Privacy, Biometrics, and Security at a Glance


NoahFace’s policies and procedures comply with the United Kingdom’s General Data Protection Regulation (GDPR) requirements, often considered the global “Gold Standard” in privacy law. In the jurisdictions around the world with the most advanced privacy regulation there are 7 common themes emerging. The good news is that NoahFace deals with all of them:

  1. Notice and consent - NoahFace displays a clear and simple notice during registration that explains the data that is captured and its use. This notice can be extended to address any local or business specific requirements. NoahFace only captures data after consent to this notice.
  2. Minimisation of data - NoahFace only captures data that is absolutely necessary for a business purpose. For example, for Time and Attendance applications, NoahFace captures the date, time, and location of an employee’s work, so that they can be accurately paid.
  3. Retention and destruction - NoahFace can be configured to automatically delete data after any period, from 3 months to up to 7 years. Data can also be manually deleted as required.
  4. Individual Rights - NoahFace provides facilities to allow data to be queried, updated, exported, and deleted as needed to satisfy individual data rights provided in many jurisdictions.
  5. Prohibition of commercial use - NoahFace does not and will not use personal data (including biometrics) for commercial purposes, nor do we sell, lease or disclose personal data to 3rd parties for their commercial purposes.
  6. Non-biometric alternatives - In the event that certain staff are not comfortable with consenting to the capturing of personal biometric data, NoahFace offers alternative (non-biometric) authentication methods (such a passcodes).
  7. Data security - NoahFace has comprehensive data storage, transmission and protection policies of benchmark standard. This includes encrypting data in transit and at rest. All data is stored within Amazon Web Services.

To learn more about NoahFace's commitment to privacy, see the full NoahFace Privacy Policy.


New customers often have questions about biometrics - and the most common of those questions are answered below:

  1. What are biometrics? Biometrics are a series of measurements (or “vectors”) extracted from a face, for example the distance between the eyes, or between the chin and nose, that together can uniquely identify a face.
  2. How does NoahFace capture biometrics? To register to use NoahFace, employees stand in front of a mounted iPad and consent to a simple notice explaining the data captured and its use. Their biometrics are then automatically extracted from their face while they are looking at the iPad. The registration process is simple and fast (normally 15-20 seconds), and once an employee has registered, they will be automatically recognised on subsequent uses. NoahFace does not capture photographs from external sources such as social media.
  3. Where are biometrics stored? Customers have the option of storing biometrics only on the iPads where they are captured, or replicating them to the Cloud so that employees can be recognised at other iPads.
  4. Can biometrics be extracted and used for identity fraud? No. NoahFace does not provide a mechanism to extract biometrics, and even if they could be extracted, biometrics cannot be used to construct a photograph.
  5. When are biometrics deleted? Biometrics are automatically deleted when an employee leaves a business. They can also be manually deleted if an employee removes their consent.


Our reputation is built on the security of your data. We therefore take extensive measures to ensure that your data remains protected, including:

  1. World-Class Providers - NoahFace has chosen to build our business and our platform on secure foundations. Our kiosks run exclusively on the Apple iPad, and our Dashboard and Data Storage is hosted in Amazon Web Services (AWS). We selected these providers because of their clear focus on privacy and data security.
  2. Data Encryption - NoahFace uses data encryption to protect your data while it is at rest in our iPad kiosks, while it is being transmitted, and while it is at rest in the Cloud.
  3. Automation - NoahFace can be configured to automatically delete data after any period, from 3 months to up to 7 years. And it even automatically disables logins that have not been used for an extended period.
  4. You are in Control - NoahFace gives you the flexibility to determine where your data is stored, how long it is retained, and who has access to it.

To learn more about NoahFace's commitment to security, see the Data Management and Protection white paper.

Terms of Use
Contact Us
© NoahFace 2018