Biometrica | Illinois Biometric Information Privacy Act (BIPA) Compliance Statement

Version: March 2025

Applicability

This disclosure outlines Biometrica Systems, Inc.’s compliance with the Illinois Biometric Information Privacy Act (740 ILCS/14), commonly known as BIPA, applicable to data collected or processed within the State of Illinois.

About Biometrica

Biometrica is a public safety technology company focused on protecting people without mass surveillance or biometric data, including and not limited to biometric templates and biometric identifiers’ access, transmission, retention, or storage. We therefore have no biometric gallery.

We build real-time systems designed to detect potential threats or locate missing persons while preserving privacy and civil liberties.

Biometrica operates:

  • UMbRA — A 100% law enforcement-sourced database containing charge/booking data, criminal records, warrant data, sex offender registrations, parole/probation status, and missing persons data.
    • Missing persons data is not searchable and is used solely for RTIS/RVIS system matching.
  • RTIS & RVIS — Real-time Threat Identification System and Real-time Victim Identification System. These are systems, with sensors serving as components, not standalone solutions.
  • QAPLA — Face verification and similarity scoring system without biometric storage or access.
  • eMotive — Continuous, FCRA-compliant criminal background check system requiring explicit employee consent.

Facial Recognition Technology — Privacy by Design

Biometrica is not a facial recognition company.

  • All biometric comparisons are conducted by a third-party, NIST-evaluated and approved provider, operating within a secure, isolated Blackbox environment.
  • Biometrica does not access, transmit, store, or retain:
    • Faceprints
    • Biometric identifiers
    • Biometric templates (including but not limited to faceprints)
    • Associated metadata from facial recognition
  • We have no biometric gallery.

Biometrica receives only a numerical match ID when an alert is generated, and this ID is subject to human review.

Biometrica staff never have access to:

  • Search queries within UMbRA
  • Match queries via QAPLA
  • Continuous background monitoring data via eMotive

The only personnel who see actionable alerts are trained staff within Biometrica’s Rapid Action Center (RAC) who perform mandatory human verification.

This workflow is part of Biometrica’s commitment to Privacy by Design, Data Minimization, and Human-in-the-Loop safeguards.

Compliance with the Illinois Biometric Information Privacy Act (BIPA)

Biometrica:

  • Does not collect, capture, purchase, or otherwise obtain biometric identifiers or biometric information as defined by BIPA.
  • Does not store or retain biometric data.
  • Does not disclose, sell, lease, or trade biometric identifiers or biometric information.
  • Ensures all biometric comparisons are performed externally, via a third-party, NIST-evaluated and approved provider, operating within a secure, isolated Blackbox environment.

Illinois residents should note that BIPA provides:

  • A private right of action for violations.
  • Statutory requirements regarding notice and consent prior to biometric data collection.
  • Remedies for unauthorized disclosure or misuse of biometric data.

Biometrica is structurally designed to avoid these risks entirely.

Data Minimization and Privacy Safeguards

Biometrica applies:

  • Data minimization: Only necessary data is collected and processed.
  • Purpose limitation: Data is used solely for public safety and missing persons objectives.
  • No mass surveillance: No video footage or indiscriminate data collection.
  • Relevance-based alerts: Only alerts relevant to the requesting agency’s authorized scope are generated.
  • Human-in-the-loop: Every actionable alert is reviewed by trained human analysts before dissemination.
  • Immutable audit trails: All actions are logged and auditable.

Data Subject Rights Under BIPA

Since Biometrica does not collect or process biometric information as defined under BIPA, data subjects interacting indirectly with Biometrica’s systems are not subject to BIPA-covered biometric data processing.

Nevertheless, Biometrica:

  • Complies fully with Illinois privacy and security laws.
  • Applies privacy-by-design and audit capabilities.

Contact

For questions regarding this policy:
privacy@biometrica.com

Version Control

Last Updated: March 2025
Next Scheduled Review: March 2026 or earlier if legally required.

Version Control:
This policy is part of Biometrica’s state privacy and biometric compliance documentation suite.
For full version history and review cycles, refer to the Biometrica Version Control Note [link TBD – do we need this?].

Version Control Notes:

  • Each policy reflects Biometrica’s operations as of March 2025.
  • Biometrica’s privacy documentation will be reviewed at least annually, and whenever:
    • New legislation is enacted or amended.
    • Relevant case law, regulatory guidance, or enforcement activity indicates the need for change.
    • Biometrica introduces or materially modifies products or services that affect data handling.
  • Previous versions will be archived and available internally for audit and compliance purposes.