Biometric Data Privacy Policy
Last updated: June 26, 2024
BitGo Holdings, Inc. and its subsidiaries and affiliates (“BitGo,” “we”, “our” or “us”) have instituted the following policy related to any biometric data that we collect. In addition to the information we have provided you in the BitGo Privacy Notice, we want to help you better understand how BitGo collects and treats biometric data. BitGo cares about the security of your personal information and seeks to protect you and us against fraud. BitGo and certain of our service providers use ID scanning and facial recognition technology to verify your identity and safeguard personal information as part of our security, compliance, and fraud prevention efforts. This notice more specifically describes our collection and use of biometric data.
Biometric Data Defined
As used in this policy, “biometric data” includes “biometric identifiers” and “biometric information” or as otherwise defined by applicable law. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.
“Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual by technical means.
Information Collected
When you consent to BitGo’s use of your biometric data, BitGo (or service providers, such as technology vendors, working on our behalf) collects face scan information—face geometry information and related information—necessary to accomplish the purposes stated in this policy, as disclosed at the time of collection, and/or in our Privacy Notice. Unless required by law, BitGo does not collect, use, store, or disclose your biometric data without your consent.
Purposes
We use your biometric data to verify or authenticate your identity, to detect and prevent fraud, in furtherance of compliance with applicable anti-money laundering and sanctions screening obligations, and to enable you to regain access to your account (account recovery). Subject to the storage and retention guidelines below, we store and use your biometric data for these purposes for the duration of your engagement with us or as otherwise permitted by law.
Collection of Biometric Data
By enabling use of your device’s camera or other identification technology for the purposes of biometric data collection, you are authorizing BitGo and/or our service providers to use your device technology, Internet connection, and any associated communications protocols to collect and share biometric data with BitGo. BitGo’s authorized service providers are under contract to collect such information on BitGo’s behalf.
Disclosure of Biometric Data
Unless otherwise required by law, your biometric data is accessible only to us and our service providers, which process your data to accomplish the purposes above. We do not share biometric data with any other third parties, unless required by law. We do not sell, lease, trade or otherwise profit from the biometric data. We may disclose your biometric data to our authorized service providers or other third parties if:
-
You or your legally authorized representative consent to the disclosure, for example, by continuing to verify identity using a camera prompt and a government-issued ID;
-
The disclosure completes a financial transaction requested or authorized by your organization, you, or your legally authorized representative;
-
The disclosure is required pursuant to a valid warrant, subpoena, or court order issued by a court of competent jurisdiction; or
-
The disclosure is required by law.
Retention and Storage
BitGo will collect, store, transmit, and protect your biometric data using a reasonable standard of care that is at least as protective as the way BitGo collects, stores, transmits, and protects other confidential and sensitive personal information.
Unless otherwise required by an order from a court of competent jurisdiction or applicable law, BitGo will retain biometric data for one year from the date of collection.
For any questions regarding this policy or other privacy matters at BitGo, please visit our Privacy Notice or email us at privacy@bitgo.com.