Back to Home

Biometric Information Privacy Policy & Consent

Effective Date: May 7, 2026

This Biometric Information Privacy Policy (the “Policy”) explains how BigShop AI (“BigShop”, “we”, “us”) and the shop you work for (the “Employer”) collect, store, use, share, retain, and destroy biometric identifiers and biometric information (collectively, “Biometric Data”) through the BigShop AI Face ID clock-in system (the “System”).

BigShop is the technology provider for the System. The Employer is the party that decides whether to enable the System and is the data controller for its workforce’s Biometric Data. BigShop acts as the Employer’s service provider and processes Biometric Data only on the Employer’s documented instructions and as described in this Policy.

This Policy supplements — and is incorporated by reference into — our general Privacy Policy. To the extent there is any conflict between this Policy and the general Privacy Policy with respect to Biometric Data, this Policy controls.

1. Compliance Framework

This Policy is designed to comply with U.S. state biometric-privacy laws, including but not limited to:

• Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq. — written notice, written release, and a publicly available retention & destruction schedule
• Texas Capture or Use of Biometric Identifier Act (CUBI), Tex. Bus. & Com. Code § 503.001 — informed consent, reasonable care in storage, and destruction within a statutory window
• Washington Biometric Privacy Act, RCW 19.375 — notice and consent before enrollment in a database for a commercial purpose
• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), Cal. Civ. Code § 1798.100 et seq. — notice at collection, sensitive personal information rights, and the right to deletion
• New York City Biometric Identifier Information Law, N.Y.C. Admin. Code § 22-1201 et seq. — prohibition on selling, leasing, or trading biometric identifier information
• Other applicable state, local, and federal laws in jurisdictions where your Employer operates

If you reside outside the United States and applicable foreign biometric-privacy laws (e.g., GDPR Art. 9 special-category data) provide stronger protections, the Employer will honor those stronger protections.

2. Purpose of Collection

The Employer uses the System to facilitate workforce time-and-attendance. The lawful, legitimate purposes for collecting Biometric Data are:

• Identity verification at clock-in and clock-out for accurate payroll and labor tracking
• Fraud prevention — specifically the prevention of “buddy punching” (one employee clocking in or out for another)
• Workplace and facility security, where the Employer also uses the System for access control
• Audit, dispute resolution, and compliance with wage-and-hour laws — limited to confirming that a punch event occurred and was attributable to the enrolled person

Biometric Data is never used to train, refine, or evaluate any artificial- intelligence model. It is never used to monitor employee productivity beyond the discrete clock-in / clock-out event, and never used for any purpose not described in this Policy.

3. What We Collect — and What We Do Not

The persisted enrollment record contains:

• The Face Vector identifier returned by AWS Rekognition
• The AWS Rekognition Collection ID associated with your Employer’s tenant
• Your internal user ID, the timestamp of enrollment, and the version of the consent text you accepted
• Optional fallback PIN hash (one-way), if the Employer has enabled PIN fallback for the System — the PIN itself is never stored
• The timestamp of the most recent successful verification, for audit purposes

We do not collect, derive, or retain: fingerprints, iris or retina scans, voice prints, DNA, gait, keystroke dynamics, or any other biometric identifier outside of the Face Vector described above.

4. Where Biometric Data Is Stored

Face Vectors are stored exclusively within an isolated, per-tenant Amazon Web Services (AWS) Rekognition Collection hosted in BigShop’s AWS account in the United States. Each Employer has its own dedicated Collection — Face Vectors are never commingled across tenants.

The associated user metadata (vector ID, collection ID, timestamps, consent version) is stored in a BigShop-managed Amazon DynamoDB table, encrypted at rest with AWS-managed KMS keys (AES-256-equivalent) and in transit using TLS 1.2 or higher.

Access to the underlying AWS resources is restricted via IAM roles and is limited to BigShop engineering personnel who require it to operate, secure, or troubleshoot the System. All access is logged in AWS CloudTrail.

5. Disclosure and Sharing

Biometric Data may be disclosed only in these narrowly defined circumstances:

• Sub-processors strictly necessary to operate the System — currently Amazon Web Services, Inc. for Rekognition compute and Collection storage. AWS processes Biometric Data only on our documented instructions and is contractually prohibited from using it for any other purpose.
• The Employer — your Employer can see whether you are enrolled, when you last verified, and your audit trail of clock-in events. The Employer never sees the raw Face Vector itself.
• You — you may request a copy of the metadata we hold about your enrollment. See Section 9.
• Legal compulsion — disclosure required by a valid subpoena, warrant, court order, or other binding legal process. Where lawful, we will notify the Employer and you before disclosing.
• Successor-in-interest — in connection with a merger, acquisition, or sale of substantially all of BigShop’s assets, provided the successor is bound by privacy commitments at least as protective as this Policy.
• With your separate written consent, in the rare circumstance that the Employer asks for a use not described above. Consent obtained for a different purpose may not be repurposed.

6. Retention & Destruction Schedule

BigShop and the Employer permanently destroy your Biometric Data — both the Face Vector held in AWS Rekognition and the associated metadata held in DynamoDB — upon the first of the following to occur:

1. The initial purpose for collecting the Biometric Data has been satisfied — for example, the Employer turns off the Face ID feature, or transitions away from the System
2. Your employment or other working relationship with the Employer ends, for any reason (resignation, termination, retirement, role change that no longer requires clock-in)
3. You revoke consent or request deletion (see Section 9)
4. An administrator at the Employer resets your enrollment
5. Three (3) years have elapsed since your last interaction with the System (BIPA § 15(a) outer bound)

Destruction is performed against the live AWS Rekognition Collection and the live DynamoDB record. AWS’s standard sub-system retention windows (e.g., short-lived backup snapshots) may briefly retain a copy until aged out per AWS’s published retention practices, after which no copy of your Face Vector remains in any BigShop or AWS system. We do not maintain long-term backups of the Rekognition Collection.

7. Your Consent

Before any Biometric Data is collected, you will be presented with a written disclosure describing the purpose of collection, the duration for which the data will be stored and used, and a link to this Policy. You must affirmatively agree by checking a consent box and tapping “Continue” before the System will capture any image. Tapping “Cancel” ends the flow with no data collected.

Each consent record stores the version of the consent text you accepted and the timestamp at which you accepted it, so the Employer can demonstrate compliance with BIPA § 15(b) and similar laws.

8. Your Right to Refuse — and the Alternative

Enrollment in the Face ID System is voluntary. You may decline to enroll, and you may revoke your consent at any time after enrolling, without retaliation, demotion, or adverse change in the terms or conditions of your employment from BigShop’s side.

If you decline to enroll, ask your Employer for the PIN-based clock-in alternative or for the legacy manual punch flow — both are supported by the System.

The Employer is responsible for honoring your refusal and for offering a reasonable non-biometric alternative. If you believe the Employer has retaliated against you for refusing, please contact your Employer’s HR function and, if needed, the appropriate state agency (e.g., Illinois Department of Labor for BIPA-related claims).

9. Your Rights — Access, Correction, Deletion, Portability

You have the following rights with respect to your Biometric Data:

• Right to know. Request a description of the Biometric Data we hold about you, the categories of recipients, the retention schedule, and the purposes of processing.
• Right to deletion. Request that we permanently destroy your Face Vector and the associated metadata. We will action the request promptly and, in any event, within the timeframes required by applicable law.
• Right to revoke consent. Withdraw your consent prospectively. Revocation triggers deletion under Section 6.
• Right of correction. If the metadata about your enrollment is inaccurate (e.g., wrong user record), ask us to correct it.
• Right to portability of metadata. Where applicable, request a machine- readable copy of the non-biometric metadata associated with your enrollment. The Face Vector itself is not portable — it is mathematically tied to AWS Rekognition.
• Right to non-discrimination. We will not deny services, charge different prices, or provide a different level of service because you exercised any of these rights.
• Right to lodge a complaint with your state Attorney General, the Federal Trade Commission, or — if you are in the EEA/UK — your supervisory authority.

To exercise any of these rights, please first contact an administrator at your Employer (they can fulfil deletion and access requests directly within the BigShop AI admin console). If you cannot reach an administrator, contact BigShop directly at support@bigshopai.com and we will route the request appropriately. We may need to verify your identity before responding.

10. Security Measures

BigShop applies the same standard of care to Biometric Data that we apply to other confidential and sensitive personal information, and at minimum the standard required by BIPA § 15(e):

• Encryption at rest (AWS KMS, AES-256-equivalent) for all metadata records
• Encryption in transit (TLS 1.2 or higher) for every network call involving Biometric Data
• Per-tenant isolation — each Employer has a dedicated AWS Rekognition Collection
• Least-privilege IAM roles; principle-of-least-access for all engineering personnel
• Centralized audit logging via AWS CloudTrail and application-level audit records
• Regular vulnerability scanning, dependency review, and security testing of the System
• Incident-response procedures, including notification to affected Employers and individuals as required by applicable law

11. Children

The System is not designed for, marketed to, or intended to be used by individuals under 18 years of age. We do not knowingly collect Biometric Data from minors. If we learn that we have collected Biometric Data from a person under 18, we will delete that data immediately.

12. International Transfers

BigShop’s production AWS infrastructure is located in the United States. If you are using the System from outside the United States, your Biometric Data will be transferred to and processed in the United States. By enrolling, you acknowledge this transfer. Where required, the Employer is responsible for putting in place appropriate cross-border transfer mechanisms (e.g., Standard Contractual Clauses) with BigShop.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in law, technology, or our practices. When we make material changes, we will:

• Update the “Effective Date” at the top of this Policy
• Bump the consent version associated with the in-app disclosure, so enrolled users are re-prompted to accept the updated terms before the next verification
• Where required by law, notify Employers (who in turn must notify their workforce)

14. Contact

For questions, requests, or complaints about this Policy or our handling of Biometric Data:

We will acknowledge receipt of your inquiry within five (5) business days and respond substantively within the timeframes required by applicable law.