Privacy Policy

This is the Privacy Policy for Noah Facial Recognition Pty Ltd ("NoahFace", "we", "us").

This Privacy Policy was last updated: 28th May 2025 and is effective from 28th May 2025.

This Privacy Policy details:

• What information we collect.
• How we use information.
• How we protect information.
• When we destroy information.
• How we comply with local legislation.
• How we update this privacy policy.
• How to contact NoahFace regarding privacy.
• How to contact Government regarding privacy.

This Privacy Policy refers to:

• The NoahFace public Web site (noahface.com).
• The NoahFace Platform, which runs in the Cloud and can be accessed using a Web Browser.
• The NoahFace App, which runs on permanently mounted iPads.
• The NoahFace Go App, which runs in iPhone and Android mobile phones.

Collectively these are referred to as the "NoahFace Service".

What Information we Collect

Business Information

We collect information about organisations that sell/support the NoahFace Service ("Partners"), use the NoahFace Service ("Customers"), or may use/sell/support the NoahFace Service. This includes information such as the organisation's:

• Name.
• Location.
• Industry.
• Size.
• Contact Details (eg: Primary Contact, Email, Phone, etc).
• Technology (eg: Payroll Platform, Access Control Platform).

Collecting this information is essential to us doing business.

Customer Information

The NoahFace Platform allows Partners to manage their Customers, and to allows Partners and Customers to manage how each Customer uses the NoahFace Service. This includes information such as the Customer's:

• Sites.
• Devices.
• Access Rules.
• Subscriptions.

Collecting this information is essential to the operation of the NoahFace Service and to Partners and Customers doing business.

User Information

The NoahFace Platform allows Customers to manage information about their employees/members/students/customers/etc ("Users"). This includes information such as the User's:

• Unique identifier (eg: employee number, member number, student number, etc).
• Name.
• Contact details (ie: email and mobile phone number).

The NoahFace App allows each User to register - a process which allows Users to submit their:

• Profile picture.
• Biometric data (ie: key facial features).

The NoahFace Go App allows users to submit their:

• Profile picture.

Collecting this information is essential to the operation of the NoahFace Apps and to Customers doing business.

Biometric Information

The NoahFace Service uses facial recognition technology. With the consent of Users, whenever they use the NoahFace App their photo is taken and their biometric information (ie: their unique facial characteristics) is extracted. The use of facial recognition allows Users to be automatically identified on subsequent uses. The NoahFace Service provides important capabilities to support the responsible collection and use of biometric information, including:

• Requiring Users to acknowledge a simple privacy statement and to actively consent to the capture of biometric data.
• Allowing non-consenters to use an alternative means of identification, such as passcodes.
• Allowing Users to remove their consent at any time, at which time biometric data is destroyed.

Collecting this information is essential to the operation of the NoahFace App.

Usage Information

The NoahFace Platform allows Customers to collect information about each activity (or event) performed using the NoahFace Apps. This includes information such as:

• The date and time.
• The identifier of the User.
• The type of activity (eg: clock in, access, start job, etc.)
• Details of the activity (eg: an entered job number or selected task type).

The NoahFace App also allows Customers to collect:

• The User's photo.
• The User's temperature (if an optional temperature sensor is deployed).

The NoahFace Go App also allows Customers to collect:

• The User's location (this requires the User's explicit consent).

Collecting this information is essential to the operation of the NoahFace Apps and to Customers doing business (eg: so you can pay staff for the hours they work).

How we Use Information

Business Information

We collect information on organisations that use or may use the NoahFace Service so we can keep them informed about relevant and important changes. For example, this allows us to notify organisations of updates to:

• The NoahFace Service.
• Pricing.
• This Privacy Policy.

We may also contact organisations regarding other related products or services offered by us or our Partners. If we do contact you, we will provide a mechanism for you to opt out of receiving future communications.

NoahFace does not share or sell your business information, including your contact details.

Customer Information

The NoahFace Platform allows Partners to manage their Customers, and to allows Partners and Customers to manage how each Customer uses the NoahFace Service. For example, you can configure:

• The list of sites and devices.
• The behaviour of each device when a User interacts with it.

NoahFace does not use your customer information for our own purposes, nor do we share it with or sell it to others.

User Information

The NoahFace Platform allows Customers to manage information on Users so that you can control which Users can make use of the NoahFace Apps, and how they can use it. For example, to control which employees:

• Need to record their time and attendance.
• Have access to restricted areas.

NoahFace does not use your user information for our own purposes, nor do we share it with or sell it to others.

Biometric Information

The biometric information collected by the NoahFace App allows Users to be recognised automatically.

NoahFace does not use your biometric information for our own purposes, nor do we share it with or sell it to others.

Usage Information

The NoahFace Apps allow Customers to collect information about each activity (or event). If you use the NoahFace Apps stand-alone, the usage information is only retained on your device. If you choose to connect the NoahFace Apps to the NoahFace Platform, then this information is retained in the NoahFace Platform so that you can perform queries and reports on it.
‍
Customers can configure the NoahFace Platform to send a subset of the usage information to 3rd party systems. For example to:

• A Payroll System, to automatically populate timesheets, so that employees can be paid.
• An Access Control System, to evaluate whether a user should have access a restricted area, so that security can be maintained.

NoahFace does not use usage information for our own purposes, nor do we share it with or sell it to others.

How we Protect Information

Business Information

Information on businesses that use or may use the NoahFace Service is stored in our IT systems. We take responsible measures to protect this information. For example:

• Access to business information is limited to authorised employees.
• Access to business information is password protected.
• Business information is backed up.

Customer Information

Information on the Customers that use the NoahFace Service may be stored in the NoahFace Platform. We take responsible measures to protect this information. For example:

• Access to customer information is limited to authorised employees.
• Access to customer information is password protected.
• Customer information is backed up.
• Customer information is encrypted both in transit and at rest.

User Information

Information on the Users of the NoahFace Apps may be stored in the NoahFace Platform. We take responsible measures to protect this information. For example:

• Access to user information is limited to authorised employees.
• Access to user information is password protected.
• User information is backed up.
• User information is encrypted both in transit and at rest.

Biometric Information

Biometric information is a special form of information for which additional privacy protections are offered. We take responsible measures to protect this information. For example:

• Biometric Information is NOT viewable.
• Biometric Information is NOT exportable.
• Biometric information is backed up.
• Biometric information is encrypted both in transit and at rest.

Usage Information

Information on the usage of the NoahFace Apps may be stored in the NoahFace Platform. We take responsible measures to protect this information. For example:

• Access to usage information is limited to authorised employees.
• Access to usage information is password protected.
• Usage information is backed up.
• Usage information is encrypted both in transit and at rest.

When we Destroy Information

NoahFace actively destroys information after its useful purpose has passed.

Customer Information

Customer information is destroyed when a Customer leaves the NoahFace Service. At this time, all associated User, Biometric, and Usage information for that Customer is also destroyed.

User Information

User information is automatically destroyed a Customer configurable retention period after a User is removed from the NoahFace Service (eg: when the employer / employee relationship is terminated). This retention period is 90 days by default.

Biometric Information

Biometric information for a User is retained until any one of the following conditions is met:

• A User is removed from the NoahFace Service (eg: when the employer / employee relationship is terminated). In this case, Customers can configure whether the associated biometric information is either destroyed immediately or when the associated user information is destroyed (ie: after the configured retention period).
• A User removes their consent to the use of their biometrics. In this case, the User can continue to use the NoahFace App by manually identifying themselves using non-biometric methods (eg: passcodes).
• 25 years has passed from the date a User provided consent to use their biometrics.

Once any one of these conditions is met, the User's biometric information is destroyed.

Usage Information

Usage information is automatically destroyed after a Customer configurable retention period. This retention period is 90 days by default.

How we Comply with Local Legislation

Privacy legislation differs all over the world. If you collect, store, and process information, and particularly personal data, it is critical you understand and comply with your local privacy legislation. Using a provider such as NoahFace that has a strong commitment to privacy does not absolve your legal obligations around privacy. You should seek your own professional legal opinion on privacy legislation prior to implementing any new process that involves the collection, storage, and processing of information, and prior to using the NoahFace Service.

The pages below explain how NoahFace complies with, and/or helps you comply with, specific local legislation:

• United Kingdom GDPR
• California Consumer Privacy Act (CCPA)
• Illinois Biometric Privacy Act (BIPA)
• Texas Capture or Use of Biometric Identifiers Act (CUBI)
• Washington Biometric Act (HB 1493)

How we Update this Privacy Policy

The latest version of the Privacy Policy is held at www.noahface.com/privacy

We reserve the right, at our sole discretion, to modify or replace this Privacy Policy at any time to reflect updates to our practices or relevant laws. Any changes to this Privacy Policy will become effective on posting. The date this Privacy Policy was last updated is recorded at the top of this Privacy Policy.


Contacting NoahFace about Privacy

Should you have any concerns about your privacy or have any questions about this privacy policy, you can contact us at:
privacy@noahface.com

EU and UK General Data Protection Regulation (GDPR) – EU and UK Representative

Pursuant to Article 27 of the European Union (EU) General Data Protection Regulation (GDPR) as well as the UK GDPR, Noah Facial Recognition Pty. Ltd. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU and the UK.

You can contact EDPO regarding matters pertaining to the GDPR:
EU GDPR:
- by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- by writing to EDPO at: Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
UK GDPR:
- by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
- by writing to EDPO UK at: 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

Contacting Government about Privacy

Should you have further questions about privacy or your rights, you can also contact:‍