Biometrica | California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA) Compliance Statement

Version: March 2025

Applicability

This statement describes Biometrica Systems, Inc.’s compliance with the California Consumer Privacy Act (CCPA) as amended and expanded by the California Privacy Rights Act (CPRA), which took effect January 1, 2023.

Under the CPRA, Biometrica is classified as a service provider to law enforcement agencies, educational institutions, public safety entities, and quasi-governmental bodies.

Exemptions Relevant to Biometrica:

  • Data processed under federal law enforcement exemptions.
  • Data collected and processed by law enforcement agencies in compliance with applicable law.
  • Personal information that is lawfully made available from government records.
  • Data subject to:
    • Fair Credit Reporting Act (FCRA)Biometrica’s eMotive solution is FCRA-compliant.
    • Family Educational Rights and Privacy Act (FERPA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Driver’s Privacy Protection Act (DPPA)
    • Gramm-Leach-Bliley Act (GLBA)

Given that Biometrica exclusively uses publicly available law enforcement-sourced data, CPRA applies to Biometrica only to the extent that it engages with California residents outside of law enforcement contexts (e.g., website visitors or direct commercial inquiries).

About Biometrica

Biometrica is a public safety technology company focused on protecting people without mass surveillance or biometric data, including and not limited to biometric templates and biometric identifiers’ access, transmission, retention, or storage.
We therefore have no biometric gallery.

Our systems include:

  • UMbRA — A 100% law enforcement-sourced database containing charge/booking data, criminal records, warrants, sex offender data, probation/parole status, and non-searchable missing persons records used solely for public safety and investigative matching. Direct UMbRA access is only available to credentialed law enforcement and quasi-law enforcement personnel.
  • RTIS & RVIS — Real-time Threat and Victim Identification Systems (RTIS & RVIS) designed to identify and locate law enforcement-verified threats or victims, or persons trespassed from a facility in real-time without retaining video, audio, or biometric data.
  • QAPLA — Face verification and similarity scoring tool available to credentialed law enforcement or approved users.
  • eMotive — Continuous, FCRA-compliant criminal background check solution requiring explicit employee consent.

Biometric Data Under CPRA

The CPRA expands Personal Information to include Sensitive Personal Information, such as:

  • Biometric information
  • Geolocation data
  • Government identifiers (e.g., Social Security numbers)
  • Racial or ethnic origin
  • Union membership
  • Contents of personal messages

Biometrica does not collect, retain, transmit, or store:

  • Faceprints
  • Biometric identifiers
  • Biometric templates (including but not limited to faceprints)
  • Associated metadata from biometric comparisons
  • Video footage

All biometric comparisons are:

  • Performed by an independent, third-party NIST-evaluated and approved provider.
  • Conducted within a secure and strictly isolated black box environment.

Biometrica has no access to the underlying biometric data used for face matching.

Human-in-the-Loop & Privacy Safeguards

All alerts generated by Biometrica’s systems:

  • Undergo mandatory human review by trained personnel.
  • Are limited to relevance-based alerts (e.g., is this person a threat to this specific facility under applicable law?).
  • Cannot be used for automated mass surveillance.
  • Are stored with immutable audit trails for accountability and chain-of-custody integrity.

Only Biometrica’s Rapid Action Center (RAC) may view and send out RTIS/RVIS alerts, and only after human verification.

Location Data

RTIS and RVIS may use general location information exclusively for:

  • Public safety
  • Criminal investigations
  • Missing persons recovery

Location data is:

  • Never used for commercial tracking, behavioral profiling, or targeted advertising.

Data Minimization & Purpose Limitation

Biometrica enforces:

  • Data Minimization: Only the minimum necessary information is processed.
  • No mass surveillance: No indiscriminate capture of images, footage, or biometric data.
  • Purpose Limitation: Data is processed solely for public safety, missing persons recovery, and investigative use.
  • No Commercialization: Biometrica does not sell data to third parties.

Data Subject Rights Under CPRA

California residents have the right to:

  • Access, correct, delete, or opt-out of the sale or sharing of personal information, under the CPRA.

However:

  • Data contained within UMbRA is law enforcement-provided, publicly available government records, and is exempt.
  • Biometrica cannot modify, delete, or alter law enforcement records.
  • UMbRA access is available only to credentialed and trained law enforcement personnel.

Data subjects seeking corrections or deletions of UMbRA records must contact the originating law enforcement agency.

Biometrica’s Commitment to California Consumers

For individuals interacting directly with Biometrica (e.g., website visitors):

  • We do not collect sensitive personal information without your consent.
  • We do not sell personal data.
  • We process only the minimal data necessary for service delivery or security purposes.

For law enforcement and public safety operations:

  • Our tools are designed to prioritize privacy while enhancing public safety.
  • We do not engage in automated profiling or behavioral advertising.

Contact

California residents may contact Biometrica regarding CPRA-related rights via:
privacy@biometrica.com

Version Control

Last Updated: March 2025
Next Scheduled Review: March 2026 or earlier if required.

Version Control:
This policy is part of Biometrica’s state privacy and biometric compliance documentation suite.
For full version history and review cycles, refer to the Biometrica Version Control Note [link TBD – do we need this?].

Version Control Notes:

  • Each policy reflects Biometrica’s operations as of March 2025.
  • Biometrica’s privacy documentation will be reviewed at least annually, and whenever:
    • New legislation is enacted or amended.
    • Relevant case law, regulatory guidance, or enforcement activity indicates the need for change.
    • Biometrica introduces or materially modifies products or services that affect data handling.
  • Previous versions will be archived and available internally for audit and compliance purposes.