1. Purpose of this notice
This Biometric Information Notice ("Notice") is provided by Arketon Tecnology, the company that operates the Quarym mobile application through its registered Brazilian legal entity Arketon Tecnologia Ltda. (CNPJ 64.909.714/0001-08, headquartered at Rua Sapucaí, 220, Apt. 402, Rosário, Cláudio/MG, CEP 35530-000, Brasil; collectively "we", "us", "Arketon").
Although we take the position that we do not "collect", "capture", "store", or "transmit" biometric identifiers as those terms are defined under the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (CUBI, Tex. Bus. & Com. Code §503.001), the Washington Biometric Privacy Act (RCW 19.375), the Maryland Online Data Privacy Act (MODPA), or comparable laws, we publish this Notice to:
- Satisfy BIPA §15(a)'s requirement that any entity in possession of biometric identifiers maintain a "publicly available" written policy, in case our practices are characterized differently by any court;
- Be transparent with users about what does and does not happen on their device when Quarym processes a photo;
- Document our retention schedule (which is zero retention because we do not collect biometric data);
- Confirm we do not sell biometric data, a separate prohibition under BIPA §15(c).
2. What Quarym does and does not do with face data
Quarym DOES:
- Use Apple's Vision framework (the same APIs used by iOS Photos, iOS Camera, and most consumer iOS photo apps) to detect that a face is present in your photo, locate facial landmarks (eye centers, nose, mouth corners), and identify subject regions for relighting purposes.
- Run that detection on your iPhone, locally, using Apple's Neural Engine, CPU, or GPU.
- Use the resulting facial geometry data only to position virtual lights on the local Studio 3D preview running on your device.
Quarym DOES NOT:
- Capture, collect, store, transmit, sell, lease, trade, or otherwise profit from biometric identifiers (a "scan of face geometry" within the meaning of BIPA §10) or biometric information derived from biometric identifiers.
- Send facial landmark data, face encodings, face templates, face embeddings, or any other biometric representation to our servers.
- Send facial landmark data to Google, Apple's servers, or any other third party.
- Use facial geometry to identify, authenticate, or verify the identity of any person.
- Maintain a database of facial templates or face encodings.
- Use facial data for security, authentication, surveillance, profiling, or commercial identification purposes.
What is sent to our servers and to Google:
When you tap to relight a photo, the photo bytes themselves (JPEG/HEIC/PNG) and sanitized image orientation metadata are uploaded to Quarym's servers and forwarded to Google Gemini for AI relighting. The photo may contain images of faces, but the photo is not a "biometric identifier" or "biometric information" as those terms are defined in BIPA §10:
"Biometric identifier" means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs ... (BIPA §10, emphasis added)
The plain text of BIPA explicitly excludes photographs from the definition. Federal courts have consistently held that uploading or storing a photograph, even one depicting a person, is not collection of a biometric identifier unless additional processing extracts and stores facial geometry as a template (e.g., Vance v. Microsoft, 2022; Zellmer v. Meta, 2024).
Quarym does not extract or store such templates server-side. Photographs are processed by Google Gemini for image generation; per our contractual arrangement with Google (Google Cloud Vertex AI Customer Data Processing Terms), Google does not use the photo to train its models and deletes the photo after a 24-hour abuse-monitoring buffer. See Privacy Policy §5 for full details.
3. Retention schedule
Because Quarym does not collect or possess biometric identifiers or biometric information, there is no biometric data to retain or destroy. Our retention period for biometric data is therefore zero.
If a court ever held that Quarym's on-device facial geometry processing constituted "collection" within the meaning of BIPA, a position we believe to be incorrect, we would still meet BIPA's destruction requirement (§15(a)) because the on-device facial geometry data is:
- Not persisted, it lives in volatile memory only for the duration of the active session and is discarded when the editor session ends;
- Never transmitted, it never leaves your device;
- Not stored on our servers, we have no database, file, or backup containing biometric identifiers.
This effectively destroys any biometric data within the active session, well within BIPA's outer limit of three (3) years from last interaction (§15(a)).
4. We do not sell biometric data
We do not, and will never, sell, lease, trade, or otherwise profit from biometric identifiers or biometric information of any user. This is a separate, absolute prohibition under BIPA §15(c) and analogous statutes.
5. We do not disclose biometric data
We do not disclose, redisclose, or otherwise disseminate biometric identifiers or biometric information to any third party. Specifically:
- We do not share facial geometry data with Google, Supabase, Resend, Apple, or any other service provider.
- We do not share facial geometry data in response to subpoenas or court orders, because we have no such data to share.
- We do not share facial geometry data with our employees or contractors, because we have no such data.
6. Security of any incidentally processed face data
To the extent any on-device facial geometry data exists transiently during a relighting session:
- It is processed in iOS process memory governed by Apple's standard sandbox and memory protections.
- It is never written to disk by Quarym.
- It is automatically released by iOS when the relighting session ends or the app is suspended.
- It is never transmitted off-device.
These are reasonable security measures within the meaning of BIPA §15(e).
7. Consent
The Quarym onboarding flow includes a separate Legal Notice screen requiring your explicit acceptance of:
- These statements about how face detection works on your device and what does and does not leave your phone;
- Our Privacy Policy and Terms of Service.
Your acceptance is recorded server-side (timestamp + version) for audit purposes per BIPA §15(b).
You may withdraw consent and delete your account at any time via Settings → Account → Delete Account. After deletion, no record of you remains on our systems beyond an opaque tombstone (containing only a UUID + deletion timestamp + reason, no name, no email, no biometric data) retained for audit purposes.
8. Statements about specific jurisdictions
8.1 Illinois (BIPA, 740 ILCS 14)
Quarym does not collect "biometric identifiers" or "biometric information" within the meaning of BIPA §10. This Notice satisfies §15(a)'s public policy requirement. We do not sell, lease, trade, or otherwise profit from biometric data (§15(c)).
8.2 Texas (CUBI, Tex. Bus. & Com. Code §503.001)
Quarym does not capture biometric identifiers for a commercial purpose within the meaning of CUBI §503.001(b).
8.3 Washington (Biometric Privacy Act, RCW 19.375)
Quarym does not enroll biometric identifiers in a database for a commercial purpose within the meaning of RCW 19.375.020.
8.4 Washington (My Health My Data Act, RCW 19.373)
Quarym does not collect "consumer health data" (including biometric data used for health-related inferences) within the meaning of MHMDA. Quarym is not a medical device or health service.
8.5 Maryland (MODPA)
Quarym treats biometric data as "sensitive personal data" requiring opt-in consent. Because we do not collect biometric identifiers, this provision is not engaged for our processing. If Maryland law requires further opt-in consent in any context where our processing is reasonably arguable as biometric collection, our explicit Legal Notice acceptance flow (see §7) provides that opt-in.
8.6 Brazil (LGPD)
Brazilian law treats biometric data as "sensitive personal data" (Lei 13.709/2018, Art. 5(II)). Quarym does not process biometric data within the meaning of LGPD because facial geometry data does not leave the user's device. To the extent it could be argued otherwise, processing is grounded in specific, highlighted consent (Art. 7(I), 11(I)(a)), evidenced by the Legal Notice acceptance flow.
8.7 EU/UK (GDPR)
Article 9 of the GDPR treats biometric data processed "for the purpose of uniquely identifying a natural person" as a special category of personal data. Quarym does not use facial geometry to identify any person; it uses landmark positions only to position virtual lights for an artistic relighting effect. Article 9 is therefore not engaged. To the extent it were, our Legal Notice acceptance flow records "explicit consent" within the meaning of Art. 9(2)(a).
9. Changes to this Notice
If we materially change our facial-detection processing (for example, if we begin storing facial templates server-side, which we have no intention to do), we will:
- Update this Notice;
- Notify users by email at least 30 days before the change takes effect;
- Obtain renewed explicit consent through the in-app Legal Notice flow before the change applies to existing users.
The Last updated date above reflects the most recent version. Prior versions are archived at https://quarym.com/biometric/archive.
10. Contact
| Reason | |
|---|---|
| Questions about this Notice or our biometric data practices | privacy@quarym.com |
| Encarregado (LGPD DPO) | dpo@quarym.com |
| To request deletion of any data we may possess about you | Use Settings → Delete Account, or email privacy@quarym.com |
Postal: Arketon Tecnologia Ltda., Rua Sapucaí, 220, Apt. 402, Rosário, Cláudio/MG, CEP 35530-000, Brasil