ZENTARIAS TECHNOLOGIES LLC

BIOMETRIC DATA COLLECTION & RETENTION POLICY

Last Updated
April 15, 2025
Document Version
1.0
Company
Zentarias Technologies LLC
Registered State
Florida, United States
Applicable Features
Facial Recognition / Identity Matching / Driver Verification
Legal Contact
legal@zentarias.com
This Biometric Data Collection & Retention Policy describes how Zentarias Technologies LLC collects, uses, stores, protects, and permanently destroys biometric data within its fleet management platform. It should be read in conjunction with the Zentarias Privacy Policy, the Biometric Services Addendum, and the Zentarias Terms of Service.
The collection and processing of biometric data is subject to strict legal requirements in multiple U.S. states. Customers who activate biometric features within the Zentarias platform bear independent legal obligations under applicable state and federal law. Please review the Biometric Services Addendum carefully before enabling these features.

POLICY SUMMARY AT A GLANCE

The following table provides a high-level summary of Zentarias's key commitments under this Policy. Full details are set forth in the sections that follow.

TopicZentarias's Commitment
What is Biometric Data?
Measurements of biological characteristics used to identify individuals (e.g., facial geometry, fingerprints, voiceprints, iris scans).
When may we hold it?
Only when a Customer activates a biometric feature within the platform and it is transmitted to Zentarias in the course of service delivery.
How do we protect it?
Secured using SOC 2 / ISO 27001 standards — the same standards applied to all sensitive personal data.
How long do we keep it?
Until the earlier of: (i) the original collection purpose is fulfilled; or (ii) one (1) year from the last interaction with the data subject.
When must we delete it?
Immediately upon satisfaction of the retention criteria above. No Biometric Data is kept beyond these limits except when required by law.
Do we collect without consent?
No. Where required by applicable law, written informed consent is obtained before any Biometric Data is collected.
Can law require retention?
Yes. Zentarias may suspend its standard deletion schedule to comply with a valid legal obligation such as a warrant, subpoena, or court order.

1. WHAT IS BIOMETRIC DATA?

Zentarias Technologies LLC ("Zentarias," "we," "our," or "us") may, from time to time and in connection with certain platform features activated by Customers, come into possession of data that constitutes "Biometric Data" — that is, data generated by the automatic measurement of an individual's biological or physiological characteristics, used to identify a specific individual.

Biometric Data may include, without limitation:

  • Scans or measurements of facial geometry or structure
  • Scans or measurements of hand geometry
  • Retina or iris scans
  • Fingerprints or fingerprint imagery
  • Voiceprints or voice-based identifiers

Biometric Data does not include photographs, written descriptions of physical appearance, or other data that does not involve the automated measurement or mapping of biological characteristics for the purpose of individual identification.

Zentarias does not proactively collect Biometric Data from individuals. Biometric Data may enter Zentarias's systems only when a Customer has activated a biometric-capable feature within the platform — such as driver identity verification or facial recognition — and Biometric Data is transmitted to Zentarias as part of delivering that feature.

2. SECURITY AND PROTECTION OF BIOMETRIC DATA

To the extent that Zentarias comes into possession of Biometric Data in connection with the delivery of its Services, Zentarias will apply security safeguards that are at least equivalent to — and, where applicable, more protective than — those applied to other categories of confidential and sensitive personal information within our systems.

Specifically, Biometric Data held by Zentarias will be protected in accordance with the following security frameworks and standards:

  • SOC 2 (Service Organization Control 2) — a widely recognized security and privacy framework developed by the AICPA, which establishes rigorous criteria for managing customer data based on trust service principles including security, availability, processing integrity, confidentiality, and privacy.
  • ISO 27001 — the internationally recognized standard for information security management systems (ISMS), which defines best practices for systematically managing sensitive data to minimize risk of unauthorized access, disclosure, or loss.

3. RETENTION PERIOD AND PERMANENT DELETION

Zentarias does not retain Biometric Data beyond what is strictly necessary for the purpose for which it was collected or obtained. All Biometric Data in Zentarias's possession will be permanently and irreversibly deleted by the earlier of the following two events:

#TriggerDescription
(i)
Purpose fulfilled
When the initial purpose for which the Biometric Data was collected or obtained has been fully satisfied — for example, when a driver identity verification session is complete and the data is no longer required to deliver the service.
(ii)
One-year maximum
Within one (1) year from the date of the last interaction between Zentarias and the individual from whom the Biometric Data was collected or obtained — whichever comes first relative to trigger (i) above.

Permanent deletion means the irreversible destruction of Biometric Data such that it cannot be recovered, reconstructed, or accessed by any party. Zentarias does not archive, anonymize, or otherwise retain Biometric Data in any form beyond the retention limits described above, except as provided in Section 4 below.

Customers who use the Biometric Services Addendum are required to notify Zentarias promptly when a Biometric User's employment is terminated or when the purpose for which their Biometric Data was collected has been fulfilled. Notification should be sent to legal@zentarias.com with the subject line: "Biometric User Offboarding – [Account Name]."

4. SUSPENSION OF DELETION FOR LEGAL COMPLIANCE

Zentarias's standard deletion schedule described in Section 3 may be suspended — in whole or in part, and solely to the extent strictly necessary — when Zentarias is subject to a binding legal obligation that requires the retention of Biometric Data beyond the standard retention period. Such legal obligations may include, without limitation:

  • A valid warrant issued by a court of competent jurisdiction
  • A lawfully served subpoena requiring the preservation or production of specific records
  • A court order or judicial directive requiring retention of data pending resolution of litigation or an investigation
  • Any other binding legal process or regulatory requirement that mandates the preservation of specific data

In such circumstances, Zentarias will retain the relevant Biometric Data only for the duration and to the extent required by the applicable legal obligation. Upon satisfaction or expiration of the legal hold, Zentarias will promptly resume its standard deletion practices with respect to the affected data.

Legal holds are rare and are applied only when Zentarias is legally compelled to retain data. They are not used to justify retention beyond what is legally required. Zentarias does not retain Biometric Data for commercial purposes beyond the limits of this Policy.

5. CONSENT REQUIREMENTS

Where required by applicable federal, state, or local law — including but not limited to the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq., and similar laws in other jurisdictions — Zentarias will obtain written informed consent from each individual before collecting or obtaining their Biometric Data.

Any consent obtained by Zentarias for the collection of Biometric Data will, at a minimum, specify the following:

  • The specific type or category of Biometric Data being collected (e.g., facial geometry scan, voiceprint)
  • The purpose or purposes for which the Biometric Data is being collected and will be used
  • The length of time for which the Biometric Data will be retained and used, consistent with this Policy
In most cases, it is the Customer — not Zentarias — who bears primary legal responsibility for obtaining informed consent from Biometric Users under applicable law. Customers who activate biometric features are required to comply with the Zentarias Biometric Services Addendum, which sets out detailed consent obligations. Please review that document carefully and consult with qualified legal counsel.

6. SCOPE AND APPLICABILITY OF THIS POLICY

This Policy applies to Biometric Data that comes into Zentarias's possession in connection with the delivery of the Zentarias fleet management platform and related services. It governs Zentarias's own handling of Biometric Data and does not substitute for or limit Customer's independent legal obligations under applicable Biometric Laws.

This Policy should be read together with the following Zentarias legal documents, all available at www.zentarias.com/legal:

  • Zentarias Privacy Policy — governing the collection, use, and disclosure of personal data generally
  • Biometric Services Addendum — governing Customer's specific obligations when activating biometric features
  • Zentarias Terms of Service — the master agreement governing the use of all Zentarias Services

Zentarias reserves the right to update or amend this Policy at any time to reflect changes in applicable law, industry standards, or our internal data management practices. Continued use of the Zentarias platform after an updated Policy is posted constitutes acceptance of the revised terms.

CONTACT INFORMATION

Legal & Privacy
legal@zentarias.com
General Support
soporte@zentarias.com
Mailing Address
3690 Inverrary Dr, Suite 3H, Lauderhill, FL 33319, United States

Zentarias Technologies LLC • legal@zentarias.com • www.zentarias.com • Version 1.0 — April 2026

This Policy is governed by the laws of the State of Florida, United States, and forms part of the Zentarias legal framework available at www.zentarias.com/legal.