GRAYPASSDOC/LEGAL-04
Biometric Information
Privacy.
Effective June 25, 2026. Our public written policy under the Illinois Biometric Information Privacy Act: consent before collection, a real retention schedule, real destruction guidelines, and a no-sale commitment without an asterisk.
I. PURPOSE AND SCOPE
This is GrayPass's written policy regarding biometric data, published in accordance with the Illinois Biometric Information Privacy Act, 740 ILCS 14 (“BIPA”), and made available to the public as BIPA §15(a) requires.
It applies to any data GrayPass collects, captures, receives, or stores that constitutes a “biometric identifier” or “biometric information” under BIPA, and to the behavioral templates we create, wherever an Illinois resident is concerned.
II. OUR POSITION ON BEHAVIORAL PRINTS
GrayPass does not collect the identifiers BIPA enumerates: no retina or iris scans, no fingerprints, no voiceprints, and no scans of hand or face geometry. What we process are interaction timing patterns - typing cadence, pointer dynamics, reaction rhythm - reduced to a salted, cancelable template.
Whether such behavioral templates fall within BIPA's definitions is not settled law. We do not rest on that ambiguity: we treat behavioral prints with the full set of protections BIPA prescribes for biometric identifiers, as set out below. When in doubt, we apply the stricter reading.
III. CONSENT BEFORE COLLECTION
Before any behavioral signals are collected from an Illinois resident, GrayPass (or the customer whose application integrates GrayPass) must:
- inform the person in writing that behavioral timing data is being collected and a template created;
- state the specific purpose (identity verification) and the length of term over which the data will be kept;
- obtain a written release - in practice, an explicit electronic consent - before collection begins.
The SDK ships with consent gating on by default, and enrollment cannot proceed without an affirmative act. Customers deploying GrayPass to Illinois users are contractually required to present this notice and obtain this consent.
IV. RETENTION SCHEDULE
We retain behavioral prints only while they serve the verification purpose for which they were created:
- Active accounts: the print persists while the account (or the customer relationship it belongs to) remains active.
- Deletion requests: destroyed within thirty (30) days of a verified request.
- Inactivity: destroyed when the initial purpose for collection has been satisfied, and in any event within three (3) years of the individual's last interaction with the service - whichever comes first, per BIPA §15(a).
- Raw behavioral streams: never retained at all; they are discarded in-session by construction.
V. DESTRUCTION GUIDELINES
Destruction means the permanent, irreversible deletion of the salted print, its helper data, and its salt from production systems, followed by expiry from encrypted backups on their rotation schedule (no longer than thirty (30) additional days).
Because prints are salted per user, destruction of the salt alone already renders the template permanently unusable; we destroy both. Seed rotation - which re-issues a template and invalidates all prior artifacts - is additionally available to any user on request, at any time.
VI. NO SALE, NO PROFIT, NO UNAUTHORIZED DISCLOSURE
- GrayPass does not - and will not - sell, lease, trade, or otherwise profit from biometric identifiers, biometric information, or behavioral templates. Ever.
- We do not disclose them except: with the individual's consent; to complete a transaction the individual requested (returning a verification decision to the application they are signing into); or when required by law, warrant, or subpoena.
- Decisions returned to customers contain accept/deny, confidence, and reason codes - never the template, never raw signals.
VII. STANDARD OF CARE
Behavioral templates are stored using a standard of care at or above how we protect all confidential information, and at or above the reasonable standard for our industry: envelope encryption at rest, TLS 1.3 in transit, per-user salts held separately from templates, access controls, and audit logging. The full posture is documented in the Security document and Trust Center.
VIII. ILLINOIS RESIDENTS' RIGHTS AND CONTACT
If you are an Illinois resident, you may request access to, or destruction of, any behavioral template we hold about you, and you may withdraw consent to further collection at any time. Requests go to hello@graypass.org with the subject “BIPA request”; we respond within thirty (30) days.
If GrayPass is processing your data on behalf of an application you use, we will honor destruction instructions from that application and route your direct requests to it, as the law and our contracts require.
THE LEGAL LIBRARY