Biometrica Systems — International Data Privacy Compliance Statement

Last Updated: March 30, 2025

Introduction

Biometrica Systems, Inc. is committed to protecting individual privacy and maintaining the highest data protection standards globally. Our solutions are designed for public safety, child and vulnerable adult protection, and critical infrastructure security while upholding civil liberties. This document summarizes how Biometrica complies with key international privacy frameworks:

  • GDPR (European Union & United Kingdom)
  • Quebec Law 25 & PIPEDA (Canada)
  • Australia Privacy Act
  • New Zealand Privacy Act
  • U.S. State Data & Biometric Privacy Laws (CCPA, VCDPA, BIPA, etc.)
  • EU Artificial Intelligence Act (AI Act)

Core Principles

Privacy by Design

Biometrica integrates privacy by design into every solution.
We prioritize:

  • Minimal data collection
  • Relevance-based alerts
  • Human oversight
    This principle is present across our systems:
    UMbRA, RTIS, RVIS, QAPLA, and eMotive.

Data Minimization

  • Only law enforcement-sourced or facility-supplied datasets are processed.
  • No footage, video, or audio is retained.
  • Alerts are only generated for individuals relevant to the lawful mission of the user organization.
  • Non-matching data is deleted automatically.

Personal & Sensitive Data Handling

  • Biometrica does not access, transmit, store, or retain:
    • Biometric data (including templates or identifiers)
    • Faceprints
    • Any biometric metadata
    • Unmatched images
  • The UMbRA system includes only:
    • Booking data, criminal records, warrants, sex offender data, and non-searchable missing person data.
  • UMbRA access is limited to trained, credentialed law enforcement or approved quasi-law enforcement users.

This fully aligns with:

  • GDPR Article 9 (Sensitive Data)
  • Quebec Law 25
  • Australia’s APPs 6–7
  • U.S. Biometric-specific laws (e.g., BIPA)

Artificial Intelligence (AI) and Automated Processing Safeguards

Biometrica employs Agentic AI, which:

  • Generates pointer data (match suggestions) for human verification.
  • Is not capable of autonomous decision-making.
  • Is not Generative AI.
  • Operates exclusively within a human-in-the-loop framework.

All biometric comparisons are:

  • Performed in an isolated black box environment by a NIST-approved, independent provider.
  • Verified by Biometrica’s trained analysts before alerts are issued.

This approach is fully compliant with:

  • GDPR Art. 22 (automated decision-making safeguards)
  • EU AI Act (classified as Limited Risk AI)
  • PIPEDA (Canada)
  • Australia Privacy Act
  • U.S. FCRA where applicable (eMotive)

Data Subject Rights (DSR) Handling

Biometrica:

  • Does not provide direct access, correction, or deletion for law enforcement-supplied data.
  • Refers any such requests to the originating agency.
  • Requires explicit employee consent for eMotive usage, in compliance with FCRA and GDPR Art. 7.
  • Maintains immutable audit trails for accountability.

Cross-Border Transfers

Biometrica:

  • Utilizes U.S.-based servers with SCCs available for GDPR-compliant transfers.
  • Processes data only under lawful bases (public safety, law enforcement, or permitted contractual use).
  • Follows Canadian, Australian, and New Zealand cross-border transfer requirements.

Public Disclosures & Transparency

Biometrica provides:

  • This International Compliance Summary.
  • A published Website Privacy Policy.
  • A Biometric Data Policy.
  • A Security and Compliance FAQ (by request).
  • Optional customer-specific Data Processing Agreements (DPAs).

Enforcement & Governance

  • Biometrica’s Chief Privacy Officer oversees privacy and compliance.
  • Systems are subject to internal and third-party audits.
  • The immutable audit trail is maintained for all relevant actions.

For more information, contact privacy@biometrica.com