Privacy by Design

Biometrics Your People Can Say Yes To

Most biometric deployments fail on trust, not technology. This page explains — in the same plain language we'd use at an all-hands meeting — exactly what Alcatraz AI's facial authentication collects, where it lives, and who controls it.

Is facial authentication the same as facial recognition?

No. Facial recognition identifies unknown people in a crowd, without their participation. Facial authentication verifies one enrolled, consenting person at one door — a one-to-one match the person initiated by walking up. Nobody who hasn't opted in is ever matched against anything.

The distinction is technical, legal, and cultural at once — we wrote a full explainer in Facial Authentication vs. Facial Recognition.

Data Lifecycle

What Happens to the Data, Start to Finish

  1. 01

    Consent

    A person opts in through the Alcatraz Platform. The consent record — who, when, to what — is stored and auditable.

  2. 02

    Template

    A short 3D scan is converted into an encrypted mathematical template. The template cannot be reversed into a face, and the source imagery is not retained on the device.

  3. 03

    Authentication

    At the door, the live scan is matched against the template on the reader itself. The decision never leaves the edge.

  4. 04

    Revocation

    Consent can be withdrawn at any time. Revocation triggers deletion of the template, and the badge keeps working as it always did.

Encryption throughout: AES-256 at rest, TLS 1.2/1.3 in transit.

What We Never Do

Precision matters in privacy claims, so here are the commitments stated as absolutes — and only the ones that are true absolutes.

  • No photos, names, or videos stored on the device
  • No enrollment without recorded, revocable consent
  • No identifying people in crowds — one-to-one authentication only
  • No selling or sharing of biometric data
  • No lock-in: badges remain a permanent fallback

How does this map to GDPR, BIPA, and CCPA?

The architecture is built around the strictest common denominators of biometric law: informed opt-in consent (BIPA's written-consent standard), purpose limitation and data minimization (GDPR), disclosure and deletion rights (CCPA), and auditable records for all of it. Alcatraz AI maintains SOC 2 attestation.

Sector rules layer on top of the biometric statutes — from healthcare and government to critical infrastructure. The same properties that satisfy GDPR, BIPA, and CCPA — informed consent, minimal collection, deletion on request, and clear records of who accessed what — give your counsel a straightforward story to tell under whichever framework governs your facilities. We support that review rather than hand-waving it: your legal team gets the full data-flow documentation.

FAQ

The Questions Privacy Reviews Ask

Can the stored template be turned back into a face?

No. The template is a one-way mathematical representation — it cannot be reconstituted into an image of a face. Even someone with full access to the encrypted template could not recover a photo from it.

Who can see when a student used a door?

The same people who can see it today: access events flow into your existing access control system under your existing role-based permissions and retention policies. Facial authentication changes how the credential is presented, not who can read the logs.

What happens when a student revokes consent or graduates?

Revocation triggers deletion of the biometric template, and the consent record notes the withdrawal. Offboarding works the same way through the Alcatraz Platform, so departures can be tied to your existing identity lifecycle.

Is biometric data ever sold or shared?

No. Biometric templates are never sold or shared. Data protection terms are contractual, and compliance posture — SOC 2 attestation with GDPR, BIPA, and CCPA alignment — is documented for your counsel's review.

Bring Your Privacy Office to the Demo.

Seriously — the demo is better with your hardest privacy questions in the room.

Book a demo