Biometric Information Disclosure

English DeutschEspañolFrançais

SafePassage Biometric Information Disclosure

Last Updated: May 13, 2025

Summary of Key Points

This is a summary of the key points in our Biometric Information Disclosure. Please read the full document for complete details.

  • Temporary Processing: We temporarily process facial images to estimate your age. This data is not stored on our servers.
  • Zero-Storage Approach: All biometric processing happens in temporary memory and is automatically discarded after verification.
  • Limited Purpose: We use biometric data solely for age verification and fraud prevention.
  • No Sale or Sharing: We never sell, rent, trade, or unnecessarily share your biometric information.
  • Stateless Processing: Our system is designed to analyze your facial features without creating or storing persistent biometric templates.
  • Your Choice: You can decline biometric processing and choose document verification instead.

1. Introduction

Various laws require us to provide you with notice and obtain your consent before processing your biometric information. This Biometric Information Disclosure explains how SafePassage temporarily processes biometric information during age verification.

By using our service and providing your consent, you acknowledge that you have read and understand this disclosure, our Privacy Policy, and our Terms and Conditions.

2. What is Biometric Information?

Biometric information refers to data derived from your physical characteristics that can be used to identify you. Examples include:

  • Facial geometry or measurements
  • Fingerprints
  • Voiceprints
  • Iris or retina scans
  • Hand geometry

In the context of SafePassage's age verification service, biometric information specifically refers to the measurements and patterns derived from images of your face.

3. Biometric Information We Process

During the age verification process, we may temporarily process:

3.1 Facial Images

  • A series of photos or video frames of your face captured through your device's camera
  • Analysis of facial features to estimate your age
  • Liveness detection to prevent spoofing (ensuring a real person is present)

3.2 Important Limitations

  • No Persistent Templates: We do not create or store persistent biometric templates or "faceprints"
  • Temporary Analysis Only: All facial analysis occurs in temporary memory
  • No Identification: We use facial analysis solely for age estimation, not for identification

4. How We Use Biometric Information

We temporarily process biometric information only for the following purposes:

4.1 Primary Uses

  • Age Estimation: To estimate whether you meet age requirements
  • Liveness Detection: To verify that a real person is present (preventing spoofing)
  • Fraud Prevention: To help prevent fraudulent verification attempts

4.2 What We Don't Do

  • We do not use biometric information for identification purposes
  • We do not use biometric information for marketing or profiling
  • We do not create persistent biometric templates

5. Our Zero-Storage Approach

5.1 Stateless Processing

Our system operates on a stateless processing model:

  • All biometric analysis happens in temporary memory (RAM)
  • No biometric data is stored on persistent storage
  • All data is automatically discarded after verification completes
  • No database of facial images or biometric templates is maintained

5.2 Manual Review (If Needed)

In rare cases where automated verification is inconclusive:

  • A manual review process may be necessary
  • Any data used in this process is deleted immediately upon completion
  • Manual reviews focus only on age verification, not identification

6. Security of Biometric Information

6.1 During Processing

While biometric information is being temporarily processed, we protect it with:

  • End-to-end encryption for all data in transit
  • Secure, isolated processing environments
  • Access controls limiting system access to authorized personnel only
  • Regular security audits and penetration testing

6.2 No Persistent Storage

The most effective security measure is our zero-storage approach:

  • We don't keep your biometric information after verification
  • We don't maintain databases that could be breached
  • We don't create persistent templates that could be misused

7. Disclosure of Biometric Information

7.1 Limited Disclosure

We will not disclose, disseminate, or transmit your biometric information to any person or entity unless:

  • We obtain a separate written authorization from you
  • Disclosure is required by applicable law or municipal ordinance
  • Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction

7.2 What We Share with Websites

The only information we share with websites requesting age verification is:

  • A verification result (pass/fail)
  • NOT your biometric information, facial images, or biometric measurements

8. Your Choices

8.1 Consent Options

You have the following choices regarding biometric information:

  • Consent: Agree to the temporary processing of biometric information for age verification
  • Alternative Methods: Choose document verification instead of biometric processing if available
  • Decline: Decline to use our service entirely

8.2 Limitation on Withdrawal

Please note that once consent has been provided and the verification process has begun, consent for that specific verification session cannot be withdrawn, as it is necessary to complete the verification for which the information was collected.

However, you can withdraw consent for future verifications by contacting us at privacy@safepassageapp.com.

9. Regional Biometric Privacy Laws

9.1 Illinois Biometric Information Privacy Act (BIPA)

For users in Illinois, in compliance with BIPA:

  • We obtain your written consent before processing biometric information
  • We do not sell, lease, trade, or otherwise profit from your biometric information
  • All biometric information is discarded after verification is complete

9.2 Texas Capture or Use of Biometric Identifier (CUBI) Act

For users in Texas, in compliance with CUBI:

  • We do not capture your biometric identifier without obtaining your consent
  • We do not sell, lease, or otherwise disclose your biometric identifier
  • All biometric information is discarded after verification is complete

9.3 European Union and United Kingdom Requirements

For users in the EU and UK, we comply with the GDPR's and UK GDPR's requirements for processing biometric data, which is considered a special category of personal data:

  • We process biometric data only with your explicit consent
  • We implement appropriate technical and organizational measures to protect your data
  • We conduct data protection impact assessments for biometric processing
  • Our stateless processing approach ensures minimal data protection risks
  • We comply with Ofcom's requirements for privacy and data protection in age assurance technologies

9.4 France (Arcom) Requirements

For users in France, we comply with Arcom's requirements under the SREN law framework:

  • Our system implements "double anonymity" to ensure verification authorities cannot see which services users access
  • Our biometric processing maintains separation between verification and content providers
  • All biometric processing occurs in compliance with the French Data Protection Act

9.5 Germany (KJM) Requirements

For users in Germany, we comply with KJM's requirements for face-based age verification:

  • Our system implements appropriate technical measures to prevent credential sharing
  • We maintain a challenge age threshold that exceeds the five-year buffer requirement
  • Our biometric processing complies with the German Federal Data Protection Act (BDSG)

9.6 Other State Laws

Various states have enacted biometric privacy laws. We comply with all applicable state laws regarding biometric information.

10. Changes to This Disclosure

We may update this Biometric Information Disclosure from time to time. When we make significant changes, we will notify you by:

  • Posting a notice on our website
  • Updating the "Last Updated" date at the top of this disclosure
  • Requiring renewed consent where legally required

11. Contact Us

If you have any questions or concerns about this Biometric Information Disclosure, please contact us at:

Email: privacy@safepassageapp.com

Mail: SafePassage, S.A.S. CR 42 No.5 SUR 145 Medellin, Antioquia Colombia

© 2025 SafePassage, S.A.S. All rights reserved.

Effective Age Verification with Privacy Protection

Let's Talk
Terms & Conditions Privacy PolicyBiometric Disclosure