Last updated: July 14, 2026 · Draft — under attorney review
This is person·af's written policy for biometric identifiers, published to satisfy laws such as the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and GDPR Article 9. It is publicly available and applies to everyone.
Questions or requests: privacy@person.af.
What we collect
One biometric identifier: a faceprint — a numeric template derived from a face liveness check by Amazon Rekognition. We do not store the underlying photo or video. We collect no other biometrics (no voiceprints, no fingerprints, no iris scans).
Purpose — exhaustive list
The faceprint is used only to:
- Prevent people who have been banned from creating new accounts;
- Prevent one person from operating multiple accounts;
- Recognize you when you sign in from a new device.
It is never used for advertising, profiling beyond the purposes above, surveillance, emotion analysis, or anything else.
Consent
We collect a faceprint only after you affirmatively consent, in writing (the signup checkbox and liveness-check flow), having been told what is collected, why, and for how long. If we ever materially change these purposes, we will ask for consent again first.
No sale, no disclosure
We do not sell, lease, trade, or otherwise profit from biometric data. We do not disclose it except: (a) to Amazon Web Services, our processor, which stores it in an isolated face collection on our behalf; (b) when required by law or valid legal process; or (c) with your further consent.
Retention & destruction schedule
A faceprint is permanently destroyed (deleted from the face collection) upon the first of:
- A verified deletion request from the account holder — completed within 30 days;
- Three (3) years after your last interaction with the platform;
- Our retirement of the identity system or shutdown of the service.
Destruction is performed via the face collection's deletion API and is not recoverable.
Storage & protection
Faceprints are stored in a dedicated Amazon Rekognition collection, isolated from other data, accessible only by a least-privilege service credential scoped to that collection. All transport is encrypted. Faceprints are protected with at least the same care as our other confidential data, and in the same manner or more protective than industry standards for biometric data.
How to exercise your rights
Email privacy@person.af from any address you can verify control of, or use the in-app suspension/appeal contact. We will verify the request (a fresh liveness check may be used to prove the faceprint is yours), then delete the faceprint and confirm completion.