1. Scope and Consent

AgeOnce uses facial recognition technology to verify your identity and to enable optional re-verification. By clicking "I Agree" or "Verify with Face," you explicitly consent to the collection, processing, and storage of your Biometric Information (facial geometry and the mathematical vectors derived from it) for the purposes described in this policy.

You must be at least 16 years old to consent to this processing. Do not use the facial verification feature if you are under 16.

2. What is Biometric Information?

For the purpose of this policy, "Biometric Information" includes (a) scans of your facial geometry captured during verification and (b) the mathematical vectors (templates) derived from such scans. Raw photos of your ID and face are considered transient and are not stored as images in our database after a verification is complete.

3. Purpose of collection and use

We use your Biometric Information solely for:

• Verifying that the person presenting the ID is the owner of the ID.
• Detecting "liveness" to prevent fraud (for example, spoofing with photos, screens, or masks).
• Enabling fast re-verification on Partner Sites without re-uploading documents, where supported by the product.
• Security, fraud prevention, and resolving disputes about verification results.

4. Retention and destruction schedule

Raw images (photos): Are considered "Transient Data." They are processed in real-time and are not saved to our image database; they are destroyed after the mathematical vector is generated and verification is complete.

Biometric vectors (templates): Are stored in protected form in our database and used only for the purposes in Section 3.

We will permanently destroy your Biometric Vector on the earliest of:

• You request deletion through your account settings or by contacting hi@ageonce.com.
• The initial purpose for collecting the data has been satisfied (for example, you close your account).
• Three (3) years have passed since your last interaction with AgeOnce, consistent with Illinois BIPA (740 ILCS 14/).

5. Storage and security

We apply industry-standard protections to Biometric Information, including transport encryption (TLS), encryption at rest, access controls, row-level security, and audit logging. We store the same or greater level of care that we use for other confidential and sensitive information in our possession.

We do not sell, lease, trade, or otherwise profit from your Biometric Information.

6. Disclosure to third parties

We do not disclose Biometric Information to third parties except:

• To service providers that help us operate the Service (for example, cloud hosting and machine-learning infrastructure), under contractual restrictions, to the extent necessary to provide the Service.
• To comply with a valid subpoena, warrant, court order, or other lawful process.
• With your additional written or electronic consent for a specific purpose not described in this policy.

7. Your rights and choices

You may:

• Withdraw consent and request deletion of your Biometric Vector at any time.
• Ask us to confirm what Biometric Information we have about you.
• Ask for human review of an automated verification result you believe is incorrect.

8. State-specific notices

Illinois (BIPA, 740 ILCS 14/): This policy describes our retention schedule and destruction guidelines and is made available to you before we collect your Biometric Information. We will obtain a written (electronic) release before collection.

Texas (CUBI, Tex. Bus. & Com. Code § 503.001) and Washington (RCW 19.375): We collect Biometric Information only after notice and consent, use it only for the disclosed purposes, do not sell it, and retain it only as long as needed or permitted by law.

Other jurisdictions: Residents of other US states and of the EU / UK / EEA have additional rights described in the Privacy Policy.

9. Changes to this policy

We may update this Biometric Information Privacy Policy from time to time. The "Last updated" date at the top indicates when the latest change was made. Material changes will be communicated through the service, by email (where we have your address), or by a clear notice on the site, to the extent required by applicable law.

10. Contact

Questions about this policy or requests regarding your Biometric Information can be sent to hi@ageonce.com.