AURA
← Back to home
AURA PROTOCOL BIOMETRIC DATA RETENTION AND DESTRUCTION POLICY Effective Date: June 1, 2026 Version: 2026-06-01.v1 Owner: Privacy and Security Contact: hello@joinauraprotocol.com 1. Purpose AURA Protocol uses biometric technology only when an individual affirmatively asks AURA to scan that individual’s own likeness. This Biometric Data Retention and Destruction Policy explains how AURA collects, uses, retains, protects, and destroys biometric identifiers and biometric information. This Policy is intended to satisfy applicable biometric privacy requirements, including laws that require a publicly available written retention schedule and destruction guidelines. 2. Scope This Policy applies to biometric data collected or created by AURA when an individual uses AURA’s likeness scan, likeness monitoring, identity rights, or related services. This Policy applies to: uploaded photos submitted by an individual for likeness scanning; face geometry, facial measurements, face templates, faceprints, embeddings, vectors, or similar data derived from an uploaded photo; candidate public image data processed to generate a likeness result; similarity scores, match confidence scores, and technical scan metadata where such data relates to biometric processing; records needed to document consent, withdrawal, deletion, security, audit, and compliance. This Policy does not apply to data that has been irreversibly deidentified or aggregated so it cannot reasonably be linked to an individual. 3. Definitions “Biometric Identifier” means a retina or iris scan, fingerprint, voiceprint, scan of hand geometry, scan of face geometry, or other biometric identifier covered by applicable law. “Biometric Information” means information derived from a Biometric Identifier that is used to identify, authenticate, verify, locate, or compare an individual’s likeness. “Face Template” means a mathematical representation, embedding, faceprint, vector, or similar technical output derived from a photo or facial image. “Likeness Scan” means an automated process requested by an individual to compare that individual’s submitted photo against candidate public web images to identify public URLs where that individual’s likeness may appear. “Member” means an individual who creates an AURA account or subscribes to an ongoing AURA service. 4. Collection and Consent AURA does not run a Likeness Scan unless the individual has first provided affirmative consent through AURA’s biometric consent flow. Before collection or processing, AURA provides notice of: the biometric data collected or created; the purpose of collection and processing; the service providers involved in processing; the retention period or retention criteria; the individual’s right to withdraw consent and request deletion; the fact that the scan is optional. AURA requires each individual to affirm that: the individual is at least 18 years old; the individual is the person shown in the submitted photo; the individual is requesting a scan of the individual’s own likeness; the individual is not submitting the photo of another person, a minor, a celebrity, or any person whose likeness the individual lacks authority to scan. 5. Permitted Uses AURA uses biometric data only for the following purposes: to document that the individual requested the scan; to compare the submitted photo against candidate public web images; to generate a likeness scan report; to provide ongoing likeness monitoring requested by a Member; to reduce false positives, false negatives, fraud, impersonation, stalking, misuse, and unauthorized scans; to secure AURA’s systems; to respond to deletion, access, correction, and withdrawal requests; to comply with legal, audit, dispute, and security obligations. AURA does not use biometric data for employment, credit, housing, insurance, public benefits, or other legally significant decisions. 6. No Sale or Profit From Biometric Data AURA does not sell, lease, trade, monetize, or otherwise profit from a person’s Biometric Identifiers or Biometric Information. AURA does not sell scan results. AURA does not authorize service providers to use biometric data for advertising, model training, resale, profiling unrelated to the requested service, or their own independent commercial purposes. 7. Service Providers AURA may use service providers to process image and scan data, including cloud infrastructure, image processing, biometric comparison, security, logging, and deletion workflow providers. AURA requires service providers that process biometric data on AURA’s behalf to process such data only for AURA’s authorized purposes, protect the data using appropriate safeguards, and support deletion or return of data where required by law and contract. AURA maintains internal records of material service providers used for biometric processing. 8. Retention Schedule AURA follows the shortest applicable retention period required by law, contract, product need, security, or user request. AURA’s standard retention schedule is: A. Nonmember Likeness Scan Uploaded photo: Deleted within 30 days after scan completion. Face template or biometric comparison data: Deleted within 30 days after scan completion. Temporary processing files: Deleted as soon as technically practicable after the scan, targeted within 72 hours. Candidate public images, if temporarily cached: Deleted as soon as technically practicable after processing, targeted within 72 hours, unless longer retention is needed for security, abuse prevention, legal review, or a user requested report. Public URL results, similarity scores, and scan report: Retained until the earlier of user deletion request, report expiration, account deletion, or the end of the retention period disclosed in the applicable product flow. Consent record: Retained as a limited compliance record for up to 7 years after the last interaction or longer where needed for legal claims, regulatory inquiry, audit, fraud prevention, or dispute resolution. Consent records must not contain a reusable face template unless retention is legally necessary and approved by Privacy and Security. B. Member Likeness Monitoring Uploaded photo: Retained only for as long as needed to provide the likeness monitoring service requested by the Member. Face template or biometric comparison data: Retained only for as long as needed to provide the likeness monitoring service requested by the Member. Deletion trigger: Deleted within 30 days after the earliest of: account closure; withdrawal of biometric consent; disabling of likeness monitoring; AURA no longer needing the data to provide the requested service; the individual’s last interaction reaches a legal destruction deadline; AURA determines the scan was unauthorized, suspicious, abusive, or legally improper. Public URL results, similarity scores, and scan reports: Retained for the active account period unless the Member requests earlier deletion, the report is expired, or AURA no longer needs the report to provide the requested service. Consent record: Retained as a limited compliance record for up to 7 years after the last interaction or longer where needed for legal claims, regulatory inquiry, audit, fraud prevention, or dispute resolution. C. Legal Maximums Where Illinois BIPA applies, AURA will permanently destroy biometric identifiers and biometric information when the initial purpose for collection has been satisfied or within 3 years of the individual’s last interaction with AURA, whichever occurs first. Where Texas CUBI, Washington law, Colorado law, CPRA, GDPR, UK GDPR, or another privacy law imposes a shorter or stricter rule, AURA applies the stricter rule. 9. Destruction Guidelines When a deletion trigger occurs, AURA will take commercially reasonable steps to destroy biometric data in a manner that renders the data unreadable, unrecoverable, and incapable of being used to identify or compare the individual. Deletion steps may include: deleting the uploaded photo from production object storage; deleting face templates, embeddings, vectors, and comparison records; deleting temporary processing files; deleting associated queued jobs; deleting cached candidate images where retained by AURA; deleting or deidentifying scan metadata not needed for compliance, fraud prevention, security, or legal purposes; sending deletion instructions to service providers where required and technically available; recording the deletion event in AURA’s deletion log. AURA may retain limited deletion records that show the request date, verification status, action taken, system affected, actor, timestamp, and outcome. These records must not contain reusable biometric templates. 10. Backups and Archives AURA deletes biometric data from active production systems first. Biometric data contained in encrypted backups or disaster recovery archives will be deleted, overwritten, or rendered inaccessible according to AURA’s backup lifecycle, targeted within 90 days, unless a shorter period is required by law or contract. AURA will not restore deleted biometric data from backups except where necessary for security, disaster recovery, legal preservation, or regulatory response. If restored, the data will be re-deleted according to this Policy. 11. Security AURA protects biometric data using administrative, technical, and physical safeguards appropriate to the sensitivity of the data. Controls include: encryption in transit; encryption at rest; role based access controls; least privilege access; access logging; segregation of production and development environments; vendor access controls; rate limiting and abuse detection; security review of biometric processing systems; incident response procedures. AURA prohibits the use of live biometric data in development, testing, demo, or sales environments unless Privacy and Security approve a documented exception. 12. Security Incidents If AURA identifies a security incident that may compromise biometric data, AURA will activate its incident response process. The incident response process includes: triage and containment; scope analysis; forensic preservation; affected system identification; vendor coordination; legal notification assessment; regulatory notification assessment; user notification assessment; remediation tracking; post incident review. 13. User Requests Individuals may request withdrawal of consent, deletion, access, correction, or other privacy rights by emailing hello@joinauraprotocol.com or using the applicable privacy request form. AURA may request information needed to verify the individual’s identity and protect against fraudulent or unauthorized requests. 14. Minors AURA’s biometric likeness scan is not intended for individuals under 18. AURA does not knowingly collect biometric data from minors through this feature. If AURA learns that biometric data from a minor was submitted, AURA will delete the data unless retention is legally required. 15. Public Availability and Updates AURA will make this Policy publicly available on its website. AURA may update this Policy from time to time. Material changes that expand biometric collection, use, disclosure, or retention will require updated notice and consent where required by law. 16. Contact Questions or requests may be sent to: AURA Protocol Privacy and Security hello@joinauraprotocol.com