SocialSight Biometric Information Privacy Policy

Effective Date: March 2, 2026 · Last Updated: March 2, 2026

1. Introduction

We care about your privacy and the security of your Biometric Information. This SocialSight Biometric Information Privacy Policy (the “Biometric Policy”) defines the rights you grant SocialSight Inc. (“SocialSight,” “we,” “our,” or “us”) regarding your Biometric Information, clearly describes how we collect, retain, use, disclose, and protect your Biometric Information, and outlines the tools you have to exercise control over your Biometric Information.

This Biometric Policy, together with SocialSight’s Privacy Policy, Terms of Use, and any other agreement between you and SocialSight related to the Services (collectively, the “Agreements”), sets forth the terms on which SocialSight provides the Services to you. Capitalized terms used in this Biometric Policy are defined in this policy, our Privacy Policy, or our Terms of Use.

Important: By using the Services and uploading User Content containing Biometric Information, you acknowledge and consent to the collection, use, and disclosure of your Biometric Information as described in this Biometric Policy and our Privacy Policy, subject to the rights and protections outlined below.

We do NOT sell, lease, trade, or otherwise profit from your Biometric Information. We process Biometric Information contained in your User Content solely to provide the AI generation, editing, and enhancement services you request.

2. Key Definitions

Biometric Information

“Biometric Information” refers to data that depicts or describes physical, biological, or behavioral traits, characteristics, or measurements of or relating to an identified or identifiable person. Biometric Information includes, but is not limited to:

Depictions, images, descriptions, or recordings of an individual’s facial features, iris or retina, finger or handprints, voice, genetics, or characteristic movements or gestures (e.g., gait or typing pattern)
Data derived from such depictions, images, descriptions, or recordings, to the extent that it would be reasonably possible to identify the person from whose information the data had been derived
Facial recognition templates, embeddings, faceprints, or other data that encode measurements or characteristics of a face
Voiceprints or voice recognition data
Any scans, templates, or measurements of biological characteristics that can be used to identify an individual

Example:Both a photograph of a person’s face and a facial recognition template, embedding, or faceprint derived from that photograph constitute Biometric Information.

There are different definitions for biometric information or biometric data under different state and international laws. Within this Biometric Policy we generally adopt the Federal Trade Commission’s (“FTC”) 2023 Policy Statement definition of biometric information and Section 5 of the FTC Act, which provides broad protection for consumers. For state-specific definitions, please see our Privacy Policy Section 20 (Regional Privacy Disclosures Notice).

User Content

“User Content” refers to all content that you upload, create, generate, or otherwise provide through the Services, including:

Uploaded Content: Images, videos, audio files, and other media files you upload to the platform
Generated Content: AI-generated images, videos, and other outputs created using our AI tools based on your inputs and prompts
Prompts and Instructions: Text prompts, editing instructions, and other input data you provide to generate or edit content
Edits and Modifications: Any edits, modifications, or derivative works you create using our Services

User Content may contain Biometric Information if it depicts individuals.

Services

“Services” refers to the SocialSight website located at socialsight.ai (the “Site”), mobile application (the “App”), and related AI creative tools and services that allow you to generate, edit, and enhance images and videos using artificial intelligence.

3. Biometric Information Collected and Purpose

A. What Biometric Information We Collect

Our Services include AI-powered content generation, editing, and enhancement tools that may involve processing your Biometric Information. When you voluntarily upload User Content containing images or videos of people, that content may contain Biometric Information such as facial features, facial geometry, or other biometric characteristics.

We collect Biometric Information only when:

You voluntarily upload photos or videos containing faces, bodies, or other biometric characteristics to use our AI generation, editing, or enhancement features
You provide voice recordings that may contain voiceprints (if applicable to future features)
You generate AI content using our Services that may create or depict biometric characteristics

Important Clarification: We store the User Content you upload (including photographs and videos depicting people). We do not independently extract, collect, or create separate biometric identifier databases, facial recognition templates, or faceprints for identification, authentication, or surveillance purposes beyond what is necessary to process your AI generation requests.

B. How We Use Your Biometric Information

We process Biometric Information contained in User Content solely for the following purposes:

1. Service Delivery (Primary Purpose)

To provide the AI generation, editing, and enhancement features you request through the Services. This includes:

Processing your uploaded images and videos through our third-party AI model providers (currently including Google, OpenAI, ByteDance, Alibaba Cloud, Kling, MiniMax, and X.AI, which may change over time as we add new models and features)
Analyzing facial features, expressions, poses, and other biometric characteristics necessary to generate, edit, or enhance your content according to your prompts and instructions
Returning AI-generated outputs to you
Storing your User Content as part of your Account so you can access, download, and manage it

2. Service Improvement

To analyze, maintain, develop, and improve the Services by evaluating the performance and quality of AI-generated outputs. Important Note:We currently use only the outputs of AI processing to improve our Services. We do not use your User Content containing Biometric Information to train SocialSight’s own proprietary AI models, as we do not currently operate such models.

3. Safety and Compliance

To maintain the safety and security of the Services, prevent abuse, detect and respond to security incidents, comply with legal obligations, and enforce our Agreements.

C. What We Do NOT Do with Your Biometric Information

To protect your privacy, SocialSight does NOT:

Sell Biometric Information: We do not sell, lease, trade, or otherwise profit from your Biometric Information
Extract for Identification: We do not independently extract or create biometric identifiers (such as facial recognition templates or faceprints) for identification, authentication, or surveillance purposes separate from the AI processing you request
Train Proprietary Models:We do not currently use your Biometric Information to train SocialSight’s own proprietary AI models
Use for Marketing Without Consent: We do not use your Biometric Information for marketing, advertising, or promotional purposes without obtaining your separate, explicit written consent through a specific license request
Share for Third-Party Purposes: We do not share your Biometric Information with third parties except as necessary to provide the Services you request (i.e., processing through AI model providers) or as required by law

4. Third-Party AI Provider Processing

A. How Third-Party Processing Works

When you use our Services to generate, edit, or enhance content, your User Content (including any Biometric Information it contains) is transmitted to and processed by third-party AI model providers. These providers analyze your content and return AI-generated outputs to you through our platform.

Current Third-Party AI Providers:

Google (Vertex AI, Gemini)
OpenAI (GPT, DALL-E, and related models)
ByteDance (BytePlus)
Alibaba Cloud
Kling
MiniMax
X.AI

The specific providers we use may change over time as we add new models and features to the Services. We will update this list and notify users of material changes to our AI provider relationships.

B. Provider Contractual Protections

We maintain enterprise-level or API-level data processing agreements with our AI providers that include contractual provisions intended to:

Restrict the providers from using your User Content (including Biometric Information) to train their own AI models
Require appropriate security measures to protect your data
Require compliance with applicable data protection laws, including GDPR, CCPA, and BIPA
Facilitate deletion of your data when you request it
Maintain confidentiality of your content

Important Acknowledgment: While we maintain these contractual protections, we cannot fully control third-party provider behavior. When you use our Services, you acknowledge that your User Content will be transmitted to and processed by these third-party providers, and you consent to such processing as necessary to receive the Services.

For information about how specific AI providers handle biometric data, you may refer to their respective privacy policies.

A. Just-In-Time Consent Mechanism

Before you upload User Content for the first time, we will present a just-in-time disclosure and consent flow that informs you:

That the User Content you upload may contain Biometric Information
How we will process that Biometric Information (as described in Sections 3 and 4 above)
That your content will be processed by SocialSight and third-party AI providers
About the retention and destruction schedule for Biometric Information (as described in Section 6 below)
That you have the right to withdraw consent and request deletion at any time

By proceeding to upload User Content after receiving this disclosure, you provide your explicit, informed consent to the collection and processing of Biometric Information as described in this Biometric Policy and our Privacy Policy.

B. Auditable Consent Records

We maintain an auditable record of your consent, including:

Your account identifier
Timestamp of consent
Version of the Biometric Policy and consent notice you accepted
IP address and device information at time of consent

These records are maintained to demonstrate compliance with biometric privacy laws, including Illinois BIPA.

C. Ongoing Consent

Each time you upload new User Content or use AI features that process biometric characteristics, your continued use constitutes ongoing consent to process that specific content in accordance with this Biometric Policy. You may withdraw consent and delete content at any time as described in Section 7 below.

6. Retention and Storage of Biometric Information

This section establishes our publicly available written policy for the retention and permanent destruction of Biometric Information, including biometric identifiers and biometric information as defined under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”), and similar state biometric privacy laws.

A. What This Policy Covers

This retention and destruction policy applies to all biometric identifiers and biometric information collected through the Services, including:

Facial geometry, facial recognition data, faceprints, facial templates, and facial feature embeddings derived from images or videos uploaded to or generated by the Services
Voiceprints or voice recognition data (if applicable to future features)
Retina or iris scans, fingerprints, or hand geometry (if applicable to future features)
Any scans, templates, embeddings, or other data derived from the above that can be used to identify an individual

B. Retention Schedule: When We Delete Biometric Information

SocialSight will permanently delete and destroy all Biometric Information at the earliest of the following two events:

When Initial Purpose is Satisfied: When the specific purpose for which the Biometric Information was collected or obtained has been satisfied or completed; OR
Three Years from Last Interaction: Within three (3) years of your last interaction with SocialSight.

This retention schedule complies with Illinois BIPA 740 ILCS 14/15(a) and similar state biometric privacy laws.

C. What “Initial Purpose Satisfied” Means

The initial purpose for collecting Biometric Information through the Services is satisfied when any of the following occurs:

Account Deletion: You have deleted your Account, triggering deletion of all associated User Content and Biometric Information within thirty (30) days of the deletion request.
User Content Deleted: You have deleted specific User Content containing Biometric Information from your Account, triggering deletion of that content and associated Biometric Information within thirty (30) days.
Service Termination: SocialSight has terminated or discontinued the specific Service or feature for which the Biometric Information was collected.

D. What “Last Interaction” Means

Your “last interaction” with SocialSight means the most recent date on which you:

Logged into your Account
Uploaded User Content to the Services
Generated AI content using the Services
Modified, downloaded, or accessed User Content stored in your Account
Received or accessed Services through your Account
Communicated with SocialSight customer support regarding your Account or Services

E. Permanent Destruction Methods

When Biometric Information is scheduled for destruction under this policy, SocialSight will permanently delete such information using the following methods:

Complete Deletion from Production Systems:All copies of Biometric Information, including raw uploads, derived data (such as facial recognition embeddings or templates processed by AI providers), and related metadata, will be permanently deleted from SocialSight’s production systems, databases, and servers.
Backup System Destruction: Biometric Information in backup systems will be permanently deleted within ninety (90) days of the applicable destruction deadline, or upon the next scheduled backup rotation, whichever occurs first.
Third-Party Provider Deletion: SocialSight will issue deletion requests to third-party AI service providers (including Google, OpenAI, ByteDance, Alibaba Cloud, Kling, MiniMax, X.AI and any other providers) to ensure Biometric Information processed through those providers is permanently deleted in accordance with our data processing agreements with those providers.
Irreversible Destruction: Deletion methods will render Biometric Information permanently irretrievable and non-reconstructable. We use industry-standard secure deletion techniques that prevent recovery of deleted data.

F. Limited Exceptions to Destruction

Biometric Information will be retained beyond the retention schedule above only when:

Legal Obligation: Retention is required by law, regulation, legal hold, subpoena, court order, or other binding legal process.
Active Legal Proceeding: Biometric Information is reasonably necessary for SocialSight to establish, defend against, or participate in actual or reasonably anticipated litigation, arbitration, or regulatory proceeding.
Fraud or Security Investigation: Biometric Information is reasonably necessary for an active fraud investigation, security incident response, or law enforcement cooperation.

When the legal obligation, proceeding, or investigation concludes, the Biometric Information will be permanently destroyed within thirty (30) days unless another exception applies.

G. Third-Party Contractual Requirements

In any agreement with a third party that involves processing your Biometric Information (such as our AI model providers), we contractually require that the third party:

Collect, store, transmit, and protect your Biometric Information using a reasonable standard of care that is at least as protective as the way SocialSight protects other confidential and sensitive personal information
Process Biometric Information only as necessary to provide the Services and not for the third party’s own independent purposes (such as training their own models), subject to our enterprise agreements
Comply with applicable biometric privacy laws, including BIPA, CCPA, and GDPR
Delete or return Biometric Information upon our request or when the processing purpose is satisfied
Maintain appropriate security measures and confidentiality obligations

7. Withdrawal of Consent and Deletion Rights

You have the right to withdraw your consent to biometric processing and request deletion of your Biometric Information at any time.

A. How to Withdraw Consent and Delete Biometric Information

You may withdraw consent and request deletion through any of the following methods:

Option 1: Delete Specific User Content

Log into your Account
Navigate to your content library
Select the specific User Content containing Biometric Information that you wish to delete
Click “Delete” or follow the deletion prompts
We will permanently delete the selected content and associated Biometric Information within thirty (30) days

Option 2: Delete Your Entire Account

Log into your Account
Navigate to Account Settings
Select “Delete Account”
Follow the account deletion prompts
We will permanently delete your Account, all User Content, and all Biometric Information within thirty (30) days

Option 3: Email Deletion Request

Email us at support@socialsight.ai
Include your account email address and specify what you want deleted (specific content or entire account)
We will verify your identity and process your deletion request within thirty (30) days

B. Effect of Withdrawal

Withdrawal of consent will:

Stop all further processing of your Biometric Information for the purposes described in this policy
Trigger permanent deletion of your Biometric Information in accordance with Section 6 above
Not affect the lawfulness of processing based on consent before withdrawal

Withdrawal of consent will NOT:

Affect Biometric Information that is subject to a legal hold, subpoena, or court order (as described in Section 6.F)
Require deletion of information that must be retained to comply with legal obligations
Affect information that has already been irreversibly anonymized or aggregated

C. Deletion Timeline

Upon receiving your deletion request or consent withdrawal, we will:

Within 30 days: Permanently delete your Biometric Information from our production systems and issue deletion requests to third-party AI providers
Within 90 days: Permanently delete Biometric Information from backup systems
Confirm deletion: Send you confirmation once deletion is complete (if requested)

8. Region-Specific Resident Disclosures

A. No Sale of Biometric Information

User Content from residents of California, Colorado, Connecticut, Delaware, Florida, Illinois, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, Washington, the European Union, and the United Kingdom containing Biometric Information will NOT be sold, leased, traded, or otherwise profited from, even if a user consents to the sale, lease, trade, or other profit from their User Content.

We do not sell your Biometric Information. Period.

B. State Residency Confirmation

Out of respect for your privacy, SocialSight limits the amount of geolocation information we collect. If you have become a resident of one of the states or regions listed above since you last signed up for your SocialSight account, or if you want to confirm your state or regional residency with us, please contact us at support@socialsight.ai.

C. Illinois Residents – BIPA Compliance

Under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq., Illinois residents have the following specific rights:

Right to Written Notice

You have the right to be informed in writing that Biometric Information is being collected or stored. This Biometric Policy and our Privacy Policy (Section 3.A and Section 9.B) constitute that written notice. Specifically, we inform you:

What is collected: Biometric Information contained in User Content you upload, including facial features and related biometric characteristics
Specific purpose: To provide AI generation, editing, and enhancement services you request through the Services
Length of retention: The earliest of (1) when the initial purpose is satisfied, or (2) within three years of your last interaction with SocialSight
Destruction commitment: Biometric Information will be permanently destroyed in accordance with our retention and destruction schedule (Section 6 above)

Right to Informed Written Consent

You have the right to provide informed written consent before we collect, capture, or otherwise obtain your Biometric Information. We obtain your consent through our just-in-time disclosure and consent flow before your first upload of User Content, as described in Section 5 above.

Right to Withdrawal and Deletion

You may withdraw your consent and request deletion of your Biometric Information at any time using the methods described in Section 7 above.

Right to Publicly Available Retention Schedule

You have the right to a publicly available retention and destruction schedule for Biometric Information. This schedule is published in Section 6 of this Biometric Policy and in Section 9.B of our Privacy Policy.

No Sale or Profit

We do not and will not sell, lease, trade, or otherwise profit from your Biometric Information under any circumstances.

Standard of Care

We protect your Biometric Information using the same or greater standard of care as we use to protect other confidential and sensitive personal information, including encryption, access controls, security monitoring, and contractual protections with service providers.

For BIPA Inquiries

If you have questions about your BIPA rights or wish to exercise them, contact us at:

Email: support@socialsight.ai
Mailing Address:
SocialSight Inc.
100 W 31st Street, 40B
New York, NY 10001
United States

D. California Residents – CCPA/CPRA Rights

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) regarding Biometric Information, which is defined under California law as including “imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted.” Cal. Civ. Code § 1798.140(c).

Your California Rights:

Right to Know: What Biometric Information we collect, how we use it, and who we share it with (described in this policy and Section 3.A of our Privacy Policy)
Right to Delete: Request deletion of your Biometric Information
Right to Correct: Request correction of inaccurate Biometric Information
Right to Opt-Out: Opt out of any sale or sharing of Biometric Information (we do not sell or share)
Right to Limit Use of Sensitive Personal Information: Limit use of Biometric Information to what is necessary to provide the Services (which is our current practice)

To exercise these rights, contact us at support@socialsight.ai. For complete details on your California privacy rights, see Section 20 of our Privacy Policy (California Privacy Notice).

E. Other State Residents

Residents of Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia have rights under their respective state privacy laws regarding Biometric Information classified as “Sensitive Data” or special categories of personal data.

For complete information about your state-specific rights, please see Section 20 of our Privacy Policy (Regional Privacy Disclosures Notice).

F. EU and UK Residents – GDPR Rights

Under the EU and UK General Data Protection Regulation (GDPR), biometric data processed for the purpose of uniquely identifying a person constitutes “special category data” under GDPR Article 9, requiring heightened protection.

Legal Basis for Processing

We process your Biometric Information based on your explicit consent, obtained through our just-in-time consent mechanism described in Section 5 above.

Your GDPR Rights

Right to Withdraw Consent: Withdraw consent to biometric processing at any time
Right to Erasure: Request deletion of your Biometric Information
Right to Access: Request access to your Biometric Information
Right to Rectification: Request correction of inaccurate Biometric Information
Right to Data Portability: Receive your Biometric Information in a portable format
Right to Restriction: Request restriction of biometric processing
Right to Object: Object to biometric processing
Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

For complete information about your GDPR rights, see Section 20 of our Privacy Policy (European Union and United Kingdom Privacy Disclosures).

9. Security and Protection of Biometric Information

We implement stringent security measures to protect your Biometric Information from unauthorized access, use, alteration, or destruction.

Security Measures Include:

Encryption: Encryption of Biometric Information in transit (during upload and AI processing) and at rest (when stored)
Access Controls: Role-based access controls limiting employee and contractor access to Biometric Information to only those with a legitimate business need
Authentication: Multi-factor authentication and strong password requirements for employee access
Audit Logging: Comprehensive logging and monitoring of access to systems containing Biometric Information
Security Monitoring: Continuous monitoring for unauthorized access attempts, security incidents, and anomalous activity
Vendor Security Requirements: Contractual security obligations imposed on third-party AI providers and other service providers
Regular Assessments: Periodic security assessments, vulnerability testing, and security audits
Employee Training: Data protection and security training for employees who may access Biometric Information
Incident Response: Documented incident response procedures for biometric data breaches

Standard of Care

We protect Biometric Information using the same or greater standard of care that we use to protect other confidential and sensitive personal information. This standard meets or exceeds the “reasonable standard of care” required by Illinois BIPA 740 ILCS 14/15(e) and similar state laws.

Data Breach Notification

In the event of a security breach involving Biometric Information, we will notify affected individuals and applicable regulatory authorities in accordance with applicable law, including:

Illinois BIPA breach notification requirements
GDPR breach notification requirements (within 72 hours to supervisory authorities)
State data breach notification laws
Other applicable breach notification obligations

10. Future Use of Biometric Information

A. Proprietary Model Training

SocialSight does not currently train proprietary generative AI models using your User Content or Biometric Information. We utilize third-party AI model providers as described in Section 4 above.

If we develop proprietary AI models in the future and wish to use User Content (including Biometric Information) to train those models, we will:

Update this Biometric Policy and our Privacy Policy with clear, conspicuous disclosures about the model training practices
Provide advance notice to all existing users via email and through the Services
Implement user-facing controls allowing you to opt out of having your User Content used for model training before any such use begins
Obtain any additional consents required by applicable law, including re-consent under Illinois BIPA and other state biometric privacy laws
Comply with all biometric privacy laws governing the use of Biometric Information for AI model training

Until such controls are implemented and disclosures are made, your User Content will NOT be used to train SocialSight’s own AI models.

B. Marketing and Promotional Use

We do not use your User Content containing Biometric Information for marketing, advertising, or promotional purposes without your explicit, separate consent.

If we wish to use your AI-generated content in marketing materials, on our website, in social media posts, or in other promotional contexts, we will:

Contact you directly to request a specific license for that use
Identify the specific content we wish to use
Describe how and where the content will be displayed
Allow you to grant or deny permission for that specific use

You are under no obligation to grant such a license, and refusing will not affect your ability to use the Services or result in any penalty or discrimination.

Any marketing use of your content containing Biometric Information will occur only with your explicit, informed, written consent for that specific use.

11. Your Rights Summary

As a SocialSight user, you have the following rights regarding your Biometric Information:

Right	Description	How to Exercise
Right to Notice	Be informed about biometric collection, use, and retention	This Biometric Policy and Privacy Policy Section 3.A provide written notice
Right to Consent	Provide informed consent before biometric collection	Just-in-time consent flow before first upload
Right to Know	Know what Biometric Information we have and how we use it	Contact support@socialsight.ai
Right to Deletion	Request deletion of Biometric Information	Delete via Account settings or email support@socialsight.ai
Right to Withdrawal	Withdraw consent at any time	Email support@socialsight.ai or delete your Account
Right to Retention Schedule	Access publicly available retention and destruction timeline	Section 6 of this policy and Section 9.B of Privacy Policy
Right to Correction	Request correction of inaccurate Biometric Information	Contact support@socialsight.ai
Right to Portability	Receive Biometric Information in portable format	Contact support@socialsight.ai
Right Against Sale	Not have Biometric Information sold	We do not sell Biometric Information
Right to Security	Have Biometric Information protected with reasonable security	We implement security measures described in Section 9

State and Region-Specific Rights

Illinois residents: All rights under BIPA (Section 8.C above)
California residents: All rights under CCPA/CPRA (Section 8.D above)
Other state residents: Rights under applicable state privacy laws (see Privacy Policy Section 20)
EU/UK residents: All rights under GDPR (Section 8.F above and Privacy Policy Section 20)

12. Contact Us and Questions

If you have any questions about this Biometric Policy, how we handle your Biometric Information, or your biometric privacy rights, please contact us:

Email: support@socialsight.ai
Mailing Address:
SocialSight Inc.
100 W 31st Street, 40B
New York, NY 10001
United States

For Illinois BIPA Inquiries: Use the contact information above

For EU/UK GDPR Inquiries: Use the email address above for all EU/UK data protection inquiries

13. Changes to This Biometric Policy

We may update this Biometric Policy from time to time to reflect changes in our Services, data practices, legal requirements, or for other operational reasons.

When we make changes, we will:

Revise the “Effective Date” and “Last Updated” date at the top of this policy
Post the updated Biometric Policy on our Site and App
Notify you of material changes through email (sent to the address associated with your Account) or through a prominent notice on our Services

Material changes that may trigger re-consent requirements include:

Changes to the purposes for which we collect or use Biometric Information
Changes to retention periods or destruction schedules
Introduction of new uses such as proprietary model training or marketing use
Changes to third-party sharing practices

Your continued use of the Services after the effective date of an updated Biometric Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you should cease using the Services and request deletion of your Account and Biometric Information as described in Section 7.

14. Relationship to Other Policies

This Biometric Policy is a supplement to and should be read together with:

SocialSight Privacy Policy: Our comprehensive privacy policy covering all aspects of data collection and use. For biometric practices, see specifically Section 3.A (Biometric Information definition and practices) and Section 9.B (Biometric Information Retention and Destruction Policy).
SocialSight Terms of Use: Our terms governing use of the Services, including license grants and intellectual property rights.
Regional Privacy Disclosures (Privacy Policy Section 20): State and region-specific privacy rights and disclosures for California, Illinois, and other jurisdictions with biometric privacy laws.

In the event of any conflict between this Biometric Policy and the Privacy Policy, the more protective provision for users shall apply. In the event of any conflict between this policy and applicable law, applicable law controls.

15. No Discrimination for Exercising Rights

SocialSight will not discriminate against you for exercising any of your biometric privacy rights described in this policy.

We will not:

Deny you access to the Services
Charge different prices or rates for Services
Provide a different level or quality of Services
Suggest that you will receive different pricing or service quality
Retaliate against you in any way

You have the right to use the Services and exercise your biometric privacy rights without penalty.

16. Additional Resources

Full Privacy Policy: https://socialsight.ai/privacy
Terms of Use: https://socialsight.ai/terms-of-use
California Privacy Notice: See Privacy Policy Section 20
Illinois BIPA Rights: See Privacy Policy Section 20 and Section 8.C above
EU/UK GDPR Rights: See Privacy Policy Section 20

17. Acknowledgment

By using the Services and uploading User Content containing Biometric Information, you acknowledge that you have read, understood, and agree to this Biometric Information Privacy Policy. You further acknowledge that:

You have the necessary rights and consents to upload User Content containing Biometric Information of yourself and any other individuals depicted
You consent to the processing of Biometric Information as described in this policy
You understand the retention and destruction schedule
You understand your rights to withdraw consent and request deletion
You understand that processing occurs through third-party AI providers as described in Section 4

SocialSight Biometric Information Privacy Policy

Effective Date: March 2, 2026 · Last Updated: March 2, 2026

1. Introduction

2. Key Definitions

Biometric Information

Depictions, images, descriptions, or recordings of an individual’s facial features, iris or retina, finger or handprints, voice, genetics, or characteristic movements or gestures (e.g., gait or typing pattern)
Data derived from such depictions, images, descriptions, or recordings, to the extent that it would be reasonably possible to identify the person from whose information the data had been derived
Facial recognition templates, embeddings, faceprints, or other data that encode measurements or characteristics of a face
Voiceprints or voice recognition data
Any scans, templates, or measurements of biological characteristics that can be used to identify an individual

Example:Both a photograph of a person’s face and a facial recognition template, embedding, or faceprint derived from that photograph constitute Biometric Information.

User Content

“User Content” refers to all content that you upload, create, generate, or otherwise provide through the Services, including:

Uploaded Content: Images, videos, audio files, and other media files you upload to the platform
Generated Content: AI-generated images, videos, and other outputs created using our AI tools based on your inputs and prompts
Prompts and Instructions: Text prompts, editing instructions, and other input data you provide to generate or edit content
Edits and Modifications: Any edits, modifications, or derivative works you create using our Services

User Content may contain Biometric Information if it depicts individuals.

Services

3. Biometric Information Collected and Purpose

A. What Biometric Information We Collect

We collect Biometric Information only when:

You voluntarily upload photos or videos containing faces, bodies, or other biometric characteristics to use our AI generation, editing, or enhancement features
You provide voice recordings that may contain voiceprints (if applicable to future features)
You generate AI content using our Services that may create or depict biometric characteristics

B. How We Use Your Biometric Information

We process Biometric Information contained in User Content solely for the following purposes:

1. Service Delivery (Primary Purpose)

To provide the AI generation, editing, and enhancement features you request through the Services. This includes:

Processing your uploaded images and videos through our third-party AI model providers (currently including Google, OpenAI, ByteDance, Alibaba Cloud, Kling, MiniMax, and X.AI, which may change over time as we add new models and features)
Analyzing facial features, expressions, poses, and other biometric characteristics necessary to generate, edit, or enhance your content according to your prompts and instructions
Returning AI-generated outputs to you
Storing your User Content as part of your Account so you can access, download, and manage it

2. Service Improvement

3. Safety and Compliance

To maintain the safety and security of the Services, prevent abuse, detect and respond to security incidents, comply with legal obligations, and enforce our Agreements.

C. What We Do NOT Do with Your Biometric Information

To protect your privacy, SocialSight does NOT:

Sell Biometric Information: We do not sell, lease, trade, or otherwise profit from your Biometric Information
Extract for Identification: We do not independently extract or create biometric identifiers (such as facial recognition templates or faceprints) for identification, authentication, or surveillance purposes separate from the AI processing you request
Train Proprietary Models:We do not currently use your Biometric Information to train SocialSight’s own proprietary AI models
Use for Marketing Without Consent: We do not use your Biometric Information for marketing, advertising, or promotional purposes without obtaining your separate, explicit written consent through a specific license request
Share for Third-Party Purposes: We do not share your Biometric Information with third parties except as necessary to provide the Services you request (i.e., processing through AI model providers) or as required by law

4. Third-Party AI Provider Processing

A. How Third-Party Processing Works

Current Third-Party AI Providers:

Google (Vertex AI, Gemini)
OpenAI (GPT, DALL-E, and related models)
ByteDance (BytePlus)
Alibaba Cloud
Kling
MiniMax
X.AI

The specific providers we use may change over time as we add new models and features to the Services. We will update this list and notify users of material changes to our AI provider relationships.

B. Provider Contractual Protections

We maintain enterprise-level or API-level data processing agreements with our AI providers that include contractual provisions intended to:

Restrict the providers from using your User Content (including Biometric Information) to train their own AI models
Require appropriate security measures to protect your data
Require compliance with applicable data protection laws, including GDPR, CCPA, and BIPA
Facilitate deletion of your data when you request it
Maintain confidentiality of your content

For information about how specific AI providers handle biometric data, you may refer to their respective privacy policies.

A. Just-In-Time Consent Mechanism

Before you upload User Content for the first time, we will present a just-in-time disclosure and consent flow that informs you:

That the User Content you upload may contain Biometric Information
How we will process that Biometric Information (as described in Sections 3 and 4 above)
That your content will be processed by SocialSight and third-party AI providers
About the retention and destruction schedule for Biometric Information (as described in Section 6 below)
That you have the right to withdraw consent and request deletion at any time

B. Auditable Consent Records

We maintain an auditable record of your consent, including:

Your account identifier
Timestamp of consent
Version of the Biometric Policy and consent notice you accepted
IP address and device information at time of consent

These records are maintained to demonstrate compliance with biometric privacy laws, including Illinois BIPA.

C. Ongoing Consent

6. Retention and Storage of Biometric Information

A. What This Policy Covers

This retention and destruction policy applies to all biometric identifiers and biometric information collected through the Services, including:

Facial geometry, facial recognition data, faceprints, facial templates, and facial feature embeddings derived from images or videos uploaded to or generated by the Services
Voiceprints or voice recognition data (if applicable to future features)
Retina or iris scans, fingerprints, or hand geometry (if applicable to future features)
Any scans, templates, embeddings, or other data derived from the above that can be used to identify an individual

B. Retention Schedule: When We Delete Biometric Information

SocialSight will permanently delete and destroy all Biometric Information at the earliest of the following two events:

When Initial Purpose is Satisfied: When the specific purpose for which the Biometric Information was collected or obtained has been satisfied or completed; OR
Three Years from Last Interaction: Within three (3) years of your last interaction with SocialSight.

This retention schedule complies with Illinois BIPA 740 ILCS 14/15(a) and similar state biometric privacy laws.

C. What “Initial Purpose Satisfied” Means

The initial purpose for collecting Biometric Information through the Services is satisfied when any of the following occurs:

Account Deletion: You have deleted your Account, triggering deletion of all associated User Content and Biometric Information within thirty (30) days of the deletion request.
User Content Deleted: You have deleted specific User Content containing Biometric Information from your Account, triggering deletion of that content and associated Biometric Information within thirty (30) days.
Service Termination: SocialSight has terminated or discontinued the specific Service or feature for which the Biometric Information was collected.

D. What “Last Interaction” Means

Your “last interaction” with SocialSight means the most recent date on which you:

Logged into your Account
Uploaded User Content to the Services
Generated AI content using the Services
Modified, downloaded, or accessed User Content stored in your Account
Received or accessed Services through your Account
Communicated with SocialSight customer support regarding your Account or Services

E. Permanent Destruction Methods

When Biometric Information is scheduled for destruction under this policy, SocialSight will permanently delete such information using the following methods:

Complete Deletion from Production Systems:All copies of Biometric Information, including raw uploads, derived data (such as facial recognition embeddings or templates processed by AI providers), and related metadata, will be permanently deleted from SocialSight’s production systems, databases, and servers.
Backup System Destruction: Biometric Information in backup systems will be permanently deleted within ninety (90) days of the applicable destruction deadline, or upon the next scheduled backup rotation, whichever occurs first.
Third-Party Provider Deletion: SocialSight will issue deletion requests to third-party AI service providers (including Google, OpenAI, ByteDance, Alibaba Cloud, Kling, MiniMax, X.AI and any other providers) to ensure Biometric Information processed through those providers is permanently deleted in accordance with our data processing agreements with those providers.
Irreversible Destruction: Deletion methods will render Biometric Information permanently irretrievable and non-reconstructable. We use industry-standard secure deletion techniques that prevent recovery of deleted data.

F. Limited Exceptions to Destruction

Biometric Information will be retained beyond the retention schedule above only when:

Legal Obligation: Retention is required by law, regulation, legal hold, subpoena, court order, or other binding legal process.
Active Legal Proceeding: Biometric Information is reasonably necessary for SocialSight to establish, defend against, or participate in actual or reasonably anticipated litigation, arbitration, or regulatory proceeding.
Fraud or Security Investigation: Biometric Information is reasonably necessary for an active fraud investigation, security incident response, or law enforcement cooperation.

When the legal obligation, proceeding, or investigation concludes, the Biometric Information will be permanently destroyed within thirty (30) days unless another exception applies.

G. Third-Party Contractual Requirements

In any agreement with a third party that involves processing your Biometric Information (such as our AI model providers), we contractually require that the third party:

Collect, store, transmit, and protect your Biometric Information using a reasonable standard of care that is at least as protective as the way SocialSight protects other confidential and sensitive personal information
Process Biometric Information only as necessary to provide the Services and not for the third party’s own independent purposes (such as training their own models), subject to our enterprise agreements
Comply with applicable biometric privacy laws, including BIPA, CCPA, and GDPR
Delete or return Biometric Information upon our request or when the processing purpose is satisfied
Maintain appropriate security measures and confidentiality obligations

7. Withdrawal of Consent and Deletion Rights

You have the right to withdraw your consent to biometric processing and request deletion of your Biometric Information at any time.

A. How to Withdraw Consent and Delete Biometric Information

You may withdraw consent and request deletion through any of the following methods:

Option 1: Delete Specific User Content

Log into your Account
Navigate to your content library
Select the specific User Content containing Biometric Information that you wish to delete
Click “Delete” or follow the deletion prompts
We will permanently delete the selected content and associated Biometric Information within thirty (30) days

Option 2: Delete Your Entire Account

Log into your Account
Navigate to Account Settings
Select “Delete Account”
Follow the account deletion prompts
We will permanently delete your Account, all User Content, and all Biometric Information within thirty (30) days

Option 3: Email Deletion Request

Email us at support@socialsight.ai
Include your account email address and specify what you want deleted (specific content or entire account)
We will verify your identity and process your deletion request within thirty (30) days

B. Effect of Withdrawal

Withdrawal of consent will:

Stop all further processing of your Biometric Information for the purposes described in this policy
Trigger permanent deletion of your Biometric Information in accordance with Section 6 above
Not affect the lawfulness of processing based on consent before withdrawal

Withdrawal of consent will NOT:

Affect Biometric Information that is subject to a legal hold, subpoena, or court order (as described in Section 6.F)
Require deletion of information that must be retained to comply with legal obligations
Affect information that has already been irreversibly anonymized or aggregated

C. Deletion Timeline

Upon receiving your deletion request or consent withdrawal, we will:

Within 30 days: Permanently delete your Biometric Information from our production systems and issue deletion requests to third-party AI providers
Within 90 days: Permanently delete Biometric Information from backup systems
Confirm deletion: Send you confirmation once deletion is complete (if requested)

8. Region-Specific Resident Disclosures

A. No Sale of Biometric Information

We do not sell your Biometric Information. Period.

B. State Residency Confirmation

C. Illinois Residents – BIPA Compliance

Under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq., Illinois residents have the following specific rights:

Right to Written Notice

What is collected: Biometric Information contained in User Content you upload, including facial features and related biometric characteristics
Specific purpose: To provide AI generation, editing, and enhancement services you request through the Services
Length of retention: The earliest of (1) when the initial purpose is satisfied, or (2) within three years of your last interaction with SocialSight
Destruction commitment: Biometric Information will be permanently destroyed in accordance with our retention and destruction schedule (Section 6 above)

Right to Informed Written Consent

Right to Withdrawal and Deletion

You may withdraw your consent and request deletion of your Biometric Information at any time using the methods described in Section 7 above.

Right to Publicly Available Retention Schedule

No Sale or Profit

We do not and will not sell, lease, trade, or otherwise profit from your Biometric Information under any circumstances.

Standard of Care

For BIPA Inquiries

If you have questions about your BIPA rights or wish to exercise them, contact us at:

Email: support@socialsight.ai
Mailing Address:
SocialSight Inc.
100 W 31st Street, 40B
New York, NY 10001
United States

D. California Residents – CCPA/CPRA Rights

Your California Rights:

Right to Know: What Biometric Information we collect, how we use it, and who we share it with (described in this policy and Section 3.A of our Privacy Policy)
Right to Delete: Request deletion of your Biometric Information
Right to Correct: Request correction of inaccurate Biometric Information
Right to Opt-Out: Opt out of any sale or sharing of Biometric Information (we do not sell or share)
Right to Limit Use of Sensitive Personal Information: Limit use of Biometric Information to what is necessary to provide the Services (which is our current practice)

To exercise these rights, contact us at support@socialsight.ai. For complete details on your California privacy rights, see Section 20 of our Privacy Policy (California Privacy Notice).

E. Other State Residents

For complete information about your state-specific rights, please see Section 20 of our Privacy Policy (Regional Privacy Disclosures Notice).

F. EU and UK Residents – GDPR Rights

Legal Basis for Processing

We process your Biometric Information based on your explicit consent, obtained through our just-in-time consent mechanism described in Section 5 above.

Your GDPR Rights

Right to Withdraw Consent: Withdraw consent to biometric processing at any time
Right to Erasure: Request deletion of your Biometric Information
Right to Access: Request access to your Biometric Information
Right to Rectification: Request correction of inaccurate Biometric Information
Right to Data Portability: Receive your Biometric Information in a portable format
Right to Restriction: Request restriction of biometric processing
Right to Object: Object to biometric processing
Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

For complete information about your GDPR rights, see Section 20 of our Privacy Policy (European Union and United Kingdom Privacy Disclosures).

9. Security and Protection of Biometric Information

We implement stringent security measures to protect your Biometric Information from unauthorized access, use, alteration, or destruction.

Security Measures Include:

Encryption: Encryption of Biometric Information in transit (during upload and AI processing) and at rest (when stored)
Access Controls: Role-based access controls limiting employee and contractor access to Biometric Information to only those with a legitimate business need
Authentication: Multi-factor authentication and strong password requirements for employee access
Audit Logging: Comprehensive logging and monitoring of access to systems containing Biometric Information
Security Monitoring: Continuous monitoring for unauthorized access attempts, security incidents, and anomalous activity
Vendor Security Requirements: Contractual security obligations imposed on third-party AI providers and other service providers
Regular Assessments: Periodic security assessments, vulnerability testing, and security audits
Employee Training: Data protection and security training for employees who may access Biometric Information
Incident Response: Documented incident response procedures for biometric data breaches

Standard of Care

Data Breach Notification

In the event of a security breach involving Biometric Information, we will notify affected individuals and applicable regulatory authorities in accordance with applicable law, including:

Illinois BIPA breach notification requirements
GDPR breach notification requirements (within 72 hours to supervisory authorities)
State data breach notification laws
Other applicable breach notification obligations

10. Future Use of Biometric Information

A. Proprietary Model Training

SocialSight does not currently train proprietary generative AI models using your User Content or Biometric Information. We utilize third-party AI model providers as described in Section 4 above.

If we develop proprietary AI models in the future and wish to use User Content (including Biometric Information) to train those models, we will:

Update this Biometric Policy and our Privacy Policy with clear, conspicuous disclosures about the model training practices
Provide advance notice to all existing users via email and through the Services
Implement user-facing controls allowing you to opt out of having your User Content used for model training before any such use begins
Obtain any additional consents required by applicable law, including re-consent under Illinois BIPA and other state biometric privacy laws
Comply with all biometric privacy laws governing the use of Biometric Information for AI model training

Until such controls are implemented and disclosures are made, your User Content will NOT be used to train SocialSight’s own AI models.

B. Marketing and Promotional Use

We do not use your User Content containing Biometric Information for marketing, advertising, or promotional purposes without your explicit, separate consent.

If we wish to use your AI-generated content in marketing materials, on our website, in social media posts, or in other promotional contexts, we will:

Contact you directly to request a specific license for that use
Identify the specific content we wish to use
Describe how and where the content will be displayed
Allow you to grant or deny permission for that specific use

You are under no obligation to grant such a license, and refusing will not affect your ability to use the Services or result in any penalty or discrimination.

Any marketing use of your content containing Biometric Information will occur only with your explicit, informed, written consent for that specific use.

11. Your Rights Summary

As a SocialSight user, you have the following rights regarding your Biometric Information:

Right	Description	How to Exercise
Right to Notice	Be informed about biometric collection, use, and retention	This Biometric Policy and Privacy Policy Section 3.A provide written notice
Right to Consent	Provide informed consent before biometric collection	Just-in-time consent flow before first upload
Right to Know	Know what Biometric Information we have and how we use it	Contact support@socialsight.ai
Right to Deletion	Request deletion of Biometric Information	Delete via Account settings or email support@socialsight.ai
Right to Withdrawal	Withdraw consent at any time	Email support@socialsight.ai or delete your Account
Right to Retention Schedule	Access publicly available retention and destruction timeline	Section 6 of this policy and Section 9.B of Privacy Policy
Right to Correction	Request correction of inaccurate Biometric Information	Contact support@socialsight.ai
Right to Portability	Receive Biometric Information in portable format	Contact support@socialsight.ai
Right Against Sale	Not have Biometric Information sold	We do not sell Biometric Information
Right to Security	Have Biometric Information protected with reasonable security	We implement security measures described in Section 9

State and Region-Specific Rights

Illinois residents: All rights under BIPA (Section 8.C above)
California residents: All rights under CCPA/CPRA (Section 8.D above)
Other state residents: Rights under applicable state privacy laws (see Privacy Policy Section 20)
EU/UK residents: All rights under GDPR (Section 8.F above and Privacy Policy Section 20)

12. Contact Us and Questions

If you have any questions about this Biometric Policy, how we handle your Biometric Information, or your biometric privacy rights, please contact us:

Email: support@socialsight.ai
Mailing Address:
SocialSight Inc.
100 W 31st Street, 40B
New York, NY 10001
United States

For Illinois BIPA Inquiries: Use the contact information above

For EU/UK GDPR Inquiries: Use the email address above for all EU/UK data protection inquiries

13. Changes to This Biometric Policy

We may update this Biometric Policy from time to time to reflect changes in our Services, data practices, legal requirements, or for other operational reasons.

When we make changes, we will:

Revise the “Effective Date” and “Last Updated” date at the top of this policy
Post the updated Biometric Policy on our Site and App
Notify you of material changes through email (sent to the address associated with your Account) or through a prominent notice on our Services

Material changes that may trigger re-consent requirements include:

Changes to the purposes for which we collect or use Biometric Information
Changes to retention periods or destruction schedules
Introduction of new uses such as proprietary model training or marketing use
Changes to third-party sharing practices

14. Relationship to Other Policies

This Biometric Policy is a supplement to and should be read together with:

SocialSight Privacy Policy: Our comprehensive privacy policy covering all aspects of data collection and use. For biometric practices, see specifically Section 3.A (Biometric Information definition and practices) and Section 9.B (Biometric Information Retention and Destruction Policy).
SocialSight Terms of Use: Our terms governing use of the Services, including license grants and intellectual property rights.
Regional Privacy Disclosures (Privacy Policy Section 20): State and region-specific privacy rights and disclosures for California, Illinois, and other jurisdictions with biometric privacy laws.

15. No Discrimination for Exercising Rights

SocialSight will not discriminate against you for exercising any of your biometric privacy rights described in this policy.

We will not:

Deny you access to the Services
Charge different prices or rates for Services
Provide a different level or quality of Services
Suggest that you will receive different pricing or service quality
Retaliate against you in any way

You have the right to use the Services and exercise your biometric privacy rights without penalty.

16. Additional Resources

Full Privacy Policy: https://socialsight.ai/privacy
Terms of Use: https://socialsight.ai/terms-of-use
California Privacy Notice: See Privacy Policy Section 20
Illinois BIPA Rights: See Privacy Policy Section 20 and Section 8.C above
EU/UK GDPR Rights: See Privacy Policy Section 20

17. Acknowledgment

You have the necessary rights and consents to upload User Content containing Biometric Information of yourself and any other individuals depicted
You consent to the processing of Biometric Information as described in this policy
You understand the retention and destruction schedule
You understand your rights to withdraw consent and request deletion
You understand that processing occurs through third-party AI providers as described in Section 4

SocialSight Biometric Information Privacy Policy

1. Introduction

2. Key Definitions

Biometric Information

User Content

Services

3. Biometric Information Collected and Purpose

A. What Biometric Information We Collect

B. How We Use Your Biometric Information

1. Service Delivery (Primary Purpose)

2. Service Improvement

3. Safety and Compliance

C. What We Do NOT Do with Your Biometric Information

4. Third-Party AI Provider Processing

A. How Third-Party Processing Works

B. Provider Contractual Protections

5. Consent to Biometric Processing

A. Just-In-Time Consent Mechanism

B. Auditable Consent Records

C. Ongoing Consent

6. Retention and Storage of Biometric Information

A. What This Policy Covers

B. Retention Schedule: When We Delete Biometric Information

C. What “Initial Purpose Satisfied” Means

D. What “Last Interaction” Means

E. Permanent Destruction Methods

F. Limited Exceptions to Destruction

G. Third-Party Contractual Requirements

7. Withdrawal of Consent and Deletion Rights

A. How to Withdraw Consent and Delete Biometric Information

Option 1: Delete Specific User Content

Option 2: Delete Your Entire Account

Option 3: Email Deletion Request

B. Effect of Withdrawal

C. Deletion Timeline

8. Region-Specific Resident Disclosures

A. No Sale of Biometric Information

B. State Residency Confirmation

C. Illinois Residents – BIPA Compliance

Right to Written Notice

Right to Informed Written Consent

Right to Withdrawal and Deletion

Right to Publicly Available Retention Schedule

No Sale or Profit

Standard of Care

For BIPA Inquiries

D. California Residents – CCPA/CPRA Rights

E. Other State Residents

F. EU and UK Residents – GDPR Rights

Legal Basis for Processing

Your GDPR Rights

9. Security and Protection of Biometric Information

Standard of Care

Data Breach Notification

10. Future Use of Biometric Information

A. Proprietary Model Training

B. Marketing and Promotional Use

11. Your Rights Summary

State and Region-Specific Rights

12. Contact Us and Questions

13. Changes to This Biometric Policy

14. Relationship to Other Policies

15. No Discrimination for Exercising Rights

16. Additional Resources

17. Acknowledgment

SocialSight Biometric Information Privacy Policy

1. Introduction

2. Key Definitions

Biometric Information

User Content

Services

3. Biometric Information Collected and Purpose

A. What Biometric Information We Collect

B. How We Use Your Biometric Information

1. Service Delivery (Primary Purpose)

2. Service Improvement

3. Safety and Compliance

C. What We Do NOT Do with Your Biometric Information

4. Third-Party AI Provider Processing

A. How Third-Party Processing Works