Skip to content

Biometric Data Retention & Destruction Policy

Last updated June 25, 2026

This Biometric Data Retention and Destruction Policy (this "Policy") describes how JobWise Ventures, Inc., doing business as Veras ("Company," "we," "us," or "our"), retains and permanently destroys biometric identifiers and biometric information collected through the Veras platform. We publish this Policy in accordance with the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (the "Act" or "BIPA"), and apply it to all individuals from whom we collect biometric data, regardless of location.

The full text of BIPA is available at www.ilga.gov/Legislation/ILCS/Articles?ActID=3004&ChapterID=57.

This Policy supplements our Privacy Policy. For workforce members located in Illinois, see Section 12 of the Privacy Policy for additional BIPA disclosures.

1. Scope and Veras's Role

Where an employer customer enables biometric time and attendance features, Veras collects and processes biometric data on that employer's behalf and at their direction. In that capacity, Veras acts as a service provider (or processor) and the employer customer is the controller of the biometric data. The employer customer is responsible for providing the BIPA disclosures and obtaining the informed, written consent required by Section 15(b) of the Act before any biometric data is collected. This Policy is the publicly available, written retention and destruction policy required by Section 15(a) of the Act.

2. Biometric Data We Collect

For purposes of this Policy, "Biometric Data" means biometric identifiers and biometric information as defined by BIPA. Depending on the modality an employer enables, Veras may collect, store, and use:

  • A fingerprint template — a mathematical representation derived from a fingerprint scan
  • A facial-geometry template and a reference photo — derived from a scan of facial geometry

Veras does not retain raw fingerprint or facial images beyond what is described above. Where a reference photo is stored, it is stored solely to support facial-recognition matching.

3. Purpose of Collection

Biometric Data is collected and used solely to verify a workforce member's identity for timekeeping — that is, to authenticate clock-in and clock-out events on the time clock. Biometric Data is not used for any other purpose.

4. Retention Period

Veras retains Biometric Data only as long as necessary for the purpose described above. In accordance with Section 15(a) of BIPA, Veras permanently destroys an individual's Biometric Data when the first of the following events occurs:

  1. The initial purpose for collection has been satisfied. This is deemed to occur when the individual's employment relationship ends or their use of biometric timekeeping otherwise concludes — specifically, when the worker has been archived, or their employee record has been deactivated, for more than 30 days. The 30-day window allows an accidental archive or deactivation to be reversed without forcing the individual to re-enroll, and is not an extension of the retention period for any active purpose; or
  2. Three (3) years have elapsed since the individual's last interaction with the Services. "Last interaction" means the individual's most recent timekeeping event. For an individual who enrolled but never recorded a timekeeping event, the three-year period runs from the date of enrollment.

Whichever of these occurs first determines the destruction date. In all cases, Biometric Data is destroyed no later than three (3) years after the individual's last interaction with the Services, or as otherwise required by applicable law if a shorter period applies.

5. Method of Destruction

When Biometric Data reaches the end of its retention period, Veras permanently destroys it through an automated process that runs on a recurring (daily) basis. Destruction includes:

  • Deleting any stored reference photo from our object storage
  • Deleting the stored fingerprint template and its associated encryption material
  • Deleting the stored facial-geometry template and reference photo references

Once destroyed, the Biometric Data cannot be recovered, and the individual would need to re-enroll to use biometric timekeeping again.

6. Data Security

Veras stores, transmits, and protects Biometric Data using reasonable security measures — including encryption — that are at least as protective as the measures Veras uses to store, transmit, and protect other confidential and sensitive information. Access to Biometric Data is restricted through role-based access controls.

7. No Sale or Profit; Limited Disclosure

Veras does not sell, lease, trade, or otherwise profit from Biometric Data. Veras does not disclose, redisclose, or otherwise disseminate Biometric Data except:

  • To the employer customer on whose behalf the data is collected, or as that employer directs;
  • With the individual's consent;
  • To complete a financial transaction the individual requested or authorized; or
  • As required by applicable law, or pursuant to a valid warrant or subpoena.

8. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be indicated by an updated "Last updated" date at the top of this page. The retention period described in Section 4 will remain consistent with the disclosures and consent obtained from individuals at the time of collection.

9. How to Contact Us

If you have questions about this Policy or about how your Biometric Data is handled, please contact us:

Email: [email protected]

Mail:

JobWise Ventures, Inc. (DBA Veras)
Attn: Privacy
3401 N Thanksgiving Way, Suite 250
Lehi, UT 84043
United States

Phone: (385) 304-4470

Workforce members: if your employer enabled biometric timekeeping, your employer is the controller of your Biometric Data. Please direct requests to your employer, who can coordinate with Veras as needed.