[Last Updated October 27, 2025]

Uzio Technology, Inc. (“we,” “our,” “us”) offers payroll, HR, and timekeeping services, including optional biometric authentication features such as facial recognition for employee time and attendance. This policy explains how Uzio and its service providers (such as Amazon Web Services AWS Rekognition) collect, use, disclose, retain, and delete biometric information when our facial recognition feature is enabled by our clients (employers).

1. Scope

This policy applies to employees, contractors, and other individuals (“users”) whose biometric information is collected and processed through Uzio’s biometric timekeeping feature at the direction of their employer (the “Client”). Clients remain the data controllers responsible for providing legally required notices and obtaining consents under applicable law. Uzio acts as a service provider/processor of Clients.  Clients are also responsible for developing and complying with their own biometric data handling practices and policies as may be required under applicable law.

2. Definition of Biometric Data

For purposes of this policy, “Biometric Data” means biological characteristics of an individual, or information based on or derived from such a characteristic or measurements, that can be used to identify or authenticate that individual and as may be defined by applicable local laws that govern the collection, use, storage or disclosure of biometric information which includes a mathematical representation of facial features (“facial template”) generated by AWS Rekognition or similar technology for authentication; photos captured at clock in/out or break in/out for fraud prevention or security verification as enabled by Clients.

3. Collection & Consent

Biometric data will only be collected after obtaining informed consent from the users. Employers must also provide one-time authorization before enabling biometric features. Consent records will be logged and maintained for auditing purposes.

4. Use, Disclosure and Sharing of Biometric Data

Biometric data will be used solely for authentication within kiosks and mobile applications for the identity of users for time and attendance tracking, compliance with legal obligations. Uzio may disclose biometric data only to the Client that enabled biometric timekeeping; Uzio’s authorized service providers (such as AWS) that support biometric processing and as required by law, regulation, or valid legal process. It will not be sold, leased, or otherwise disclosed to third parties except as required by law.

5. Retention & Deletion

Biometric data will be retained only while the user is actively employed by the Client or as otherwise required by law. Upon notification from the Client that the user’s employment has ended or biometric use has been discontinued, Uzio will permanently delete the user’s biometric data. Deletion will cover all systems, including backups.

6. Security Practices

We will use a reasonable standard of care and implement administrative, physical, and technical safeguards to protect Biometric Data from loss or unauthorized access, use or disclosure. Additional information about Uzio’s security practice may be found at https://www.uzio.com/security

7. User Rights

Where required by law, users may: (a) request deletion of their biometric data at any time via kiosk or mobile app;(b) re-enroll if needed due to changes in facial features or errors; (c) request their employer for the details about retention and deletion practices.

8. Updates

We may update or amend this policy from time to time to reflect changes in applicable laws or Uzio’s business practices.