Biometric information is a form of data related to biometric characteristics which may be used to identify you. Biometric information includes things like fingerprints, voiceprints, scans of a hand, facial geometry recognition, and iris or retina recognition.
Specifically, ID.me may collect biometric information such as facial geometry from users during certain verification processes.
This article explains more about how biometric information is used on ID.me.
How your biometric information is used
Biometric information is only used to complete the transaction it was collected for, which may include identify verification and fraud prevention and analysis. To the extent that biometric information has not otherwise been deleted, to comply with certain customer agreements, the data will be retained in accordance with the ID.me Privacy Policy and Biometric Information Privacy Policy.
ID.me may retain the biometric information of certain users as encrypted evidence. This data will be securely retained as proof of this verification pursuant to ID.me compliance obligations to align with the National Institute of Standards and Technology policy standards (i.e., NIST 800-63-2 and 800-63-3).
What does agreeing to biometric consent mean?
To access and use certain ID.me services, some users are required to provide consent for ID.me to collect and process biometric information. When you give consent for ID.me to collect your biometric information, you agree that ID.me can collect, process, and where necessary disclose, your biometric information as described in our Biometric Information Privacy Policy.
How long will my biometric information be retained?
ID.me may retain your biometric information for up to thirty-six months. ID.me collects and processes your biometric information in order to verify your identity and help prevent fraud. Biometric information is retained in line with ID.me’s obligations to our customers, with the specific retention periods determined by the first customers with whom a user first verifies their identity (e.g., IRS, Dept. of Veterans Affairs, a state workforce agency, etc.)
Certain customers may require this information to be purged within twenty-four (24) hours following a successful verification, other customers may require a longer retention period, but under no circumstances will ID.me retain this information for longer than thirty-six (36) months absent a subpoena, warrant, or other legally compelling justification.
Selfie image and associated biometric information
Some personal information, like selfie images and the associated biometric information submitted by users for certain types of verification services, are retained in line with ID.me's obligations to our customers. For example, specific retention periods are determined by the first customers with whom a user first verifies their identity (e.g., IRS, Dept. of Veterans Affairs, etc.) Certain customers may require this information to be purged within twenty-four (24) hours following a successful verification. Other customers may require a longer retention period. Under no circumstances will ID.me this retain information for longer than thirty-six (36) months absent a subpoena, warrant, or other legally compelling justification.
While ID.me stores your personal information, we use approved industry-recognized encryption methods to protect it from unauthorized access. Likewise, when we destroy your personal information, we use industry-recognized methods to affect such destruction.