Biometric Data Privacy Policy

1. Overview

Passport Photo Direct uses advanced facial analysis technology to ensure your passport photo meets U.S. State Department compliance requirements. This document explains how we collect, use, and protect your biometric data in compliance with applicable laws including the Illinois Biometric Information Privacy Act (BIPA) and other state biometric privacy regulations.

2. What is Biometric Data?

Biometric data in this context refers to facial landmarks—specific geometric measurements and coordinates extracted from your face. This includes:

• 468 facial landmark points (detected automatically)
• Head position, rotation, and tilt measurements
• Eye position and openness analysis
• Mouth and lip position
• Facial symmetry and alignment
• Head-to-frame ratio calculations

3. How We Collect Biometric Data

When you upload a photo for processing, we use Google's MediaPipe Face Landmarker (a trained computer vision model) to automatically extract facial landmarks. This is a fully automated process with no human review of your biometric data.

No manual collection: We do not manually create templates, use 3D scanning, fingerprints, iris scans, or any manual biometric collection methods.

4. Purpose of Biometric Data Use

Your biometric data is used solely for the following purposes:

• Verify that your photo meets State Department compliance requirements
• Detect and flag non-compliant photos (e.g., glasses, tilted head, poor lighting)
• Calculate crop geometry to ensure proper framing and sizing
• Generate compliance reports shown to you before purchase

Restricted Uses: We do NOT use your biometric data for:

• Facial recognition or identification of you or others
• Creating searchable face templates or databases
• Matching you against other individuals
• Marketing, profiling, or tracking purposes
• Third-party commercial purposes

5. Data Retention and Deletion

Facial Landmarks: NEVER permanently stored. Extracted in memory during processing and immediately discarded after compliance checking is complete. No copies are saved to our database.

Original Uploaded Photo: Automatically and permanently deleted 30 days after your order is fulfilled.

Processed Photos (Digital Tile & Print Sheet): Retained for 30 days in your account. Available on request for up to 1 year, then permanently deleted.

Compliance Reports: Your "pass/fail" compliance check results are kept as part of order metadata for customer service and dispute resolution, but contain no raw biometric data.

6. Data Security

We employ industry-standard technical, physical, and procedural safeguards:

• Encryption of data in transit (SSL/TLS)
• Secure servers with access controls
• Automatic deletion of biometric data after processing
• No backup or archival of biometric data
• Regular security assessments and updates

7. No Sale of Biometric Data

We do NOT sell, lease, trade, or otherwise disclose your biometric data to any third party for any commercial purpose. Your facial landmarks are used only within our Service for compliance verification.

8. Your Rights

You have the following rights under applicable biometric privacy laws:

• Right to Know: Request information about what biometric data we've collected
• Right to Delete: Request deletion of your photos and biometric data at any time
• Right to Opt-Out: Refuse use of your biometric data (note: this prevents processing)
• Right to Accuracy: Request correction of any inaccurate information
• Right to Redress: Sue us for violations of your biometric privacy rights

To exercise these rights, contact us at hello@passportphotodirect.com. We will respond to your request within 30 days.

9. Consent and Opt-In

Before processing any photo, you explicitly consent to our extraction and use of your biometric data. This consent is given when you accept the consent checkbox during upload. You may withdraw consent at any time by contacting us to delete your data.

10. Legal Compliance

This Service complies with the following regulations:

• Illinois BIPA: 815 ILCS 530 (primary jurisdiction)
• Washington MHIPA: RCW 19.255
• Texas BIPA: Business & Commerce Code § 503.001
• Other State Laws: As applicable based on your jurisdiction

11. Changes to This Policy

We may update this Biometric Data Privacy Policy periodically. Material changes will be communicated to you via email or posted on our Service. Your continued use indicates acceptance of the updated Policy.

12. Contact & Disputes

If you have questions, concerns, or wish to exercise your biometric privacy rights:

Email: hello@passportphotodirect.com

For biometric privacy complaints, you also have the right to contact your state's Attorney General or pursue private rights of action under applicable biometric privacy laws.