1. Introduction

At Biometrica Systems, Inc., protecting privacy and civil liberties is at the core of everything we do. This Biometric Data Policy explains Biometrica’s approach to the use, handling, and protection of biometric-related processes and clarifies what Biometrica does — and importantly, what it does not do — when working with biometric technology.

We are not a facial recognition company and have no direct access to biometric templates or biometric identifiers. However, we are committed to complying with or exceeding all applicable laws and regulations governing the responsible use of biometric data, including but not limited to:

  • The Illinois Biometric Information Privacy Act (BIPA)
  • The EU General Data Protection Regulation (GDPR)
  • The UK Data Protection Act (DPA)
  • The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws (e.g., Quebec’s Law 25)
  • The Australian Privacy Act
  • The New Zealand Privacy Act 2020
  • The EU Artificial Intelligence Act (for AI-based systems)
  • Other jurisdictional U.S. laws relating to the use of biometric data

2. Biometrica’s Position on Biometric Data

As mentioned above, Biometrica is not a facial recognition company. We provide tools that assist law enforcement and authorized and vetted agency partners by enabling responsible, privacy-preserving, real-time identification of potential threats or missing persons. We enable searches against facial recognition outputs, but we do not directly process, access, retain, or transmit biometric data or biometric identifiers ourselves.

We operate under these principles:

  • No biometric access by Biometrica personnel
  • No biometric data storage or retention
  • No creation of biometric templates or identifiers
  • All biometric comparisons are conducted in an isolated third-party, NIST-evaluated and approved black box environment

3. Our Systems and Their Relation to Biometric Data

Biometrica systems include:

UMbRA
A 100% law enforcement-sourced database containing charge/booking data, criminal records, warrants, sex offender data, probation/parole status, and non-searchable missing persons records.
➤ UMbRA does not contain biometric data and does not generate, access, transmit or retain biometric templates or identifiers.

RTIS & RVIS
Real-time Threat and Victim Identification Systems that process still images and conduct secure matching operations using third-party NIST-approved facial recognition in an isolated and secure black box environment.
➤ These systems produce human-reviewed, relevance-based alerts — no video is captured or retained.
➤ Alerts are only generated when an authorized human at Biometrica’s Rapid Action Center (RAC) reviews and validates an algorithmic match.

QAPLA
A face verification and similarity scoring tool used by credentialed investigators.
➤ No biometric identifiers are accessed, stored or retained by Biometrica.
➤ All matched images are deleted and purged from the server.
➤ All matching is performed externally via a third-party provider.

eMotive
A continuous, FCRA-compliant criminal background check system requiring explicit employee consent.
➤ eMotive performs no facial recognition.
➤ eMotive operates under U.S. federal and state background screening laws, including the FCRA.

4. Black Box Model — Facial Recognition

All biometric comparisons facilitated by Biometrica systems:

  • Are conducted by an independent, NIST-evaluated and approved third-party provider
  • Occur within a secure and isolated black box environment
  • Result in Biometrica receiving only a simple match/no-match output for human verification
  • Do not expose faceprints, biometric templates, or associated metadata to Biometrica

Biometrica cannot access, transmit, store, or manipulate:

  • Faceprints
  • Biometric identifiers
  • Other biometric templates (including, but not limited to, faceprints)
  • Associated metadata from biometric comparisons

We therefore have no biometric gallery.

5. Human-in-the-Loop & Ethical Guardrails

Biometrica enforces:

  • A human-in-the-loop system, requiring trained human analysts to verify any algorithmic match
  • A Rapid Action Center (RAC) that verifies and controls all RTIS/RVIS alerts
  • Relevance-based alerts — alerts are generated only if the match is relevant to the facility’s lawful mission
  • Deletion of all non-relevant data, with unmatched images automatically discarded

6. Data Minimization & Privacy by Design

Biometrica applies the strictest data minimization and privacy by design principles:

  • We do not conduct mass surveillance
  • We do not capture or store general video footage
  • Images processed by RTIS/RVIS sensors are immediately discarded if not matched
  • Even matched images are only retained in compliance with strict audit and chain-of-custody requirements
  • No location data, except where legally required for investigative purposes, is retained or shared

7. Compliance Statement

Biometrica’s systems are designed to comply with:

  • U.S. Federal and State Privacy and Biometric Laws (including BIPA)
  • GDPR and UK DPA (including rights to access, rectification, and objection)
  • PIPEDA and applicable Canadian Provincial Privacy Laws
  • Australian and New Zealand Privacy Laws
  • The EU Artificial Intelligence Act (risk management and human oversight principles)
  • The Fair Credit Reporting Act (FCRA) for eMotive

All products and services are regularly reviewed for legal compliance, data protection, and ethical considerations.

8. Contact for More Information

For questions about this policy, contact:
privacy@biometrica.com