ZoOm® SDK, FaceTec Managed Cloud and Client Cloud Privacy Policy

Last Updated - September 12th, 2018

  1. To continually innovate and improve our software, FaceTec may collect User data and usage statistics from any app or webpage using the ZoOm Software Development Kit (SDK) with a developer token, including the ZoOm Demo Apps and webpages.
  2. When a Production token is used in the FaceTec Managed Cloud, no user biometric data is used in the software improvement process whatsoever nor shall User biometric data be used for any purpose other than verifying the identity of the User and confirming liveness. With a production token, any data that is transferred to FaceTec’s servers via FaceTec’s secure API is encrypted, siloed and is never stored with any additional personally identifiable information (PII). With a production token, any data that is transferred to the server via FaceTec’s secure API is anonymized, including device unique hardware identifier (UUID).
  3. FaceTec will not disclose End User data to any third party without explicit approval from said User unless required by law, such as to comply with a court ordered subpoena, or similar legal process, when we believe disclosure is necessary to protect our rights, investigate fraud, or respond to a government request, we will disclose biometric data and personally identifiable information to the requesting governing agency.
  4. In a Private Client Cloud instance, FaceTec does not provide services directly to End Users, and Clients are solely responsible for providing all notices, and obtaining all consents, as required by applicable law in connection with the collection, use and disclosure of end user data. FaceTec may use anonymized End User statistics collected via the ZoOm API for billing purposes and to provide the services.
  5. The anonymous data collected is only used to operate our business, provide our products and services, improve existing products and services, develop new products and services, and to improve and personalize experiences interacting with the software. FaceTec has the right to use and disclose usage data and anonymized User data for FaceTec’s legitimate business purposes; provided, however, that FaceTec will not use or disclose usage data or anonymized User data in a manner that would enable a third party to reasonably determine that such usage data or anonymized User data originated from our Client’s use of the services or any individual End User’s use of an integrated application.

  6. EU General Data Protection Regulation (GDPR) Compliance (For EU residents)
    6.1 How FaceTec Collects, Uses and Stores User Data
    During ZoOm enrollment and authentication sessions we gather and store the following:
    • User IP (Internet Protocol) address, which is a set of numbers that identifies the location of a piece of hardware connected to a network, including the internet. An IP address allows a device to communicate with other devices over an IP-based network like the internet. By itself, it cannot provide the identity of the User, but it does indicate where in the world our software is being used.
    • Specific phone and software version information, all collected to make sure our software is 100% compatible and working correctly, including:
      • Operating System version
      • ZoOm version
      • Package name
      • Device ID
      • Phone model
      • Time stamp
    • Enrollment and authentication session information collected will include the above information as well as the following information, which is never shared or used for any other purpose except to positively identify the User and to help make ZoOm more accurate:
      • Face image data: When used with a development token, our system uses this biometric data to understand the exceptionally wide variety of face structures from people all around the world. When a production token is used, biometrics data is only used to authenticate the User and is not used to make the systems better or for any other purpose.
      • Session length: This helps us understand the frequency and duration of use as it relates to the service’s level of daily usability.
    6.2 How FaceTec Shares Data Collected From Users
    FaceTec does not share any of the data collected with any other organization as a rule. The only exceptions will be when there is a lawful request related to an unlawful act, such as a system breach or theft of data.
    6.3 User Access and Options to Manage User Data
    Clients of FaceTec that must adhere to GDPR, must provide their End Users with control over their information. Users must be able to do the following at their discretion:
    • Request their data be erased (“The right to be forgotten”), and the Clients must delete the End User’s data from their servers and FaceTec’s Managed Cloud via the ZoOm API if applicable.
    • Request a copy of what data is captured.
    • Withdraw their consent at any time.
    • Lodge a complaint with the authoritative body in their region.
    If required, Clients may provide End Users with the following information about FaceTec:
    • Our identity and contact information:
    • The following purposes of and legal basis for processing User data:
      • FaceTec has been given explicit consent by either the Client or the End User to process User personal data for the specific purpose of authenticating the identity and liveness of the User.
      • Processing User data is necessary to protect the Client’s and User’s vital interests. Our process attempts to ensure that no unauthorized persons gain access to confidential User information.
    • The location in which we process the data:
      • The specific data we collect is processed in the United States
    • Who the recipients of the data are:
      • We only receive data from the Client’s systems and do not send the data we collect and process for our authentication process to any other organization or individual.
    • The period for which the data is stored:
      • FaceTec stores collected User data for the time period that meets the needs of the Client, and only for the purposes of a) our ability to perform our service to the Client, and b) as reference for continued product integrity and improvement.
  7. This privacy policy may be updated at any time to reflect changes in our practices or the laws governing them. Please review this document periodically for the latest updates.

Please contact us directly for more information at support@zoomlogin.com.