WELCOME TO THE TRUST CENTER

• Never. At FACEIO, we have baked privacy and security directly into our infrastructure. We collect and store the minimum amount of personal information needed to authenticate users, and we back that up with intelligence-backed security monitoring. The underlying Facial Recognition Engines that FACEIO rely on such as PixLab Insight or AWS Rekognition only stores hash signatures of your facial features, a stream of meaningless floating point numbers anonymously, after your full explicit consent, and/or until you submits a removal request.
• FACEIO itself (the service) including this Website, the fio.js facial authentication library, the Embedded Widget, the Rest API, the Console) does not store or handle biometrics nor even know anything about them. It is the responsibility of the selected facial recognition engine by the application owner (eg website or web application you use) to choose a cloud storage region or opt for on-premises deployment for storing biometrics hash.
• Facial vectors (hence biometrics hash) are stored as an array of floating point numbers. The data is meaningless on its own, effectively acting as a hash, and cannot be reverse engineered.
• FACEIO is not a surveillance tool. There is no centralized biometrics hash database, and any data is collected after your explicit consent, and subject to deletion at anytime. Each FACEIO application is in fact, a sand-boxed binary index. Only the application owner with its encryption key have access to the currently built index. You can manage, download, grab your encryption key as well as collect analytics on this index via the Application Manager on the FACEIO Console.
• We incorporate privacy tools into FACEIO by design so that it’s easy for application owners to protect user data, and enable users to opt-in, opt-out, and be forgotten. Our Terms & Conditions require customers to comply with all applicable privacy laws; we encourage practices beyond the legal minimum.

• We take privacy very seriously here at FACEIO, and PixLab at larger scale. We only process your data based on your agreement and in accordance with the strict policies and procedures that we have contractually agreed to. We do not share your data with advertiser-supported services, nor do we mine it for any purposes like marketing research or advertising.
• Your data is your business, and you can access, modify, or delete it at any time. FACEIO will not use your data without your agreement, and when we have your agreement, we use your data to provide only the services you have chosen.
• We only process your data based on your agreement and in accordance with the strict policies and procedures that we have contractually agreed to. We do not share your data with advertiser-supported services, nor do we mine it for any purposes like marketing research or advertising.

Our parent company is working with security partners on SOC 2 reporting and full ISO 27001 certification.

We take security very seriously. In fact, we built FACEIO as a way to own and secure users' personal data as detailed in our Services Terms. As we expand, that means we're building security directly into our products with certifications and outside audits.

What is SOC 2?

SOC 2 is an auditing procedure developed by the American Institute of CPA's. A SOC 2 report ensures that organizations have security procedures in place.

What is ISO 27001?

ISO 207001 is a security standard created by the International Organization for Standardization and International Electrotechnical Commission. Certification requires an audit, demonstrating comprehensive security standards...

Our security best practices guide for applications is located here. That guideline presents several best practices that have a significant, positive impact on your FACEIO application's security practices, including recommendation for securing users data.

Our privacy best practices guide for applications is located here. That guideline presents several best practices that have a significant, positive impact on your FACEIO application's privacy practices, including recommendation for safeguarding users data, easy opt-in, opt-out, Facial ID removal, and so forth.