FaiceTech's platform is designed around privacy-by-design principles, including data minimisation, retention controls, biometric processing safeguards, supplier governance and deployment support. Privacy is not treated as a separate policy layer. It is reflected in the way sensitive data is processed, accessed, retained, reviewed and deleted.
From who controls the data to how long it is kept, privacy safeguards are designed into every stage.
For customer deployments, FaiceTech typically acts as a data processor. The customer remains responsible for determining the lawful basis, deployment purpose and operational use of the technology. FaiceTech processes customer data to deliver the agreed service and does not sell, repurpose or use customer biometric data for any unrelated purposes.
FaiceTech's platform is designed to limit the processing and retention of sensitive data to what is necessary for legitimate operational purposes. Examples of data minimisation safeguards include short-lived image retention where appropriate, scoped data distribution, redaction or blurring of non-subject faces, retention and destruction controls, and subject-level biometric processing controls.
Biometric processing is treated as a high-sensitivity activity. The platform includes safeguards that support controlled use, including subject-level biometric processing controls and governance workflows for sensitive actions. Where appropriate, authorised users can disable biometric processing for a subject, remove existing biometric representations and prevent future generation.
The platform is designed to avoid unnecessary retention of raw imagery. Where images are retained for justified operational purposes, additional controls can reduce collateral privacy impact, including redaction or blurring of detected faces other than the intended subject.
Subject data is governed by retention and lifecycle controls. The platform is designed to calculate destruction dates and support controlled review or restoration workflows where justified. Retention, deletion, restoration and archival behaviours are designed to be intentional and policy-driven rather than implicit.
Facial recognition deployments often require a careful data protection assessment before go-live. FaiceTech supports clients by helping them understand the technology, map data flows, identify operational risks and document appropriate safeguards. However, FaiceTech does not provide legal advice, and clients remain ultimately responsible for their own privacy impact assessments, lawful basis and deployment decisions to ensure a responsible and controlled approach.
For customer deployments, FaiceTech typically acts as a data processor. Customers remain responsible for their own data, deployment decisions and lawful basis, while FaiceTech processes customer data only to deliver the agreed service. FaiceTech does not sell customer biometric data or use it for unrelated purposes.
The platform is designed around data minimisation and purpose-limited processing. Retention should be limited to justified operational requirements, with lifecycle controls supporting deletion or review.
Customers remain responsible for their own data, deployment decisions and lawful basis. FaiceTech processes customer data to deliver the agreed service.
No. FaiceTech does not sell customer biometric data or use it for unrelated purposes.
The customer remains responsible for its own DPIA and lawful basis. FaiceTech supports the process by helping clients understand the technology, data flows and available safeguards, and by applying key learnings from 7 years of experience in the field.