Privacy First
Privacy First. By Architecture.
Biometric data never leaves the user's device. Verification happens on-device, not in the cloud. This is architecture, not policy — it cannot be reversed by a terms-of-service update.
Data Flow
Biometric data never leaves the user's device. Verification happens on-device, not in the cloud. This is architecture, not policy — it cannot be reversed by a terms-of-service update.
Capture
Biometric data is captured by the device camera and processed entirely on-device using the secure enclave.
On-Device OnlyProcess
Facial recognition, document verification, and device attestation all occur on the user's device. No biometric data is transmitted.
On-Device OnlyAttest
The device produces a cryptographically signed attestation — a mathematical proof of identity verification, not a copy of the identity.
Transmitted (No Biometrics)Deliver
Only the signed attestation token is delivered to the requesting application. The token confirms identity without exposing any biometric or personal data.
Stored (No Biometrics)On-Device Processing
Biometric data never leaves the user's device. Verification happens on-device, not in the cloud. This is architecture, not policy — it cannot be reversed by a terms-of-service update.
Facial Recognition
All facial recognition processing occurs on the user's device using hardware-accelerated machine learning. Facial templates are stored in the device's secure enclave and never leave the device.
Document Verification
Government ID documents are read via NFC on-device. The cryptographic signature from the document's chip is verified locally. Document images are not stored or transmitted.
Device Attestation
Apple AppAttest (iOS) and Google Play Integrity (Android) provide hardware-backed device attestation. The attestation is generated on-device and included in the verification token.
Zero Trust Attestation
Polyguard's servers never see biometric data. What they receive is a mathematical proof — a signed attestation that verification occurred on a genuine device, with specific confidence scores, at a specific time and location. This zero-trust model means even a complete compromise of Polyguard's servers would not expose any user's biometric data, because it was never there.
Public Keys (JWKS)
Public keys are published at
polyguard.ai/.well-known/jwks.json
following the JSON Web Key Set standard. Any party can retrieve these keys and independently verify attestation signatures.
Private Keys (Hardware Enclave)
Corresponding private keys reside in each device's hardware secure enclave. They are generated on the device, used for signing on the device, and never leave the device. Not even Polyguard has access to them.
Independent Verification
Every attestation in a Transaction Affidavit can be independently verified by downloading the JWKS public keys and checking the cryptographic signatures. The verification is deterministic and does not require contacting Polyguard.
Regulatory Alignment
Biometric data never leaves the user's device. Verification happens on-device, not in the cloud. This is architecture, not policy — it cannot be reversed by a terms-of-service update.
| Framework | Requirement | Polyguard Approach |
|---|---|---|
| BIPA | Informed consent before biometric collection | No biometric data collected by Polyguard — processing is on-device |
| GDPR | Data minimization, purpose limitation | Minimal data transmission — only signed attestation tokens |
| CCPA | Right to know, right to delete | No biometric data stored on servers to delete |
| SOC 2 Type II | Security controls, availability, confidentiality | Certified with unqualified opinion |
Transaction Affidavit Contents
Biometric data never leaves the user's device. Verification happens on-device, not in the cloud. This is architecture, not policy — it cannot be reversed by a terms-of-service update.
Included
- Verification result (verified / not verified)
- Timestamp
- Location data
- Device attestation status
- Confidence scores
- Cryptographic signature
Never Included
- Raw biometric data
- Identity document images
- Facial images or templates
- Personal information beyond verified name