Biometric Data Policy
Effective date: 2026-05-30 Version: biometric-v1 Policy identifier (used in consent records): `biometric-v1`
This policy is required by the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14) and similar biometric privacy laws. It explains in plain language exactly what biometric data we collect, how we store it, how long we keep it, when we delete it, and what rights you have.
You must read and explicitly consent to this policy before uploading any photos. The upload feature will not be available until your consent is recorded.
1. What biometric data we collect
When you use the Suvant audit feature you upload up to 3 photographs of yourself ("selfies"). These photos may contain or be used to derive biometric identifiers and biometric information as defined by applicable law, including:
- Facial geometry
- Facial features and facial structure visible in the photographs
We collect these photographs for the sole purpose of running a one-time AI-based assessment of 8 presentation categories (face, hair, skin, body, style, grooming, photos, presence).
2. How we use biometric data
Your selfies are used to generate your personal image audit: an honest, numeric assessment of 8 presentation categories (face, hair, skin, body, style, grooming, photos, presence) using the OpenAI vision API. This is the only processing that happens by default, and it is what the consent on this policy authorizes.
Optional add-on — the AI "after you" transformation. Separately, you may optionally opt in to have one of your photos sent to OpenAI's image API to generate an illustrative "what you could look like" image reflecting the recommended grooming and style. This is off by default, requires its own separate, standalone consent, and is governed by the AI Transformation Policy. If you do not opt in, this never happens.
We will never:
- Sell, lease, trade, or otherwise profit from your biometric data.
- Share your selfies with any third party except OpenAI (described below as a subprocessor) for the processing steps described in this policy and the AI Transformation Policy.
- Use your selfies for advertising targeting, model training, or research.
- Share your selfies with Meta, Google, Microsoft Clarity, or any other analytics/advertising vendor.
3. How we protect biometric data
- Stored encrypted: Selfies are stored in a private Google Cloud Storage bucket (`suvant-selfies-prod`) using AES-256-GCM encryption at rest, with keys managed by Google Cloud KMS.
- No public access: The bucket enforces "uniform bucket-level access" with public access prevention. No selfie is ever accessible via a public URL.
- Access controls: Only the Suvant backend service account has access to the bucket. No human employee has direct access to raw selfie files.
- In transit: All data is transmitted over TLS.
- Signed URLs only: If your selfies need to be read (e.g. to pass to the AI API), we generate short-lived (10-minute) signed URLs that expire automatically.
4. OpenAI subprocessor disclosure
Your selfies are sent to OpenAI's API (not the consumer ChatGPT service) for two processing steps:
- The audit (always): the vision API reads your 3 photos to produce your numeric scores.
- The transformation (only if you opt in): the image API generates your optional "after you" illustration from one photo. See the AI Transformation Policy.
Key facts about this processing:
- OpenAI's API operates under a data processing agreement that prohibits training on API inputs.
- Your photos are not retained by OpenAI after the API call completes.
- OpenAI is the only third party that ever receives your selfie data.
- We disclose OpenAI as a subprocessor per BIPA's "dissemination" clause. No consent is given for any other third party.
5. Retention and deletion schedule
| Data | Retention period | Deletion mechanism |
|---|---|---|
| Raw selfie photos (GCS) | Up to 30 days after your audit completes | Automatic scheduled deletion from GCS; or immediately on account deletion |
| Abandoned uploads (if you uploaded but never subscribed) | Up to 30 days after upload | Automatic scheduled purge |
| Optional AI transformation image (if you opted in) | Automatically deleted about 1 day after it is created | Automatic minimization; on account deletion; or anytime via Account › Privacy |
| Derived audit scores and numeric data (Postgres, not pixels) | While your subscription is active | Deleted on account deletion |
| This biometric consent record | Your account lifetime + 4 years | Legal hold; not deleted on account deletion |
A GCS lifecycle rule provides an automatic backstop: any selfie object older than 31 days is permanently deleted regardless of application-level state.
What this means in practice: after your 30-day window, the original photos are gone. We retain only the 8 numeric category scores and the generated quest text, not any pixel data.
6. Your rights
You have the right to:
- Know — you are reading this policy before any data is collected.
- Delete your photos at any time without closing your account. Go to Account > Privacy > "Delete my photos". Deletion happens immediately; your subscription and progress scores are unaffected.
- Delete your account and all data at any time. Go to Account > Privacy > "Delete my account". This permanently deletes all your photos, scores, and account data.
- Withdraw consent — because selfie upload requires active consent, you may stop using the upload feature at any time. This does not trigger retroactive deletion; use the "Delete my photos" option for that.
- Request deletion by email — if you cannot access the app, email privacy@suvant.com and we will complete deletion within 72 hours.
7. Consent required before upload
No selfie byte is accepted until you have explicitly and affirmatively consented to this policy. The consent:
- Is collected on a dedicated screen before the upload UI is shown.
- Is recorded with a timestamp, your IP address, and your browser user agent.
- Is versioned to this policy version (`biometric-v1`). A material update to this policy will require you to re-consent before your next upload.
- Is not bundled with Terms of Service consent — it is a separate, standalone affirmation.
By recording your consent you affirm:
- You have read and understood this Biometric Data Policy.
- You are 18 years of age or older.
- The photos you will upload are of yourself only.
- You authorize Suvant to collect, store, and process your biometric data as described in this policy.
8. Questions and contact
Biometric privacy questions: privacy@suvant.com
Mailing address: Available on request at privacy@suvant.com.