Biometric Data Policy

1. Purpose and Scope

This Biometric Data Policy ("Policy") describes how Multistreamers ("we," "us," or "our") collects, uses, stores, retains, discloses, and destroys biometric identifiers and biometric information (collectively, "Biometric Data") in connection with our streaming platform at multistreamers.us (the "Service").

This Policy is provided to comply with applicable biometric data laws, including but not limited to the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington Biometric Identifier Law (RCW 19.375), the New York City Biometric Identifier Information Law, the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act, the Virginia Consumer Data Protection Act, the Connecticut Data Privacy Act, the Maryland Online Data Privacy Act, the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, the UK General Data Protection Regulation (UK GDPR), and the EU General Data Protection Regulation (GDPR).

2. Definitions

• Biometric Identifier: A retina or iris scan, fingerprint, voiceprint, faceprint, hand geometry scan, or any other unique biological pattern or characteristic used to identify an individual. Under certain state laws, this may also include gait, keystroke patterns, or other physiological or behavioral characteristics.
• Biometric Information: Any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual. This does not include writing samples, written signatures, photographs (when not used for facial recognition), demographic data, tattoo descriptions, physical descriptions, or information collected in a healthcare setting.

3. Types of Biometric Data We May Collect

In connection with the Service, we may collect the following types of Biometric Data:

• Faceprints: Geometric measurements of facial features derived from video streams for the purpose of stream quality analysis, face detection overlays, or camera framing assistance.
• Voiceprints: Characteristics of audio within streams for the purpose of audio level optimization, noise detection, and stream quality monitoring.
• Video Analytics: Body position, gesture, or movement data derived from video streams for the purpose of scene detection, stream quality metrics, or automated camera switching.

4. Purpose of Collection

We collect and use Biometric Data solely for the following purposes:

• Providing and improving stream quality analysis and optimization features
• Enabling automated scene detection and camera framing tools
• Monitoring audio quality and providing real-time feedback during streams
• Fraud prevention and account security verification
• Improving the accuracy and reliability of the Service

We do not use Biometric Data for advertising, marketing, or profiling purposes. We do not use Biometric Data to track individuals across third-party services or platforms.

5. Consent

Before collecting Biometric Data, we will:

• Inform you in writing that Biometric Data is being collected or stored
• Inform you of the specific purpose and duration for which it is being collected, stored, and used
• Obtain your written or electronic consent (or, where applicable, a legally authorized representative's consent)

You may withdraw your consent at any time by contacting us at [email protected] or by disabling the relevant features in your dashboard settings. Withdrawal of consent may limit the functionality available to you.

6. Disclosure

We will not sell, lease, trade, or otherwise profit from your Biometric Data. We will not disclose or disseminate your Biometric Data to any third party unless:

• You (or your legally authorized representative) consent to the disclosure
• Disclosure is required by federal, state, provincial, or local law, or municipal ordinance
• Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction
• Disclosure is made to a service provider who processes data on our behalf and is contractually bound to comply with this Policy and applicable laws

7. Storage and Protection

Biometric Data is stored using a level of security that is at least equal to the protections we apply to other confidential and sensitive information. Security measures include:

• AES-256 encryption at rest and TLS 1.3 encryption in transit
• Isolated container environments per user (no cross-tenant data access)
• Access controls limited to authorized personnel on a need-to-know basis
• Regular security audits and vulnerability assessments
• Multi-factor authentication for administrative access to systems containing Biometric Data
• Logging and monitoring of all access to Biometric Data stores

Biometric Data is processed and stored on servers located in the United States. For users in Canada, the UK, and the EU/EEA, please refer to the international transfer provisions in Sections 11, 12, and 13 of this Policy.

8. Retention and Destruction

We retain Biometric Data only for as long as necessary to fulfill the purposes described in this Policy, or as required by law. Specifically:

• Real-time stream analysis data (faceprints, voiceprints, scene detection) is processed in memory and not permanently stored unless you enable recording features
• If recording features are enabled, associated Biometric Data is retained for the same duration as the recording (up to 90 days after the stream, or until you delete the recording, whichever comes first)
• Upon account deletion, all Biometric Data is permanently destroyed within 30 days
• In all cases, Biometric Data is destroyed no later than three (3) years after your last interaction with the Service, or when the initial purpose for collection has been satisfied, whichever occurs first

Destruction is carried out using industry-standard methods appropriate to the storage medium, including secure deletion, cryptographic erasure, and physical destruction of media where applicable.

9. United States: State-Specific Rights

9.1 Illinois (BIPA, 740 ILCS 14)

Illinois residents have the right to: (a) be informed before collection of Biometric Data; (b) provide written consent; (c) know the purpose and retention schedule; (d) have Biometric Data permanently destroyed when the purpose is fulfilled or within 3 years of last interaction. We do not sell, lease, trade, or otherwise profit from Biometric Data. We do not disclose Biometric Data without consent except as required by law. You may bring a private right of action for violations.

9.2 Texas (CUBI, Tex. Bus. & Com. Code Ann. 503.001)

We will not capture a biometric identifier of a Texas resident for a commercial purpose without first informing the individual and receiving consent. We will not sell, lease, or disclose biometric identifiers unless consent is provided, disclosure completes a financial transaction authorized by the individual, or disclosure is required by law. Biometric identifiers are destroyed within a reasonable time, and no later than the first anniversary of the date the purpose for collecting them expires.

9.3 Washington (RCW 19.375)

We provide notice before enrolling a biometric identifier of a Washington resident. We will not sell, lease, or otherwise disclose biometric identifiers unless consent is provided or disclosure is required by law. We provide a mechanism for individuals to prevent the retention of their biometric identifiers.

9.4 New York City (Local Law 3 of 2021)

If we were to collect biometric identifier information in a commercial establishment in New York City, we would post clear and conspicuous signage informing customers, and we would not sell, share, or otherwise profit from such information.

9.5 California (CCPA/CPRA)

Biometric information is classified as "sensitive personal information" under the CPRA. California residents have the right to limit the use and disclosure of sensitive personal information. We process biometric information only as necessary to perform the Service. You may exercise your rights by contacting us.

9.6 Colorado, Virginia, Connecticut, Utah, Montana, Oregon, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, Tennessee, Indiana, Kentucky, Rhode Island

Residents of these states with applicable privacy or biometric data laws have rights that may include: obtaining consent before processing biometric data, providing the right to opt out, requiring data protection assessments, and providing deletion rights. We comply with all applicable state laws regarding biometric data processing. Contact us at [email protected] to exercise your rights.

10. Canada (PIPEDA and Provincial Laws)

Canadian users are protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws (such as Quebec's Law 25, Alberta's PIPA, and British Columbia's PIPA). Under these laws:

• We obtain meaningful consent before collecting biometric data
• Collection is limited to what is necessary for identified purposes
• You have the right to access your biometric data and request corrections
• You may withdraw consent, subject to legal or contractual restrictions
• Biometric data is retained only as long as necessary and then securely destroyed
• We maintain appropriate safeguards to protect biometric data against loss, theft, or unauthorized access
• You may file a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial commissioner

For Quebec residents: We conduct privacy impact assessments before implementing biometric data processing and maintain a biometric data inventory as required by Law 25.

11. United Kingdom (UK GDPR and DPA 2018)

Biometric data, when used for the purpose of uniquely identifying an individual, is classified as "special category data" under the UK GDPR and the Data Protection Act 2018. For UK residents:

• We process biometric data only with your explicit consent or where another lawful basis under Article 9 of the UK GDPR applies
• We conduct Data Protection Impact Assessments (DPIAs) before processing biometric data
• You have the right to access, rectify, erase, restrict processing, port, and object to processing of your biometric data
• You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal
• International transfers of biometric data are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs)
• You may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

12. European Economic Area (EU GDPR)

For residents of the EEA, biometric data processing is subject to the same protections described in Section 11. Our lawful basis for processing biometric data is explicit consent under Article 9(2)(a) of the GDPR. Transfers of biometric data outside the EEA are governed by Standard Contractual Clauses adopted by the European Commission. You may lodge a complaint with your national data protection authority.

13. Australia (Privacy Act 1988)

Australian residents are protected under the Privacy Act 1988 and the Australian Privacy Principles (APPs). We collect biometric data only where it is reasonably necessary for our functions, with your consent, and in compliance with APP 3 (collection) and APP 11 (security). You may access your biometric data and request corrections under APP 12 and APP 13. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC).

14. Data Breach Notification

In the event of a data breach involving Biometric Data, we will:

• Notify affected individuals as required by applicable law (within 72 hours under UK/EU GDPR, without unreasonable delay under US state laws, and as soon as practicable under PIPEDA)
• Notify the relevant supervisory authorities as required
• Take immediate steps to contain the breach and prevent further unauthorized access
• Document the breach and our response measures

15. Your Rights Summary

16. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by posting the revised Policy on this page and updating the "Last updated" date. Where required by law, we will obtain your consent to material changes before they take effect.

17. Contact Us

If you have questions about this Biometric Data Policy, wish to exercise any of your rights, or need to file a complaint, contact us at:
[email protected]

For UK/EU data protection inquiries, you may also contact our data protection point of contact at the same email address.