SECTION 1: GENERAL
The FaceGuard Application (“FaceGuard” or “Application”) is a product of FaceGuard, LLC (“Company”). The Company respects the privacy of its users (“user” or “you”) who benefit from the FaceGuard Desktop and/or Mobile Applications and accordingly employs methods and procedures applicable to best protect the security of our users.
SECTION 2: FUNCTION
FaceGuard is a unique password manager. Rather than relying on letters, numbers, and symbols to secure the application, websites, and sensitive user data, FaceGuard presents a grid of nine faces (“FaceChallenge”). Eight of the faces are artificially generated to assure they have never been seen before. In function, a single, randomly selected, user supplied familiar face appears in an arbitrary position on a 3x3 grid - along with the eight unknown portraits. A user can easily recognize the face they know. The user taps the familiar image among strangers; thus satisfying the FaceChallenge and authenticating their identity by Who They Know.
To achieve this level of security, FaceGuard implements multiple FaceChallenges in conjunction with Secret Sharing enabling each face (real and artificial) to serve as part of an array. Only when correctly combined together by the User's identification of their familiar faces among strangers, is a unique key created to access the user's Personal database. Simplified: FaceGuard utilizes the uniquely human ability to recognize a familiar face; rather than requiring the User recall a password for authentication.
SECTION 3: TYPES OF DATA
The following Company privacy policy (“Privacy Policy”), among other items, is to inform you about two types of important user data:
-Personal --- This is the text you optionally enter into the application
-Faces --- There are two types of faces for the application to function
(1) Familiar Faces - to the user - that FaceGuard enables you to enter and store within the application in connection with authenticating user identity.
(2) Artificial Faces created by a generative adversarial network -GAN- (hosted on AWS) and supplied to the application to reflect the US CENSUS by age range, gender, and ethnicity.
SECTION 4: USER DATA
(A) PERSONAL
While using the Application, FaceGuard provides fields allowing Users to enter certain personally identifying Information ("Personal Data") that can be employed to assist the user in providing required information for the various Websites (“Destinations”) previously saved in the Application. Importantly, the information entered in the Application is totally discretionary. Personal Data is stored locally on the drive of the User’s device(s) in an AES-256 Encrypted Database not linked to any cloud storage. Personal Data entered by the Users may include, but is not limited to the following:
First Name
Middle Initial
Last Name
Birth Date
Gender
Email Address(es)
Physical Address (City, State, ZIP)
Phone Number(s) (Mobile/Work/Home)
Social Security Number
Driver’s License Number
Credit/Debit Card Number
Issuing Institution
Full Name
CVV Number
Expiration Date
(B) FACE IMAGES
FACEGUARD enables user-imported familiar faces to be locally stored in the Application on the user's device(s) in a fused database comprised of the unmarked user's familiar faces randomly mixed into over a thousand unmarked artificial faces (“AI faces”).
The storage containing all the faces is referred to as the IMAGES database and is protected both within the device operating system as well as by the fact all faces look similar; thus eliminating any reliable method -other than the specific user's ability- to detect which face is real among those that are comparable. Such a concealing strategy is a solid practice referred to as “Security Through Obscurity” (S.T.O.).
User's faces are never stored in the cloud and GAN faces are replaced after display.
An unauthorized third party must first gain physical access to the user's device; then defeat the security of the operating system. In addition, the database itself does not store faces in a visually recognizable format necessitating the acquisition of special tools to make the faces visible.
Critically, as all faces (real and AI) have no identifying information, without the specific user's ability to differentiate personally recognized faces from unknown faces, all faces are indistinguishable from one another. Moreover, no biometric data is ever acquired or used.
SECTION 5: ESSENTIAL DIFFERENTIATION:
Faces imported by the user to the FaceGuard application shall not be confused with what is known as bio-metric 'face data' or 'FaceID'.
What is commonly known as “Face Recognition” is predicated on an algorithm detecting a series of points on a surface and comparing the results to a stored face.
By contrast, “Recognizing Faces” is the human recall of faces with an emotional connection specifically imported into FaceGuard so they elicit an immediate response when displayed in a group of eight faces the user has never seen before.
SECTION 6: INTEGRITY
FaceGuard employees cannot unencrypt the personal database nor recognize the user's familiar faces on the user’s local device(s). The personal database has no constant key. It is accessed via Secret Sharing combination which can only be accomplished by the specific user recognizing faces imported by him or her from among multiple grids of camouflaging GAN faces.
SECTION 7: TRANSFER
Application access to user device(s) is restricted. That said, FaceGuard does enable Public Key/Private Key (PKI) encrypted data exchange between devices manually paired by the user.
SECTION 8: Data Retention
The Personal Data and Image Data stored locally on the Users’ device(s) shall continue to be stored on their device(s) at the User’s discretion. Users may delete Personal Data and/or Face Data whenever they deem it necessary.
SECTION 9: SECURITY
The Company and the Application employ exemplary measures to secure the user's personal and image data against breach by an unauthorized party. That said, even the best security measures cannot fully eliminate all risks given enough time and money. Therefore, we are not responsible for any third-party circumvention in which an unauthorized person may have -or be granted by the user- access to the local device on which the Application is installed.
SECTION 10: SERVICE PROVIDERS
FaceGuard, LLC. employs Amazon Web Services (AWS) to facilitate the encrypted transfer of data between user devices. AWS does not have any access whatsoever to the User's Personal or Image Data. Amazon Web Services is governed by its own Privacy Policies as well as Terms and Conditions. AWS's commitment to security is well documented:
https://aws.amazon.com/compliance/data-privacy-faq/?nc1=h_ls
SECTION 11: PAYMENT PROCESSORS
FaceGuard, LLC employs the following third-party payment gateways;
Apple Store
Google Store
Microsoft Store
Should you initiate an optional purchase, you will be directed to the secure servers of the applicable third-party payment processor. Your name, billing address, e-mail address, phone number, and credit card number may be required. The information is used by the payment gateway to process financial transactions. Third-Party service vendors are governed by their own Privacy Policies, Terms, and Conditions.
SECTION 12: LINKS TO OTHER SITES
FaceGuard may contain links to partner websites that are not operated by us. We strongly advise you to review the Privacy Policy of every website you visit as FaceGuard has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party websites,
SECTION 13: Privacy Rights (EEA & California)
(a) For users, in the resident country which lies within the European Union Economic Area (EEA), FACEGUARD will abide by the privacy principles and regulations laid down in the General Data Protection Regulation (GDPR).
(b) For users, who are residents of California, United States of America, FACEGUARD will abide by the privacy principles and regulations laid down in the California Consumer Privacy Act (CCPA). LLC.
SECTION 14: CHANGES TO THIS PRIVACY POLICY
FaceGuard, LLC may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on the FaceGuard website which provides direct access to these pages within the application. Moreover, prior to any change becoming effective, we will update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes.
SECTION 15: CONTACT US
If you have any questions about this Privacy Policy, please contact us!
FACEGUARD, LLC
Business Name: FaceGuard, LLC
Address: 825 Highland Ave Ste 3E, Downers Grove, IL, 60515-1549, USA
Contact person: Robert S Hedin
E-mail: bhedin@faceguard.co