Privacy Policy

Privacy Policy

Version: v1.0
Last Updated: November 12, 2025

1. Introduction

Welcome to FacePass, a smart attendance and safety system operated by TechKluster LLC (“FacePass,” “we,” “us,” or “our”).
FacePass uses AI to automate student check-ins and check-outs, providing real-time notifications and photo verification for parents.

This Privacy Policy explains how we collect, use, store, and protect your data — including personal and biometric information — and how you can exercise your rights under applicable data protection laws.

2. Data Controller

TechKluster LLC
30 N Gould St Ste R
Sheridan, WY 82801
United States of America
Email: privacy@getfacepass.app

3. Information We Collect

We collect only the information required to provide the FacePass service effectively and securely.

Data CategoryExamplesPurpose
Identity DataStudent name, class, school IDTo identify students in the school system
Biometric DataFacial embeddings (numerical vectors)To verify identity during check-in/out
Media DataCheck-in/out photosTo show parents visual confirmation of attendance
Parent DataParent name, phone number, emailTo send attendance notifications
School DataAdmin name, role, contact infoFor account management and reporting
Device & Usage DataDevice ID, OS, app logsFor performance monitoring and security

We do not collect sensitive personal information unrelated to the school environment.

4. How We Use the Data

Your information is used to:

  • Record and verify student attendance using AI-based facial recognition

  • Notify parents instantly when students check in or out

  • Generate attendance and activity reports for authorized school staff

  • Maintain account security, app reliability, and compliance with school policies

We never sell, rent, or use personal data for advertising.

5. Data Storage and Processing (Google Cloud)

All data is securely stored and processed on Google Cloud Platform (GCP) infrastructure:

  • Firebase Authentication – manages user access and security

  • Cloud Firestore – stores encrypted student, parent, and attendance data

  • Cloud Storage – stores check-in/out photos in encrypted buckets

  • Cloud Run – hosts backend AI and API services

Data centers: Located primarily in the United States, with redundancy and failover in other compliant regions as needed.
All services comply with GDPR, FERPA, ISO/IEC 27001, and SOC 2 Type II certifications.
You can learn more at Google Cloud Compliance.

6. Who Has Access to the Data

Access is restricted by role:

  • Parents: Only their own child’s attendance and photos

  • School Staff: Students within their assigned school or class

  • FacePass Team: Limited access for technical support under signed confidentiality agreements

No third-party advertisers, analytics vendors, or data brokers have access.

7. Data Retention Policy

Data TypeRetention Period
Face embeddingsStored during enrollment, deleted within 30 days of withdrawal or consent withdrawal
Check-in/out photosRetained for 30 days for parental viewing, then permanently deleted
Attendance recordsRetained for the duration of the school’s contract
Logs & diagnostics90 days for security and troubleshooting

All deletions are automatic and irreversible.

8. Data Rights and Requests

You can:

  • Access all personal and biometric data we hold

  • Request deletion or correction

  • Withdraw consent at any time

  • Export attendance and check-in records

Submit requests via our Data Request Portal or by emailing privacy@getfacepass.app.
We respond to verified requests within 30 days.

9. Security Measures

We employ enterprise-grade security controls:

  • AES-256 encryption for all stored data

  • TLS 1.3 for all network communications

  • Role-based access with multi-factor authentication

  • Regular penetration testing and vulnerability scans

  • Data segregation between schools and tenants

  • Continuous monitoring through Google Cloud’s Security Command Center

10. Third-Party Sharing

We only share information with:

  • Authorized school administrators

  • Cloud service providers (Google Cloud) under strict Data Processing Agreements

  • Legal authorities if required by law

We never share, sell, or use biometric or photo data for training AI models or advertising.

11. Legal Compliance

🇪🇺 GDPR (EU)

  • Legal basis: Explicit parental consent and legitimate educational interest

  • Rights: Access, correction, deletion, restriction, portability

  • Data subject contact: privacy@getfacepass.app

🇬🇧 UK GDPR / Protection of Freedoms Act

  • Written parental consent required before biometric enrollment

  • Non-biometric alternative available (manual check-in)

🇺🇸 COPPA

  • Verifiable parental consent obtained before collecting children’s data

  • Parents may review, delete, or revoke consent anytime

🇺🇸 FERPA

  • Attendance records are educational records under FERPA

  • Access limited to authorized parents and staff

🇺🇸 BIPA (Illinois)

  • Written consent prior to biometric collection

  • Public retention and destruction schedule available

  • No sale or disclosure of biometric data

🇺🇸 CCPA (California)

  • California residents may request access, deletion, or opt-out

  • FacePass does not sell personal data

12. International Data Transfers

If your data is processed outside your country, FacePass ensures:

  • Standard Contractual Clauses (SCCs) for EU/UK users

  • Transfers only to regions with equivalent data protection standards

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect new features or regulations.
When we do, we’ll update the “Last Updated” date and notify users in-app and via email if significant changes occur.

Change Log:

  • v1.0 (Nov 2025): Initial release for global launch

14. Contact Us

Data Protection Officer:
TechKluster LLC
30 N Gould St Ste R
Sheridan, WY 82801
United States of America
Email: privacy@getfacepass.app