Privacy Policy
BIOPIA – Palm Biometric Authentication & Payment Platform
Last Updated: February 19, 2026
BIOPIA – Palm Biometric Authentication & Payment Platform
Last Updated: February 19, 2026BIOPIA collects palm biometric data, camera input, and limited device information solely to provide secure, password-free authentication and loyalty card services. Biometric data is encrypted at rest and in transit, is never sold or shared with advertisers, and is deleted immediately upon account deletion or consent withdrawal. BIOPIA does not track you across third-party apps or websites.
BIOPIA ("we," "us," or "our") operates a palm vein biometric authentication and digital loyalty platform accessible through our mobile application (the "App") and associated physical terminals. This Privacy Policy explains how we collect, use, store, protect, and share information about you when you use BIOPIA services.
We are committed to protecting your privacy and handling your personal data — including sensitive biometric information — with the highest standards of security and transparency. This policy is designed to comply with applicable data protection laws, including GDPR principles, Kuwait Law No. 20 of 2014 on Electronic Transactions, and Apple's App Store privacy requirements.
By downloading, installing, or using the BIOPIA App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the App immediately.
Biometric feature vectors are stored in isolated, access-controlled database partitions, encrypted using AES-256 at rest and TLS 1.3 in transit. Biometric data is never used for advertising, profiling, or any purpose other than authentication within BIOPIA services.
| Purpose | Data Used |
|---|---|
| Biometric authentication at terminals | Palm biometric data, device ID |
| Account creation and management | Name, email, password hash |
| Loyalty card issuance and redemption | User ID, campaign data, transaction records |
| QR code scanning for onboarding and transactions | Camera input (not stored), session token |
| Security monitoring and fraud prevention | IP address, device ID, session logs |
| Service performance and error resolution | App usage logs, error reports |
| Legal compliance and audit trail | Transaction records, authentication logs |
| Responding to support requests | Email, account data, support correspondence |
BIOPIA does not sell, rent, or trade your personal or biometric data. We share data only in the following limited circumstances:
When you use BIOPIA at a merchant terminal, the merchant receives only a pseudonymous user identifier and the transaction result. Merchants do not receive your biometric data, email address, or full name unless you have explicitly consented.
We may disclose your information if required by law, court order, or governmental authority in Kuwait or other applicable jurisdictions.
BIOPIA is operated from Kuwait. Your data may be processed on servers located in the United States (via Neon and Vercel infrastructure). We ensure appropriate safeguards are in place, including encryption of all data in transit (TLS 1.3) and at rest (AES-256), and contractual data processing agreements with all sub-processors.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account and identity data | Duration of account + 90 days after deletion | Service provision; grace period for recovery |
| Biometric feature data | Deleted immediately upon consent withdrawal or account deletion | Authentication service; no retention after consent ends |
| Transaction and redemption records | 5 years from transaction date | Legal and regulatory compliance |
| Authentication and scan logs | 12 months | Security monitoring and fraud investigation |
| Device and session data | 90 days | Security and performance monitoring |
| Support correspondence | 3 years | Dispute resolution and legal compliance |
You have the following rights with respect to your personal data. To exercise any right, contact us at support@biopia.ai. We will respond to all verified requests within 30 days.
Request a copy of all personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data and biometric information.
Request that we restrict processing of your data in certain circumstances.
Request your data in a structured, machine-readable format (JSON or CSV).
Withdraw consent for biometric data processing at any time — results in immediate deletion.
BIOPIA is intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect personal data or biometric information from individuals under the age of 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@biopia.ai.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and send an in-app notification and/or email to registered users at least 14 days before the changes take effect.
Your continued use of BIOPIA after the effective date constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: