Applied Recognition Inc. (ARI), creator of the Ver-ID product family, is committed to protecting your privacy, while providing you with leading edge desktop, mobile, and web services. Here we describe how we collect, use and handle your information when you use our website, software apps, software development kits (SDKs) and web services (collectively, the “Services”).
Stewardship of your data is critical to us and a responsibility that we embrace. We believe that our users’ data should receive the same legal protections regardless of whether it’s stored on our servers or on their home computer’s hard drive. We’ll abide by the following Government Request Principles when receiving, scrutinizing and responding to government requests for our users’ data:
Fight blanket requests,
Protect all users, and
Provide trusted services.
What & Why
We collect and use the following information to provide, improve and protect our Products and Services:
Face Signatures (aka Face Templates). Ver-ID interfaces with your mobile phone camera and scans the camera feed looking for faces. If you use a mobile application with the Ver-ID software development kit and register an account, the SDK saves a digital representation of your face on your phone. The face template – less than 500 bytes in size - is encrypted using tools provided by the Android or Apple operating system, depending on your device. Later, this saved face signature is used to compare with a signature from a live face in the camera to authenticate you. This authentication function may be used for gaining access to data on your phone, or to a secure web service through the app on the phone.
Time and attendance. Ver-ID can be used on a mobile device (phone or tablet) to authenticate employees, visitors and contractors when entering or leaving a building. In this scenario, the face signatures may be stored on a central server to enable all devices at all entry points to be synchronized to accept the same set of people. The face signatures are encrypted at rest on the device, in transit, and on the server. The central server is owned and managed by the provider of the time and attendance solution. At no time does ARI see or touch the data in the workflow.
Second factor authentication. If your company uses Ver-ID as a second factor authentication method for enhanced login security, then we connect your mobile device (through Ver-ID mobile software on the phone/tablet) to Ver-ID server software to provide an additional security gate. The face signature in this case is generated on the mobile device and sent over a secure and encrypted channel to the server software for authentication against a registered face template. The Ver-ID server software resides on a server within your company network, and the face signatures are encrypted on those servers. At no time do face signatures reside on Applied Recognition servers.
Identity and credential verification. If you use Ver-ID mobile software to capture identity documents, such as a driver’s license, and compare the face on the identity document with a live selfie, we perform the capture and verification on the mobile device. Therefore, no face signatures leave the phone. The provider of the mobile app that contains the Ver-ID SDK may capture images of the ID documents, face images from the selfie session, and identity document metadata for audit and other purposes, such as populating a registration form. The metadata may optionally be sent to third parties for verification of the validity of a driver’s license.
Activity data. With Ver-ID sample apps and demo apps, we may collect information from and about the devices you use to run Ver-ID. This includes info like IP addresses, the type of browser and device you use, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information. The face signatures do not leave your mobile device. In production implementations, certain business arrangements may require Ver-ID software to connect across the Internet with a Ver-ID licensing server. This connection utilizes public key cryptography to validate that your use of Ver-ID software is legitimate.
Cookies and other technologies. We may use technologies like cookies to provide, improve, protect and promote our Services. For example, cookies help us with things like understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies.
App Stores. We don’t publish apps in the public app stores. Ver-ID apps are only available for private distribution using Mobile Distribution Platforms.
Demonstration software. We provide apps and web services to demonstrate features and functionality of our software and SDKs. Those apps will collect usage data, and certain web services may collect Personally Identifiable Information (PII). The PII data is used only to perform the demonstration task, and PII is not stored for more than 24 hours.
Demographic data. We may use services like Google Analytics which employ tracking cookies to monitor our website traffic to determine certain demographic and interest data from our visitors. This data is collected anonymously and is used to tailor the information, content and features of our website and products to our audience. You can opt out of this data collection via various methods – just search the web using the terms “Google Analytics Opt-out”.
We may share information as discussed below, but we won’t sell it to advertisers or other third-parties.
Law & Order. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Applied Recognition or our users; or (d) protect Applied Recognition’s property rights.
Retention. We generally don’t hold any client data beyond Customer Relationship Management and Support information. We’ll retain that information as long as we need it to provide you with the Services. We may retain this information beyond one year after you are no longer using our Services only if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
Around the world. To provide you with the Services, we may store, process and transmit information in locations around the world – including those outside your country. Information may also be stored locally on the devices you use to access the Services. We can work with you to ensure that information processing and handling to deliver our Services does not contravene local laws.
Safe Harbor. Applied Recognition complies with the EU-U.S. and Swiss-U.S. Safe Harbor (“Safe Harbor”) frameworks and principles. You can learn more about Safe Harbor by visiting http://export.gov/safeharbor.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will publish those changes on our website and if we have a way to notify you we will. For example, via a message to the email address associated with your account. The published announcement (or direct notification) will contain details of any such deal and outline your choices in that event.
If you have questions about this privacy statement, please contact us by e-mail at privacy [at] appliedrec.com
Applied Recognition face recognition technologies are protected by US and Canadian patents.