Kyndrify

Draft prepared for counsel review. This notice describes Kyndrify's biometric practices and is not yet in effect pending counsel sign-off. Counsel to confirm the written-consent mechanics under Illinois BIPA (the separate, explicit consent step described in Section 5 is being built to match this notice) and the final retention periods. Last updated 2026-06-07.

Biometric Information Privacy Notice

This Notice explains how Kyndrify (operated by Through The Glass Creatives Global FZCO) collects, uses, stores, protects, and destroys biometric information when you create or verify a Twin. It supplements our Privacy Policy. We follow the strictest applicable standard so that the same protections apply to everyone, regardless of where you live.

1. What we mean by "biometric information"

Information derived from your face that can be used to identify you — specifically, a mathematical representation of your facial geometry (a "face template" or embedding) computed from the photos and consent recording you provide. It does not include the photo or video itself (which we treat as your content), nor any health, emotion, or demographic inference — we do not derive those.

2. Why we collect it (purpose)

  • Identity verification — to confirm that the person who gives consent is the person shown in the Twin, and that each new photo or pose you add is the same, already-consented person.
  • Abuse prevention — to stop someone from building a Twin of a person who has not consented (e.g., a stolen photo).

We do not use your biometric information for advertising, and we do not use it to train, fine-tune, or improve any AI model.

3. How little we store (data minimization)

We are deliberately minimal about what we keep, because the safest biometric data is the data we never store:

  • Per-check templates are discarded immediately. Each time you add a photo or pose, we compute a face match against your reference and then delete that check's template right away — we keep only a numeric match score (a number, not biometric data) and a record that the check happened.
  • At most one reference template per person, derived at consent, stored encrypted at rest — used solely to verify future poses of that same person.
  • Your consent recording and Twin photo are your content (your likeness, which is the product itself); they are stored encrypted and governed by our Privacy Policy.

4. Retention and destruction

  • Per-check templates: destroyed within minutes of the verification, automatically.
  • The reference template: retained only while your Twin exists, and in no case longer than the maximum permitted by applicable law (for example, three (3) years from your last interaction for Illinois residents; one (1) year after purpose for Texas residents). It is permanently destroyed when you delete the Twin, delete your account, or ask us to, whichever comes first.
  • The consent recording is retained for the life of the Twin plus seven (7) years after deletion as a legal record of consent, separate from the biometric template above. This matches the retention stated in our Privacy Policy and Terms of Service.

5. Your consent

We collect and store biometric information only after you give explicit, written consent through a step shown to you at the time of collection — separate from accepting our general Terms — that states what we collect, why, how long we keep it, and that we may store and destroy it as described here. You may withdraw consent at any time by deleting the Twin or contacting us, after which we destroy the associated reference template.

6. We never sell or lease it

We do not sell, lease, trade, or otherwise profit from your biometric information, and we do not disclose it for advertising. We share it only with the infrastructure and identity-verification providers strictly necessary to operate the service, each bound by a written agreement that forbids any other use and any onward sharing.

7. Security

We protect biometric information with the same or greater care than other confidential information: encryption in transit and at rest, strict access controls, and contractual safeguards on every provider that touches it.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your information, to withdraw consent, and to object to processing. To exercise any of these, email [email protected]. This Notice is intended to meet the requirements of the Illinois Biometric Information Privacy Act (BIPA), Texas CUBI, Washington's biometric law, the EU/UK GDPR (Article 9 special-category data), and the UAE Personal Data Protection Law, among others.

Contact

Questions about this Notice or our biometric practices: [email protected].

Sign inBuild your twin

We use cookies for analytics to help improve Kyndrify. You can accept or decline. See our Privacy Policy.