems.
    • Biometrica’s systems are NIST SP 800-53 compliant.
  6. Retention Limitation
    • Images or data not associated with a verified alert are automatically deleted.
    • Alerts are retained solely for investigative, evidentiary, or compliance purposes and only by authorized personnel.
  7. Transparency
    • Biometrica provides clear public information about its data practices.
    • Biometrica does not make any dataset or search tool publicly available.
  8. Cross-border Transfers
    • Biometrica servers are based in the United States.
    • All data handling complies with applicable international standards, and no personally identifiable biometric information is transferred across borders.

Singapore-Specific Considerations:

Biometrica’s systems are primarily used by law enforcement and security stakeholders and operate under permissible exceptions recognized in the PDPA for public interest, investigation, and security purposes.

For inquiries regarding Biometrica’s privacy practices, please contact:
privacy@biometrica.com