Biometric Information is a form of data related to biometric characteristics which may be used to identify you. Biometric Information includes things like fingerprints, voiceprints, scans of a hand, facial geometry recognition, and iris or retina recognition. Specifically, ID.me may collect Biometric Information such as facial geometry from users during certain verification processes for ID.me services. This article explains more about how Biometric Information is used on ID.me.
How your Biometric Information is used
Biometric Information is only used to complete the transaction it was collected for, which may include identify verification and fraud prevention and analysis. To the extent that Biometric Information has not otherwise been deleted, as a result of a user request or to comply with certain partner agreements, the data will be retained in accordance with the ID.me Privacy Policy and Biometric Information Privacy Policy. ID.me may retain the Biometric Information of certain users as encrypted evidence. This data will be securely retained as proof of this verification pursuant to ID.me compliance obligations to align with the National Institute of Standards and Technology policy standards (i.e., NIST 800-63-2 and 800-63-3).
What does agreeing to biometric consent mean?
To access and use certain ID.me services, some users are required to provide consent for ID.me to collect and process Biometric Information. When you give consent for ID.me to collect your Biometric Information, you agree that ID.me can collect, process, and where necessary disclose, your Biometric Information as described in our Biometric Information Privacy Policy.
How long will my Biometric Information be retained?
ID.me may retain your Biometric Information for up to thirty-six months. ID.me collects and processes your Biometric Information in order to verify your identity and help prevent fraud. Biometric Information is retained in line with ID.me’s obligations to our partners, with the specific retention periods determined by the first partner with whom a user first verifies their identity (e.g., IRS, Dept. of Veterans Affairs, a state workforce agency, etc.) Certain partners may require this information to be purged within twenty-four (24) hours following a successful verification, other partners may require a longer retention period, but under no circumstances will ID.me retain this information for longer than thirty-six (36) months absent a subpoena, warrant, or other legally compelling justification.
Selfie Image and Associated Biometric Information
Some personal information, like selfie images and the associated Biometric Information submitted by users for certain types of verification services, are retained in line with ID.me's obligations to our partners. For example, specific retention periods are determined by the first partner with whom a user first verifies their identity (e.g., IRS, Dept. of Veterans Affairs, etc.) Certain partners may require this information to be purged within twenty-four (24) hours following a successful verification. Other partners may require a longer retention period. Under no circumstances will ID.me this retain information for longer than thirty-six (36) months absent a subpoena, warrant, or other legally compelling justification.
While ID.me stores your personal information, we use approved industry-recognized encryption methods to protect it from unauthorized access. Likewise, when we destroy your personal information, we use industry-recognized methods to affect such destruction.
Can I delete my Biometric Information stored with ID.me?
All ID.me users can request the deletion of their selfie and associated Biometric Information, if they were collected by ID.me as part of the verification process. ID.me will process all requests for the deletion of the selfie and associated Biometric Information within seven days of receiving a verified request from a user.
To submit a verified request, you can visit the ID.me Privacy Rights Center, select Continue, and sign in to your ID.me account. Additional information about how to submit a request can be found in this help article.
We may decline your request under certain limited circumstances, including if your selfie and associated Biometric Information is subject to a valid legal hold.