# Biometric Data Consent Agreement

**Version:** biometric-v1
**Effective date:** 2026-05-18

> ⚠ PLACEHOLDER TEXT — NOT LEGALLY REVIEWED.
>
> This text is a structural placeholder for development. Before any real
> user signs this document, it MUST be reviewed and revised by an attorney
> familiar with Illinois BIPA (740 ILCS 14), Texas CUBI, Washington's
> My Health My Data Act, and applicable state biometric privacy laws. The
> elements below are starting points, not legally sufficient language.

## What we collect

When you register an identity with Signet, we collect the following biometric identifiers and biometric information:

- **Face geometry / fingerprint** — a mathematical embedding derived from photos and videos you provide, used to detect impersonations of you online.
- **Voice fingerprint** — a mathematical embedding derived from a voice sample you record, used to detect synthetic-voice impersonations.
- **Government-issued photo ID** — used for one-time identity verification.
- **Live selfie** — captured during identity verification to confirm the person submitting the ID is its rightful holder.

## Purpose of collection

We use these biometric identifiers solely to:

1. Verify that you are who you say you are at signup.
2. Scan the open internet for content that appears to copy your face or voice without your authorization.
3. Generate cryptographic proofs of authentic content you create (C2PA Content Credentials).
4. Provide takedown services on your behalf when impersonations are found.

We will **not** sell, lease, trade, or otherwise profit from your biometric data. We will not use your biometric data to train any artificial intelligence model.

## How long we keep your data

We retain your biometric identifiers for as long as your account is active, plus a maximum of three (3) years after account closure unless a shorter period is required by law. You may delete your data at any time via Settings → Delete Account; deletion is processed within 30 days.

## How we protect your data

- Biometric identifiers are encrypted at rest using AES-256 with an application-layer key in addition to platform-level encryption.
- Access is restricted by role-based controls and database-level row security.
- All access to your biometric data is logged.

## Your rights

You may, at any time:

- Withdraw this consent and request deletion of your biometric data.
- Export a copy of all data we hold about you.
- Request a list of every third-party service that has processed your biometric data on our behalf.

## Affirmative consent

By signing below, you confirm that:

- You are at least 18 years of age.
- You are the rightful owner of the identity being registered.
- You have read and understood this consent agreement.
- You voluntarily authorize Signet to collect, store, and use the biometric identifiers described above for the purposes stated.

This consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.