top of page

Privacy Policy

This Privacy Policy (“Policy”) describes how Demystify Biometrics Intelligence Hub (“Company,” “we,” “our,” or “us”) collects, uses, discloses, transfers, and protects personal information in connection with the use of our platform and related services (collectively, the “Services”).
 
By accessing or using the Services, you acknowledge that you have read, understood, and consent to the practices described in this Policy.

Effective: November 1, 2025

Last Updated: October 31, 2025
Version: 1.2

Definitions

 

  • Personal Data” means any information relating to an identified or identifiable natural person.

  • Processing” means any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.

  • Controller” means the entity determining the purposes and means of processing Personal Data.

  • Processor” means the entity processing Personal Data on behalf of the Controller.

  • Applicable Law” includes data protection laws such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar regulations.

Data Controller
 
The Company acts as the data controller with respect to Personal Data collected through the Services. In some instances where we process Personal Data on behalf of a customer (e.g., enterprise subscriptions), we may act as a data processor in accordance with contractual agreements.

 Categories of Personal Data Collected

 

We collect and process the following categories of Personal Data:

​

Account Data

  • Full name

  • Email address (used for authentication and communication)

  • Company name and industry (for analytics, segmentation, and usage insights)

  • Encrypted password credentials

​

Payment Data

All payment information is processed through Wix as our third-party payment processor.

  • We do not store, access, or process credit card or banking details.

  • Wix maintains full PCI DSS compliance.

​

Technical and Usage Data

  • IP address, browser type, operating system, and device information

  • Login timestamps and usage frequency

  • Session and page interaction logs

  • Cookies and tracking data as described in Section 8

 

Optional Data (User-Provided)

  • Communication preferences

  • Voluntary feedback or form submissions (e.g., surveys, beta program participation)

Data Not Collected

​​

  • We do not collect biometric identifiers or biometric information (e.g., facial scans, fingerprints, voiceprints).

  • We do not sell or disclose Personal Data to third parties for marketing or advertising purposes.

  • Data shared externally is aggregate and anonymized, and cannot be used to identify an individual user.

Legal Basis for Processing

 

We process Personal Data under one or more of the following legal bases:

  • Performance of a Contract: To create and maintain user accounts, provide services, and manage subscriptions.

  • Legitimate Interests: To secure the platform, improve performance, and enhance user experience — including understanding industry-level usage trends.

  • Legal Obligations: To comply with applicable regulatory requirements and lawful requests.

  • Consent: When required by law (e.g., for optional communications or Request Demo sharing).

 

Users may withdraw consent at any time without affecting prior lawful processing.

Purposes of Processing

 

We process Personal Data for the following purposes:

 

  • Account registration, authentication, and access control

  • Subscription management and payment processing (via Wix)

  • Platform security and fraud prevention

  • Service delivery and functionality improvements

  • Industry analytics and usage segmentation to enhance product features and understand adoption trends

  • Compliance with legal obligations

  • Communication of service updates, policy changes, and customer support

Data Sharing and Disclosure

 

We value the privacy of our users and do not share Personal Data with third parties without explicit user consent, except as described in this Policy or as required by law.

 

We may share information under the following circumstances:

​

Service Providers and Sub-Processors

 

We engage trusted third parties (e.g., Wix for payments, analytics providers, hosting providers) who process data on our behalf under strict contractual confidentiality and security obligations. These providers may only use the data as necessary to perform their services for us.

​

Request Demo Feature (User Consent Required)

 

If a user voluntarily submits a Request Demo form, we will explicitly ask for their consent to share the following information with the selected algorithm vendor(s):

  • Full name

  • Email address

  • Company name

  • Industry

 

This information is shared only with the vendor(s) associated with the user’s request, and only for the purpose of enabling them to contact the user directly regarding product demonstrations or related information.

Users may withdraw this consent at any time by contacting us at the email address in Section 15.

​

Anonymized Analytics with Algorithm Vendors

 

We may share anonymized and aggregated usage data (e.g., industry-level adoption trends, usage volumes, platform engagement metrics) with algorithm vendors. This information does not include any personally identifiable information (PII) and cannot be used to identify an individual user.

 

Legal Requirements

 

We may disclose Personal Data where required to comply with lawful requests by public authorities, court orders, or legal obligations. Where legally permissible, we will notify the data subject prior to such disclosure.

​

Business Transfers

 

In the event of a merger, acquisition, or asset sale, Personal Data may be transferred subject to appropriate safeguards.

Cookies and Tracking Technologies

 

We use cookies and similar technologies for:

 

  • Authentication and secure login sessions

  • Storing user preferences

  • Measuring usage and performance for analytics

 

You may disable cookies through browser settings. Some functionality may be impacted as a result.

If third-party analytics cookies are used, they are configured to collect aggregated and anonymized data only.

International Data Transfers 

 

We are headquartered in the United States, and your Personal Data may be transferred to, stored in, or accessed from the United States or other jurisdictions where we or our service providers operate.

 

For users located in the European Economic Area (EEA), the United Kingdom (UK), or other jurisdictions with data transfer restrictions, we implement appropriate safeguards in accordance with Chapter V of the GDPR and applicable local laws to ensure your Personal Data remains protected.

 

These safeguards include:

  • Use of the European Commission’s Standard Contractual Clauses (SCCs) for transfers from the EEA.

  • Use of the UK International Data Transfer Addendum (IDTA) for transfers from the UK.

  • Additional technical and organizational measures, such as encryption in transit and at rest, strict access controls, and audit logging, to protect transferred data.

  • Contractual obligations ensuring that third-party service providers receiving data outside the EEA or UK maintain equivalent levels of protection.

 

You may request a copy of the relevant transfer mechanism or obtain further information on applicable safeguards by contacting us at the address listed in Section 15. We will respond to such requests in accordance with applicable law.

 

By consenting to this Privacy Policy, you acknowledge and agree that your Personal Data may be transferred to and stored in the United States. Where required by applicable law, we will seek your explicit consent before transferring Personal Data outside of your jurisdiction.

Data Retention

 

We retain Personal Data for as long as necessary to operate the Services and maintain business continuity. We do not currently distinguish between “active” and “inactive” accounts. Personal Data is retained indefinitely unless:

  • The user submits a deletion request, or

  • A contractual relationship with an enterprise customer ends.

 

In either case, all associated Personal Data will be deleted within thirty (30) calendar days of receipt of the request or contract termination, subject to any legal or regulatory retention obligations.

 

We may retain limited records where required by applicable law (e.g., tax or legal compliance). Once no longer required for legal or operational purposes, data is securely deleted or irreversibly anonymized.

Data Security

 

We implement reasonable technical and organizational security measures designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.

​

Our security measures include:

  • Encryption of passwords at rest and encryption of all data in transit using industry-standard protocols (e.g., TLS).

  • Role-based access controls to restrict data access to authorized personnel only.

  • Secure infrastructure, firewalls, and logging to detect and mitigate suspicious activity.

  • Regular security monitoring and system audits.

  • Breach notification procedures in compliance with applicable laws.

 

While certain data (such as passwords) is encrypted at rest, other user data is stored securely using access and network controls, but not encrypted at rest.

 

We continuously evaluate our security practices to maintain an appropriate level of protection in line with industry standards and legal requirements.

Data Subject Rights

 

Depending on your jurisdiction, you may have the right to:

 

  • Access: Obtain a copy of your Personal Data.

  • Rectification: Correct inaccurate or incomplete information.

  • Erasure: Request deletion of Personal Data, subject to legal exceptions.

  • Restriction: Limit processing under certain conditions.

  • Portability: Receive your data in a structured, machine-readable format.

  • Objection: Object to processing carried out on legitimate interests grounds.

  • Withdrawal of Consent: Where processing is based on consent.

 

Requests can be submitted to ashok@demystifybiometrics.com. We may require reasonable verification of identity. We will respond to requests within legally required timelines (typically 30 days).

Children’s Privacy 
 
Our Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from minors.

By using our Services and consenting to this Privacy Policy, you represent and warrant that you are at least 18 years of age (or the age of majority in your jurisdiction). This acts as a self-attestation of your eligibility to use the platform.
 
If we become aware that an account has been created by a minor in violation of this policy, we will promptly delete the associated Personal Data and terminate the account. If you believe a minor has provided us with Personal Data, please contact us at the email address in Section 15.

Policy Updates

 

We may modify or update this Policy periodically to reflect legal, technical, or operational changes. The updated version will be effective upon posting to the platform. In the event of material changes, we will provide advance notice through email or an in-platform notice.

Contact Information
 
For privacy inquiries, data subject requests, or questions regarding this Policy, contact us at:
 
📧 ashok@demystifybiometrics.com

bottom of page