Privacy by Design
Biometrics Your People Can Say Yes To
Most biometric deployments fail on trust, not technology. This page explains — in the same plain language we'd use at an all-hands meeting — exactly what Alcatraz AI's facial authentication collects, where it lives, and who controls it.
Is facial authentication the same as facial recognition?
No. Facial recognition identifies unknown people in a crowd, without their participation. Facial authentication verifies one enrolled, consenting person at one door — a one-to-one match the person initiated by walking up. Nobody who hasn't opted in is ever matched against anything.
The distinction is technical, legal, and cultural at once — we wrote a full explainer in Facial Authentication vs. Facial Recognition.
Data Lifecycle
What Happens to the Data, Start to Finish
-
01
Consent
A person opts in through the Alcatraz Platform. The consent record — who, when, to what — is stored and auditable.
-
02
Template
A short 3D scan is converted into an encrypted mathematical template. The template cannot be reversed into a face, and the source imagery is not retained on the device.
-
03
Authentication
At the door, the live scan is matched against the template on the reader itself. The decision never leaves the edge.
-
04
Revocation
Consent can be withdrawn at any time. Revocation triggers deletion of the template, and the badge keeps working as it always did.
Encryption throughout: AES-256 at rest, TLS 1.2/1.3 in transit.
What We Never Do
Precision matters in privacy claims, so here are the commitments stated as absolutes — and only the ones that are true absolutes.
- No photos, names, or videos stored on the device
- No enrollment without recorded, revocable consent
- No identifying people in crowds — one-to-one authentication only
- No selling or sharing of biometric data
- No lock-in: badges remain a permanent fallback
How does this map to GDPR, BIPA, and CCPA?
The architecture is built around the strictest common denominators of biometric law: informed opt-in consent (BIPA's written-consent standard), purpose limitation and data minimization (GDPR), disclosure and deletion rights (CCPA), and auditable records for all of it. Alcatraz AI maintains SOC 2 attestation.
Sector rules layer on top of the biometric statutes — from healthcare and government to critical infrastructure. The same properties that satisfy GDPR, BIPA, and CCPA — informed consent, minimal collection, deletion on request, and clear records of who accessed what — give your counsel a straightforward story to tell under whichever framework governs your facilities. We support that review rather than hand-waving it: your legal team gets the full data-flow documentation.
FAQ
The Questions Privacy Reviews Ask
Can the stored template be turned back into a face?
No. The template is a one-way mathematical representation — it cannot be reconstituted into an image of a face. Even someone with full access to the encrypted template could not recover a photo from it.
Who can see when a student used a door?
The same people who can see it today: access events flow into your existing access control system under your existing role-based permissions and retention policies. Facial authentication changes how the credential is presented, not who can read the logs.
What happens when a student revokes consent or graduates?
Revocation triggers deletion of the biometric template, and the consent record notes the withdrawal. Offboarding works the same way through the Alcatraz Platform, so departures can be tied to your existing identity lifecycle.
Bring Your Privacy Office to the Demo.
Seriously — the demo is better with your hardest privacy questions in the room.