Effective Date: [28/10/2025]
1. Data Processing
As part of the process of creating an account with ChainIT®, you must provide a photo of your government-issued identification document (“Government ID”) and live video of your face. ChainIT uses information from your Government ID (e.g., driver’s license number, barcode) to retrieve a copy of the photo associated with your Government ID from the governmental authority that maintains the Government ID (e.g., your state’s Department of Motor Vehicles). ChainIT does not send any data about your face to the governmental authority during this process. ChainIT then extracts facial maps from the live video of your face, from the Government ID that you uploaded, and from the photo obtained from the governmental authority, analyzes the facial maps for signs of fraud, and compares the facial maps to one another to verify your identity. The facial map data is extracted using Amazon Rekognition through a microservice in the ChainIT environment. Once your identity is successfully verified, ChainIT creates a unique identification consisting of unique binary computing code based on the facial map (“Bio ID”), and the facial map is deleted. The Bio ID is saved in the ChainIT Immutable Ledger database on ChainIT’s Amazon Web Services infrastructure, as one of the elements of your five-factor ChainIT ID.
Each time you subsequently use your ChainIT ID in connection with taking any action, ChainIT will use Amazon Rekognition to extract a facial map from live video of your face and will compare that to the saved Bio ID as one of the five-factor elements of authenticating your identity. The face map is deleted immediately once the comparison is completed. Once all five factors have been authenticated to the level required for the action you are taking, you will be able to proceed with that action. Your facial map and Bio ID are not shared with any other parties during this process; each Bio ID is device-bound to your device
and encrypted, and the ChainIT logs record only non-biometric verification events for audit purposes.
Some or all of the data described in this Biometric Policy may constitute biometric identifiers or biometric information under applicable laws.
2. Data and Account Deletion
You can choose to delete your account at any time, and doing so will cause your Bio ID to be deleted. You cannot delete your Bio ID without deleting your entire account because ChainIT cannot be used without your Bio ID. Additionally, if you have not interacted with ChainIT (e.g., logged into your account, paid a subscription fee, used your ChainIT ID) for one year, ChainIT will delete your account, including your Bio ID, and you will need to create a new ChainIT account if you choose to use ChainIT again in the future.
If you ever send ChainIT a biometric sample or screenshot in connection with seeking troubleshooting support, ChainIT will use it exclusively for the purpose of troubleshooting your issue and will destroy it once troubleshooting is complete.
3. Data Security
ChainIT uses the reasonable standards of care within its industry for storing, transmitting, and protecting your data from disclosure, in a manner that is at least as good as the methods we use to store, transmit, and protect other confidential and sensitive information. ChainIT maintains immutable audit trails verifying system integrity.
4. Data Disclosure
ChainIT will not sell, lease, trade, or otherwise profit from your face map data or Bio ID.
Except as described in this Biometric Policy, ChainIT will not disclose, redisclose, or otherwise disseminate your Bio ID unless required by law.
5. Washington My Health My Data Act Rights
Washington residents and individuals whose biometric data is collected in Washington may have the following rights related to their biometric data to the extent such information is considered consumer health data under the Washington My Health My Data Act (the “Washington Act”):
- Confirm whether we are collecting, sharing, or selling your biometric data. As explained above, we do not sell biometric data.
- Access your biometric data.
- Request that your biometric data be deleted. Please see the data and account deletion section above for more information about deleting your biometric data.
- Withdraw consent from our collection and sharing of your biometric data. Please note that this will result in deletion of your account.
- Obtain a list of all third parties and affiliates with whom we have shared your consumer health data and an active email address or other online mechanism to contact third parties. We do not share consumer health data with third parties or affiliates, as those terms are defined in the Washington Act.
Requests to exercise the above rights can be submitted to: privacy@chainit.com. We will not discriminate against you for choosing to exercise any of these privacy rights.
If we deny your privacy rights request and you believe it was denied in error, you have the right to request an appeal by emailing privacy@chainit.com.