Skip to content
Contact Us
    Contact Us

      The Alcatraz Rock Biometric Privacy Policy

      If you’re reading this, it’s likely because your employer, school, bank, airport, or another organization is using Alcatraz’s Rock, Rock X, and/or the Alcatraz Platform (the “Rock”).The Rock is an all-in-one device that combines facial biometrics, AI, and machine learning for greater security and less friction. Prevent unauthorized access, detect tailgaters, increase efficiency, and comply with privacy laws such as BIPA, CCPA, and GDPR. At Alcatraz, we take pride in protecting your privacy—“Privacy at Alcatraz is Rock Solid.

      Our biometric approach uses a Facial Signature—a one-way encrypted mathematical code derived from facial geometry—not a photograph. While this design ensures the Facial Signature cannot independently identify a person, and recent case law (such as Zellmer v. Meta Platforms, Inc.) suggests such signatures may not constitute biometric identifiers under certain statutes, That said, interpreting the law broadly and erring on the side of caution, we treat Facial Signatures as biometric data. Our policy below explains how we treat them with the same rigor and safeguards required for traditional biometrics under laws like BIPA, CCPA/CPRA, GDPR, and CUBI.

      This policy explains:

      • What Biometric Data we process (and what we don’t)
      • How consent is obtained and enforced before enrollment
      • How and where Facial Signatures are stored
      • Retention limits and deletion procedures
      • Security measures to protect your data
      • How your rights are respected under applicable Data Laws

      1. Key Terms and Their Meanings

      Term

      Means

      Alcatraz, our, us, we

      Alcatraz AI, Inc., a Delaware corporation headquartered in Cupertino, California.

      Alcatraz Rock System

      Our all-in-one device that combines facial biometrics, AI, and machine learning for secure, frictionless access control, deployed either on-premise or in the cloud.

      Access Control System (ACS)

      A security system that determines who can enter restricted areas using methods like keycards, biometric data, or PIN codes.

      Access Point

      A specific location, like a door or turnstile, where a user undergoes facial authentication using Rock hardware integrated with an ACS.

      Authentication

      The process of confirming a person’s identity. The Rock performs this via 1:1 biometric verification — comparing a live scan against a single stored Facial Signature to answer, “Are you who you claim to be?”

      Biometric Data

      Unique physical characteristics, such as facial features, used to verify identity. In the Rock, this is converted into a one-way encrypted Facial Signature.

      Cloud

      The Alcatraz architecture when hosted and managed in the cloud by Alcatraz as a subscription service.

      Customer Agreement

      The contract between Alcatraz (or its channel partners) and the Solution Owner.

      Data Controller

      The Solution Owner (e.g., your employer) who decides how and why your Biometric Data is processed and ensures compliance with applicable laws.

      Data Processor

      Alcatraz, which processes Biometric Data on behalf of the Data Controller.

      EEA

      European Economic Area, which includes the EU countries plus Norway, Iceland, and Liechtenstein.

      Facial Signature

      A one-way encrypted mathematical representation of your facial features, generated at enrollment and stored securely for authentication.

      GDPR

      General Data Protection Regulation — the European Union’s primary data privacy law.

      On-Premise or On-Prem

      Deployment in which the Rock runs on infrastructure physically controlled by the Solution Owner.

      Personally Identifiable Information (PII)

      Information that can identify you, such as your name, email address, badge number, or phone number.

      Processing

      Any operation performed on personal or biometric data, including collection, storage, use, and deletion.

      Rock

      The Alcatraz hardware, software, SDK, and any associated documentation or updates.

      Solution Owner

      The organization that licenses the Rock and acts as the Data Controller for all associated data.

      Solution Owner Administrator

      An individual authorized by the Solution Owner to configure, manage, and maintain the Rock system.

      System End User

      The individual whose Biometric Data is processed by the Rock.

      You or your

      The System End User whose Biometric Data is collected and processed.


      2. How the Rock Authenticates You

      The Rock authenticates identity through 1:1 biometric verification — also known as “verification” matching. This means your face is never searched against a large database of unknown individuals (1:N identification). Instead, the Rock answers one simple question:

      “Are you who you claim to be?”

      2.1 Enrollment (Opt-In Only)

      Before any authentication can occur, you must be enrolled in the Rock system. Enrollment is always opt-in and requires explicit consent confirmed by the Solution Owner (your employer or building operator). The Rock cannot capture or store a Facial Signature without this confirmation.

      Here’s how enrollment works:

      1. Consent First – You agree to be enrolled through your Solution Owner’s process (e.g., onboarding, visitor registration, or a consent form).
      2. Scan & Convert – The Rock captures a live scan of your face and instantly converts it into a Facial Signature — a one-way encrypted mathematical representation of your facial geometry.
      3. Delete the Photo – The original image is deleted immediately and never stored.
      4. Link to Badge Number – The Facial Signature is linked only to an anonymized badge number in the ACS, not to your name, email, or photo.

      If you do not enroll, the Rock will not recognize you, and you will need to use an alternate access method such as a badge or PIN.

      2.2 Authentication (1:1 Verification)

      Once enrolled, authentication happens in real time at the access point:

      1. Live Scan – The Rock captures your facial features when you approach.
      2. Local Match – Your live scan is compared only against your own stored Facial Signature on that Rock device or in the Solution Owner’s secure ACS database — never against other people.
      3. Liveness Check – The system confirms that the scan is of a real, live person, not a photo or video.
      4. Grant or Deny Access – If the live scan matches your stored Facial Signature, the Rock sends a “grant” signal to the ACS to unlock the door. If not, access is denied.

      The Rock does not:

      • Search for matches among all users in the system
      • Mine or search public images
      • Operate in surveillance mode
      • Track movement outside of ACS event logs

      2.3 Why 1:1 Verification Matters for Privacy

      Most privacy risks associated with facial recognition come from identification systems (1:N), which attempt to match a face against a broad database of people, often without their consent. This enables surveillance, tracking, and profiling.By contrast, the Rock’s 1:1 design means:

      • Your data is used only to confirm your identity for access control
      • No one else’s data is searched when you authenticate
      • There’s no capability to turn the Rock into a general-purpose surveillance tool
      • Cross-system use of Facial Signatures is technically impossible

      3. Consent. How It’s Obtained and Technically Enforced

      3.1 Consent is Always Required

      Enrollment into the Rock system is always opt-in and requires affirmative, explicit consent. The Rock's technical architecture prevents enrollment or creation of any Facial Signature without documented explicit permission and proper notice as required by California law (CCPA/CPRA), Illinois law (BIPA), and other applicable privacy regulations. There is no "silent" or automatic enrollment. Prior to collection, you will receive clear notice of the specific purpose and duration of use of your biometric data, and consent must be confirmed before any biometric data is captured or processed.

      3.2 Role of the Solution Owner

      The Solution Owner (your employer, building operator, or other controlling organization) is responsible for confirming your consent before enrollment. This confirmation may occur through:

      • Onboarding processes for employees or contractors
      • Visitor registration systems
      • Electronic consent forms (including DocuSign or similar platforms)

      The Rock will not proceed with enrollment until it receives an explicit “go” signal from the Solution Owner’s integrated system.

      3.3 Technical Safeguards

      Consent is not only a policy — it is built into the system’s architecture:

      • ACS Integration – The Rock integrates with the Solution Owner’s Access Control System (ACS) so that enrollment cannot begin unless consent is flagged as “approved.”
      • Consent Modules – If the Solution Owner uses the Alcatraz consent module, the enrollment process will present a clear and conspicuous consent form before any biometric data is captured.
      • No Self-Enrollment – Individuals cannot bypass consent by self-enrolling. Only the Solution Owner’s authorized administrator can approve enrollment.

      3.4 Withdrawing Consent

      You may withdraw your consent at any time by notifying the Solution Owner. Once withdrawn:

      • Your Facial Signature will be deleted from the Rock system and related storage.
      • You will no longer be recognized by the Rock.
      • You will need to use an alternative access method, such as a badge or PIN.

      3.5 Alternative Access Methods

      The Solution Owner must provide alternate means of access for anyone who does not enroll or who withdraws consent. This ensures that access to facilities or services is not conditioned on providing biometric data.

      3.6 Compliance with Privacy Laws

      This consent process is designed to meet or exceed the requirements of applicable biometric privacy laws, including:

      • Illinois BIPA – Requires written, informed consent before collecting biometric identifiers or information.
      • Texas CUBI – Requires consent before capturing biometric identifiers and limits retention.
      • California CPRA/CCPA – Requires notice, purpose limitation, and the right to opt out of certain uses.
      • EU GDPR – Treats biometric data as a special category requiring explicit consent and lawful processing.

      4. Data Collection, Storage, and Retention

      4.1 What the Rock Collects

      When you enroll, the Rock captures a live facial scan for the sole purpose of creating a Facial Signature. A Facial Signature is a one-way encrypted mathematical representation of your facial geometry — not a photograph.

      • No photos are stored: The image captured during enrollment is automatically deleted after the Facial Signature is created.
      • No personal details are stored with your Facial Signature: It is paired only with an anonymous badge number provided by the Access Control System (ACS).
      • No continuous scanning: The Rock only scans when you present yourself at an access point and is not capable of “surveillance mode.”
      • No cookies or tracking: The Rock does not use cookies, web beacons, or any other tracking technologies to monitor user behavior.

      4.2 Where Data Is Stored

      • On the Rock Device: Facial Signatures are stored in encrypted form on the Rock itself.
      • In the Solution Owner’s System: Depending on configuration, Facial Signatures may also be stored within the Solution Owner’s secure servers or ACS database.
      • No Alcatraz Copy: Alcatraz does not keep a master database of Facial Signatures. We cannot access, sell, or repurpose your biometric data.

      4.3 How Data Is Protected

      • At Rest: Facial Signatures stored on the Rock or within the Solution Owner’s systems are encrypted using AES-256 — the industry standard for sensitive data protection.
      • In Transit: Any biometric data transmitted between the Rock and authorized systems uses TLS 1.2 or higher.
      • Access Controls: Only authorized Solution Owner administrators, operating under role-based access, can manage enrollment or deletion.
      • No Identity Linkage: In the Alcatraz system, biometric data is never stored alongside names, photos, or other identifiers. Any linkage exists only in the Solution Owner’s ACS.

      4.4 Retention Limits

      Facial Signatures are retained only as long as necessary for the purpose of providing access control, and never longer than: (1) the retention period set by the Solution Owner’s policy, (2) the period required by applicable law, or (3) three years from the last interaction with the System End User, whichever is shortest. We follow strict data minimization principles and require Solution Owners to delete biometric data promptly when the purpose for collection has been satisfied or when required by applicable law, whichever comes first.

      • Illinois (BIPA) – Must destroy when the purpose for collection is satisfied or within 3 years of last interaction, whichever comes first.
      • Texas (CUBI) – Must destroy within a reasonable time, no later than 1 year after the purpose ends.
      • Washington – Must disclose duration of use and follow it.
      • California (CPRA) – Must follow data minimization and purpose limitation rules.
      • GDPR – Must delete once data is no longer necessary for the purpose collected.

      4.5 Auditing and Deletion

      • Withdrawal of Consent – When you withdraw consent or leave the organization, the Solution Owner must delete your Facial Signature.
      • Automated or Manual Deletion – The Rock supports both on-demand deletion and automatic purging in line with the Solution Owner’s retention schedule.
      • Audit Trails – The Rock’s admin interface logs the date and time of last use for each Facial Signature to support compliance audits.

      5. Consent is Required

      5.1 Overview

      Enrollment into the Rock is always opt-in and cannot occur without the System End User’s explicit consent. The Rock is designed so that consent is not just a policy requirement — it is enforced through technical controls that prevent biometric data from being collected or used without authorization.

      5.2 No Consent, No Enrollment

      The Rock cannot capture or create a Facial Signature unless the Solution Owner (your employer or building operator) has confirmed that you have given informed, explicit consent. There is no “silent” enrollment, no automatic capture, and no background scanning. If you do not agree to enroll, the process stops, and the Rock will not recognize you.

      5.3 Who Collects Consent

      Consent is collected and managed entirely by the Solution Owner — not by Alcatraz. The Solution Owner is responsible for providing notice, explaining the purpose, and obtaining your agreement. This may occur during onboarding, visitor registration, or another documented workflow.

      5.4 Technical Safeguards to Enforce Consent

      The Rock and its Access Control System (ACS) integration includes multiple safeguards to ensure consent is confirmed before enrollment can begin:

      • ACS-Gated Enrollment – Enrollment is blocked until the Solution Owner’s ACS confirms that consent has been granted.
      • No Bypass Possible – Individuals cannot self-enroll, and administrators cannot bypass the ACS consent gate.
      • Optional Consent Module – If enabled, Alcatraz’s consent module presents a written consent form (e.g., via DocuSign) that must be completed before any biometric data is captured.

      5.5 What You Are Consenting To

      When you consent, you agree to:

      • Have your face scanned for the sole purpose of creating a Facial Signature.
      • Have that Facial Signature stored in encrypted form and linked only to your anonymous badge number in the ACS.
      • Allow the system to use that Facial Signature exclusively for authentication at designated access points.

      Unless otherwise specified by the Solution Owners, you are not consenting to photography, surveillance, behavioral analysis, or the sharing of your biometric data outside your Solution Owner’s system.

      5.6 Withdrawal of Consent

      You may withdraw your consent at any time. When you do:

      • Your Facial Signature is deleted from the Rock and any connected systems.
      • You will no longer be recognized by the device.
      • The Solution Owner must provide you with an alternative access method (e.g., badge or PIN).

      To withdraw consent, you must contact the Solution Owner. If you contact Alcatraz, we will refer you to your Solution Owner, as we have no way to identify you to delete your Facial Signature (that is on purpose).

      5.7 Compliance With Privacy Laws

      This consent process is designed to meet or exceed requirements under:

      • BIPA (Illinois) – Written informed consent before collection; destruction when purpose is fulfilled or within 3 years.
      • CUBI (Texas) – Consent before collection; destruction within 1 year after purpose ends.
      • GDPR (EU/EEA) – Freely given, specific, informed, unambiguous consent before processing special category data.
      • CPRA (California) – Explicit consent before processing sensitive personal information; purpose limitation and data minimization rules.

      The Rock’s technical design ensures that enrollment cannot occur without proper consent, protecting both System End Users and Solution Owners from unlawful biometric data collection.

      6. Data Sharing and Cross-System Use

      6.1 No Cross-System Use

      Alcatraz’s Rock platform—including all versions of the Rock device, Rock X, and associated software—is architected with a strict “One System. One Purpose.” principle. This means each Facial Signature is cryptographically bound to a single Solution Owner’s deployment and cannot be used elsewhere.

      • No Exporting or Importing: Facial Signatures are technically restricted from being exported from one deployment or imported into another. This ensures that your biometric data remains within the boundaries of the organization where you enrolled.
      • No Sharing Across Entities: Biometric templates cannot be shared, copied, or merged between different customers, sites, or environments. Each deployment is siloed, preventing cross-organization use.
      • No Centralized Database: Alcatraz does not maintain a master or centralized repository of Facial Signatures. All biometric data is stored in encrypted form within the Solution Owner’s environment, not on Alcatraz’s servers, eliminating the risk of large-scale correlation or misuse.

      6.2 Why This Matters

      Many other biometric systems are designed to allow cross-system use, meaning the same biometric template could be stored in multiple databases, matched against broader collections, or shared with third parties. This introduces significant privacy and security risks, including:

      • Mass Surveillance: Centralized or interoperable databases can be misused to track individuals across multiple locations, enabling surveillance beyond the original intent.
      • Data Breach Impact: If one system is compromised, attackers could potentially use stolen biometric templates in other systems, amplifying the risk.
      • Purpose Creep: Data collected for secure access could later be repurposed for unrelated uses, such as marketing, profiling, or investigative searches, without your knowledge or consent.

      By eliminating cross-system capability at the architectural level, Alcatraz ensures that even if a Solution Owner wanted to use Facial Signatures for unrelated purposes, it would not be technically possible without re-enrollment and new, explicit consent.

      6.3 Compliance Alignment

      This design directly supports compliance with strict privacy laws that limit or prohibit secondary use of biometric data without explicit, informed consent:

      • Illinois BIPA: Prohibits disclosure or reuse of biometric identifiers without new written consent (740 ILCS 14/15(d)).
      • Texas CUBI: Restricts use to the purpose originally consented to (Tex. Bus. & Com. Code § 503.001).
      • California CPRA: Requires data minimization and prohibits using sensitive personal data for undisclosed or incompatible purposes.
      • GDPR: Mandates purpose limitation and prohibits processing for purposes incompatible with the original intent unless new consent is obtained.

      6.4 Third-Party Disclosures

      • No Sale or Sharing by Alcatraz: Facial Signatures are never sold, licensed, or shared with third parties by Alcatraz. The company’s privacy-first approach ensures that biometric data remains under the exclusive control of the Solution Owner.
      • Solution Owner-Controlled: Only the Solution Owner (such as your employer or building operator) can decide to share data, and only in accordance with applicable law and their own privacy policies.
      • Law Enforcement Requests: Alcatraz cannot comply with requests for individual access history (e.g., “John Doe’s” door entry records) because it does not store names or personal identifiers alongside biometric templates. Any such requests must be directed to the Solution Owner and will only be honored if legally required.

      6.5 Technical Safeguards

      • Encryption and Segregation: All digital facial templates are encrypted using AES-256 for data at rest and TLS 1.2/1.3 for data in transit, meeting or exceeding the reasonable security measures required by BIPA, CPRA, and other applicable privacy laws. The system maintains complete segregation between ACS data and Alcatraz system data through technical and organizational measures, ensuring that personal data remains within the Solution Owner’s own systems. Regular security assessments are conducted to verify the effectiveness of these protections.
      • No Interoperability: The Rock’s architecture prevents interoperability between deployments, further safeguarding against unauthorized sharing or use.

      Alcatraz’s Rock platform is intentionally designed to prevent cross-system use, sharing, or centralization of biometric data. This approach not only protects user privacy and limits the impact of potential breaches but also ensures compliance with the world’s strictest biometric privacy laws. The Rock platform does not use cookies or any other tracking technologies. All data remains under the control of the Solution Owner, with robust technical and policy safeguards to prevent unauthorized disclosure or secondary use.

      7. Rights to Biometric Data

      Your rights over your Biometric Data depend on where you live and the privacy laws that apply to you. This section explains those rights and how to exercise them.

      Important: Alcatraz is the Data Processor. We process Biometric Data only under the instructions of the Data Controller — your Solution Owner (employer, building operator, or other organization that manages your access). This means Alcatraz does not have the authority or ability to directly fulfill requests to access, delete, correct, or withdraw consent for your Biometric Data (in part because we have no ability to find you). Those requests must be made to your Solution Owner. However, if your Solution Owner fails to respond to your request within the timeframe required by applicable law (which may vary by jurisdiction), you can contact us at privacy@alcatraz.com for assistance, appeals, or help in identifying the correct Solution Owner contact.

      7.1 Rights Depending on Location

      Depending on your jurisdiction, you may have the right to:

      • Request to know more about and access your Personal Information (including Biometric Data).
      • Ask for deletion of your Biometric Data.
      • Request correction of inaccurate information (by deletion and re-enrollment).
      • Object to certain processing of your Biometric Data.
      • Withdraw your consent where processing is based on that consent.
      • Ask us to restrict certain processing.

      7.1.1 The Right to Know

      You may have the right to obtain confirmation as to whether your Biometric Data is being processed, and to receive details including:

      • The categories and sources of Biometric Data collected.
      • The purposes for collection and processing.
      • Categories of recipients, including any transfers to other countries.
      • Retention periods or criteria used to determine them.
      • Whether automated decision-making (including profiling) is used, and meaningful information about its logic and consequences.

      Alcatraz will never sell your Biometric Data or share it for cross-context behavioral advertising.

      7.1.2 The Right to Access & Portability

      You may have the right to request a copy of your Biometric Data. However, Digital Profiles (Facial Signatures) are proprietary, encrypted templates tied only to the Alcatraz Rock system. They cannot be exported for use in other systems.

      7.1.3 The Right to Correction

      Due to the nature of biometric templates, they cannot be “corrected.” If your Facial Signature is inaccurate or no longer works, you can request deletion and re-enrollment through your System Owner.

      7.1.4 The Right to Deletion

      You can request deletion of your Biometric Data at any time, subject to legal retention requirements. Deletion requests must be made to your Solution Owner. When consent is withdrawn or the retention period expires (as required by applicable law and regulations, including but not limited to BIPA and CUBI requirements), your Facial Signature will be permanently erased using secure deletion methods that meet NIST standards for data sanitization.

      7.1.5 The Right to Non-Discrimination

      You will not receive retaliatory or discriminatory treatment for exercising your privacy rights.

      7.1.6 The Right to Withdraw Consent

      You can withdraw your consent at any time. Withdrawal stops all further processing, and your Facial Signature will be deleted. Contact your System Owner to withdraw consent.

      7.1.7 The Right to Object

      You may object to processing that is not based on legal obligations or compelling legitimate interests. If you object, the processing will stop unless legally required to continue.

      7.1.8 The Right to Restrict Processing

      You may request that processing of your Biometric Data be limited in certain cases, such as when an objection is under review.

      7.1.9 The Right to Submit a Complaint and Make Appeals

      You can submit complaints directly to your data protection authority (see links in the Jurisdiction-Specific Notices section) or to privacy@alcatraz.com for escalation and appeals.

      7.1.10 Authorized Agents

      If allowed by law, you may appoint an authorized agent to make rights requests on your behalf. Proof of authorization (such as a power of attorney) is required.

      7.2 Exercising Your Rights

      All rights requests must first be directed to your System Owner. Only your System Owner has access to and control over your Biometric Data.

      7.3 Contacting Us

      If you have questions about this section or need help identifying your System Owner, contact us at privacy@alcatraz.com and legal@alcatraz.ai.