Biometrica | Connecticut Data Privacy Act (CTDPA) Compliance Statement

Version: March 2025

Applicability

This disclosure outlines Biometrica Systems, Inc.’s compliance with the Connecticut Data Privacy Act (CTDPA), applicable to the collection and processing of personal data relating to Connecticut residents.

Biometrica notes that under the CTDPA, “personal data” does not include publicly available information, including lawfully made available records from government entities.
Biometrica’s core dataset, UMbRA, consists exclusively of such law enforcement-sourced government records and is therefore excluded from the definition of personal data under the CTDPA.

Additionally, CTDPA explicitly exempts the following entities and data types:

Entity Exemptions:

  • State government agencies, including law enforcement.
  • Nonprofit organizations.
  • Institutions of higher education.
  • National securities agencies registered under the Exchange Act.
  • Financial institutions regulated by the Gramm-Leach-Bliley Act (GLBA).
  • Entities regulated by the Health Insurance Portability and Accountability Act (HIPAA).

Data Exemptions:

  • Data regulated by the Fair Credit Reporting Act (FCRA)Biometrica’s eMotive system is FCRA-compliant and operates under FCRA requirements.
  • Data governed by the:
    • Driver’s Privacy Protection Act (DPPA)
    • Family Educational Rights and Privacy Act (FERPA)
    • Federal Farm Credit Act
    • Airline Deregulation Act

As such, UMbRA qualifies for exemption as law enforcement public records and eMotive operates within the scope of the FCRA exemption.

About Biometrica

Biometrica is a public safety technology company focused on protecting people without mass surveillance or biometric data, including and not limited to biometric templates and biometric identifiers’ access, transmission, retention, or storage.
We therefore have no biometric gallery.

Our systems include:

  • UMbRA — A 100% law enforcement-sourced database containing charge/booking data, criminal records, warrants, sex offender data, probation/parole status, and non-searchable missing persons records used solely for public safety and investigative matching. Direct UMbRA access is only available to credentialed law enforcement and quasi-law enforcement personnel.
  • RTIS & RVIS — Real-time Threat and Victim Identification Systems (RTIS & RVIS) designed to identify and locate law enforcement-verified threats or victims, or persons trespassed from a facility in real-time without retaining video, audio, or biometric data.
  • QAPLA — Face verification and similarity scoring tool available to credentialed law enforcement or approved users.
  • eMotive — Continuous, FCRA-compliant criminal background check solution requiring explicit employee consent.

Facial Recognition Technology — Privacy by Design

Biometrica is not a facial recognition company.

  • All biometric comparisons are conducted by an independent, third-party, NIST-evaluated and approved provider operating within a secure and strictly isolated black box environment.
  • Biometrica does not access, transmit, store, or retain:
    • Faceprints
    • Biometric identifiers
    • Other biometric templates (including but not limited to faceprints)
    • Associated metadata from biometric comparisons
  • We have no biometric gallery.

Biometrica only receives numerical match IDs for human verification.

Biometrica staff do not:

  • Access search queries within UMbRA
  • Access match queries performed via QAPLA
  • Access employee background monitoring records via eMotive

Only Biometrica’s Rapid Action Center (RAC) can see and send out RTIS/RVIS alerts, and that, only after verification by a human trained in facial identification, has confirmed an algorithmic match and validated it for relevance.

Use of Location Data Under CTDPA

RTIS and RVIS may incorporate general location information strictly for:

  • Public safety
  • Criminal investigations
  • Missing persons recovery

Location data is:

  • Used solely for investigatory and security purposes.
  • Not used for tracking, profiling, or targeted advertising.

Compliance with the Connecticut Data Privacy Act (CTDPA)

Biometrica fully complies with the CTDPA by:

  • Not selling personal data.
  • Not processing sensitive data without proper consent.
  • Avoiding automated profiling with legal or similarly significant effects.
  • Processing data solely for lawful, legitimate public safety purposes.
  • Applying privacy-by-design and data minimization throughout.

Data Subject Rights Under CTDPA

Connecticut residents may:

  • Access, correct, delete, or opt-out of processing of personal data as defined under the CTDPA.

However, Biometrica’s law enforcement database (UMbRA) is:

  • Exempt as it comprises publicly available government records.
  • Restricted solely to credentialed and trained law enforcement users.
  • Immutable due to chain-of-custody and evidentiary integrity obligations.

For this reason:

  • Biometrica cannot grant access, correction, or deletion of records within UMbRA.
  • Any such requests must be directed to the originating law enforcement agency.

Biometrica is legally and contractually prohibited from modifying law enforcement-provided data.

Data Minimization and Privacy Safeguards

Biometrica enforces:

  • Data minimization: Only necessary data is collected and processed.
  • Purpose limitation: Processing is restricted solely to public safety and missing persons objectives.
  • No mass surveillance: No video footage or indiscriminate collection.
  • Relevance-based alerts: Only alerts relevant to an organization’s lawful mission and legally permissible use are generated.
  • Human-in-the-loop: Every actionable alert undergoes trained human verification.
  • Immutable audit trails: All actions are logged for auditing and compliance.

Contact

Questions may be directed to:
privacy@biometrica.com

Version Control

Last Updated: March 2025
Next Scheduled Review: March 2026 or earlier if required.

Version Control:
This policy is part of Biometrica’s state privacy and biometric compliance documentation suite.
For full version history and review cycles, refer to the Biometrica Version Control Note [link TBD – do we need this?].

Version Control Notes:

  • Each policy reflects Biometrica’s operations as of March 2025.
  • Biometrica’s privacy documentation will be reviewed at least annually, and whenever:
    • New legislation is enacted or amended.
    • Relevant case law, regulatory guidance, or enforcement activity indicates the need for change.
    • Biometrica introduces or materially modifies products or services that affect data handling.
  • Previous versions will be archived and available internally for audit and compliance purposes.