SONAMAK LLC • Policies

Biometric Data Retention & Deletion Policy

Last updated: 2025-09-24 • Contact: legal@sonamak.org

1) Overview

For certain projects we may process limited biometric identifiers or information—such as facial geometry (for identity verification and character consistency) or voiceprint characteristics (for identity verification and, if opted in, voice synthesis). We apply this policy to those data.

2) What we collect

  • Identity verification: Scans/derived measurements needed to confirm age/authority and match a submitted ID to the signer.
  • Character consistency: Measurements used to keep a consistent on-screen persona across AI shots within the same project.
  • Voice (optional): If the signer opts in, features needed to capture or synthesize voice for the project.

3) Purpose & legal basis

We use biometric data only to (i) verify identity/age/authority for consent, and (ii) maintain character/voice consistency for the stated project. Our legal basis is the signer’s written consent (Short-Form), and our legitimate interest in preventing fraud and honoring consent.

4) Retention schedule

Retention window: 45 days after the project is marked “closed” (final delivery or cancellation), unless we must preserve records longer for legal claims, audits, or compliance. Minimal consent logs (non-biometric metadata) may be retained beyond 45 days as part of our legal records.

5) Deletion

At the end of the retention window, biometric identifiers and any derived files used solely for identity verification or character/voice consistency are deleted from our active systems and scheduled for removal from backups in the ordinary course.

6) Security

We use reasonable administrative, technical, and physical safeguards. Access is limited to personnel who need it to verify identity/manage consent or deliver the project. We may use reputable cloud providers under confidentiality and data-processing terms.

7) Access & disclosure

We do not sell biometric data. We may disclose it to service providers solely to (i) verify identity/age/authority, (ii) run anti-fraud checks, or (iii) enable project delivery. We require such providers to protect data and prohibit sale or unrelated use.

8) Your rights

You may request access or deletion of biometric data by emailing legal@sonamak.org. Deletion requests do not require us to recall previously published ads or cancel media already in flight.

9) State-specific notices

  • Illinois (BIPA): We collect/use biometric identifiers only with written consent; we publicly post retention and deletion schedules; we do not sell or profit from biometric data.
  • Texas (CUBI): We obtain consent before capturing a biometric identifier; we do not sell; we protect and delete per this policy.
  • Washington: We obtain consent and limit disclosure to the purposes listed above.

10) Changes

We may update this policy. Material changes will be reflected by the “Last updated” date and, where appropriate, communicated in project communications.

Related: