Privacy Policy

Last Updated: March 3, 2025

FasTrax POS LLC (“FasTrax POS,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, how we secure it, and your rights regarding your information. It applies to our identity and age verification services provided to businesses (such as age-restricted retailers and vending machines), our website, and any related services that link to this Privacy Policy. We comply with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) and state biometric data laws (e.g., Illinois’ BIPA), and we strive to write this policy in clear terms. By using our services, you agree to the collection and use of your information as described here. If you do not agree, please do not use the services.

Information We Collect

We only collect personal information necessary for identity and age verification and related purposes. This includes:

  • Identification Information: When you scan or submit a government-issued ID (e.g., driver’s license or passport) through our system, we collect information such as your full name, address, date of birth, photograph, ID number, expiration date, and issuing authority. We may capture images of the front and back of your ID document for verification purposes.
  • Contact Details: If you provide it, we may collect your email address and phone number. For example, a business using our service might ask you to enter an email or phone for receipts or account linkage, or you might contact us directly and provide this information.
  • Selfie or Biometric Data: In some cases, our service will prompt you to take a live photo of yourself (a “selfie”) or use another biometric identifier (like a fingerprint) to verify that you are the person on the ID. This facial image or fingerprint is biometric data. We only collect biometric data with your knowledge and explicit consent (as required by law) and only for identity verification.
  • Public Records/Profile Information: As part of verification, we may check information about you from public records or databases. For example, we might query public databases or third-party identity verification services to confirm that the ID details you provided (name, DOB, ID number) match public records and that your ID is valid (not reported lost or stolen). We do not collect information from your private social media profiles, and any public profile search or record check is solely to confirm your identity information.
  • Device and Usage Data: Our systems automatically log certain data when you use our services. This includes the time and location (approximate, such as store location) of your verification, device identifiers or kiosk ID, and outcome of the verification (e.g., success or failure and reason for failure). If you use our website, we may collect standard web analytics data (like IP address, browser type, and cookies) to improve the site’s functionality. We do not use this data to identify you for marketing; it’s mainly for security, fraud detection, and improving our service.

You can choose not to provide personal information, but please note: if you refuse to provide information required for verification (such as an ID scan or selfie when prompted), we cannot verify your age or identity, and you will not be able to use the service.

How We Use Your Information

We use the collected information for the following purposes:

  • Identity and Age Verification: The primary use of your information is to confirm your identity and age for a transaction or access to an age-restricted product/service. For example, we verify that the name and birth date on your ID meet the requirements, and we may compare your selfie to your ID photo to ensure you are the same person. This helps businesses comply with laws that prohibit sales to underage or unverified individuals.
  • Fraud Detection and Prevention: We use personal and technical data to detect and prevent fraud or misuse. Our AI-driven verification system will flag inconsistent or suspicious information (for instance, if a photo doesn’t match the ID, or if the same ID is used in multiple locations in a short time). We also use your information to prevent identity theft or illegal attempts to bypass the system (such as using someone else’s ID or a fake ID).
  • Compliance with Legal Requirements We may use and retain your information as necessary to comply with laws and regulations. For instance, some jurisdictions require businesses to record that an age verification was performed for certain purchases. We maintain records of verifications (such as a log that an ID was scanned and verified) to demonstrate compliance. If law enforcement or regulators lawfully require information (for example, to investigate a fraudulent ID incident), we may use your data to cooperate with such legal requests.
  • Service Improvement and Development: Internally, we may analyze verification data and outcomes (in an anonymized or aggregated way whenever possible) to improve our verification algorithms and user experience. For example, understanding common failure reasons (like a particular ID type scanning poorly) helps us enhance the system. We also use feedback or support inquiries you send to improve our services and assist you better in the future.
  • Communication: If you provide contact information, we will use it to communicate with you about the service. For example, we might send a confirmation if you request a copy of your data or notify you of important changes (such as updates to this Privacy Policy or if there is a security incident that affects your information). We will not send you marketing emails or texts unrelated to the verification service unless you separately opt in to such communications. And even if you opt in, you can always opt out of non-essential communications at any time.

We will not use your personal information for purposes unrelated to the above without your consent. We do not use your data for advertising or profiling unrelated to age/ID verification. If we ever need to use your information for a new purpose, we will update this policy and/or ask for your consent as required by law.

How We Share Your Information

We value your privacy and share your personal information only in limited situations, primarily to facilitate the verification service or as required by law:

  • With the Business You Are Transacting With: If you are verifying your age or identity for a purchase or access (for example, at a store or vending machine), we share the verification result with that business. Typically, this is a pass/fail or confirmation that you are of age. The business needs this information to decide whether to complete your transaction. We do not automatically give the business all your personal details; however, they may see details on your ID during the scan or as required by law (just as they would if they checked your ID manually). Any personal data the business retains about you (e.g., a record that you showed ID) is governed by that business’s own Privacy Policy.
  • With Identity Verification Service Providers: We partner with third-party services and public data providers to help verify the authenticity of IDs and information. For example, we may send an ID number or a scanned barcode to a secure third-party system that checks if the ID is valid, or we might use a biometric match service to compare your selfie to the photo on your ID. These service providers only receive the data needed for the verification check and are contractually obligated to use it solely for that purpose and to protect it. In practice, this might involve sharing your name, DOB, or ID number with a database to confirm it matches their records. We do not sell your data to these providers; we engage them to perform a function on our behalf, and they must handle your data confidentially.
  • With Technology and Security Subcontractors: FasTrax POS uses reputable cloud hosting and security companies to operate our platform (for data storage, email communications, etc.). These subcontractors may process or store personal data as part of providing their services to us (for example, our secure cloud database storing your encrypted verification data). We select vendors that have strong security practices, and they are not allowed to use your information for anything other than providing services to us under our instructions.
  • For Legal Compliance or Protection: We may disclose personal information to third parties (such as law enforcement, regulators, or courts) when we believe in good faith that such disclosure is required to comply with a legal obligation, subpoena, or process; or to investigate, prevent, or act regarding suspected fraud, illegal activities, or a violation of our terms. For example, if we discover an individual is attempting a fraudulent ID scam, we might report details to law enforcement as permitted by law. Similarly, if a court order or law requires us to retain and provide certain verification records, we will comply. We will only share what is reasonably necessary in such cases, and, when allowed, we will inform you of these requests.
  • Business Transfers: In the unlikely event that FasTrax POS is involved in a merger, acquisition, bankruptcy, or sale of assets, user information could be transferred to a successor or affiliate of the company as part of that transaction. If that happens, we will ensure your information remains protected and give you notice before it becomes subject to a different Privacy Policy.

Importantly, we do not sell or rent your personal information to third-party marketers. We do not share your data with any third parties for their own marketing or advertising purposes. Any sharing is limited to the purposes of providing our verification service or as outlined above.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. In practice, this means:

  • Retention for Re-Verification Convenience: We may keep your verification data on file so that if you use our services again, you might not need to go through the entire verification from scratch. For example, if you verified your age at one of our kiosks, that device (or our system) might remember that your ID was verified, allowing a faster process on a subsequent visit. Keeping your data on file can enhance your experience by enabling reuse without resubmitting documents each time.
  • User-Requested Deletion: If you want us to delete your personal information, you can request it at any time (see “Your Rights” below). Upon a verified deletion request, we will remove or anonymize the personal data we have about you, except for information we are required to keep by law or for legitimate business purposes (for example, retaining a transaction log that an ID was checked, without personal details, to satisfy legal compliance). Once we delete your data, verification records will no longer be linked to you personally, and if you use the service again, you will need to re-verify from the beginning.
  • Legal and Compliance Retention: In some cases, laws or regulations require us (or the business using our service) to retain certain data for a minimum period. For example, a state law might mandate that age verification logs be kept for one year. In such cases, we will retain the required information for the duration mandated. We also may retain data as necessary to resolve disputes or enforce our agreements.
  • Biometric Data Duration: Biometric identifiers (like facial scan data or fingerprints, if collected) are handled with extra care. Unless you have expressly opted into a feature that retains biometric data for convenience (and in compliance with applicable biometric laws), we do not store your biometric data longer than needed for the immediate verification. Typically, once your identity/age is verified, raw biometric data (like the actual fingerprint image or facial recognition template) is either not stored at all or is promptly deleted, unless we have your consent to retain it for future verifications. If we do retain biometric data for a user opt-in feature (for example, a “remember me” program to speed up future logins), we will follow applicable laws such as BIPA – meaning we will obtain written consent, inform you of the purpose and duration, and in any case will not keep it beyond the legally allowed time (generally, we would permanently destroy biometric identifiers within 3 years of your last interaction or as soon as the original purpose is fulfilled, whichever comes first). You also have the right to request deletion of biometric data at any time, and we will honor that request (absent a conflicting legal requirement).

In summary, we do not keep personal data longer than necessary. We periodically review our stored data and delete or anonymize information that is no longer needed for our services or legal obligations. Data that is retained is securely stored and protected (as described in Security Measures below), and you remain in control through your rights to access and deletion.

Security Measures

We take the security of your personal information seriously and implement industry-standard safeguards to protect it:

  • Encryption: All sensitive personal information (including ID images and biometric data) is encrypted during transmission and while stored on our servers. This means your data is encoded so that only authorized systems with the proper keys can read it. For example, when your ID scan is sent to our server, it travels over an encrypted connection (HTTPS/TLS), and once stored, the file is encrypted at rest.
  • Secure Storage and Access Control: We store data in secure facilities with measures to prevent unauthorized access. Only a limited number of authorized personnel with a valid business need have access to personal data, and they are bound by strict confidentiality obligations. We use firewalls and monitoring systems to guard against external attacks, and we physically and electronically secure any hardware used in verification kiosks or devices.
  • AI-Driven Fraud Detection: Our platform incorporates artificial intelligence and machine-learning techniques to help identify fraudulent IDs or suspicious patterns. For example, the system can detect if an ID has been altered or if a face does not match an ID photo. These AI tools add an extra layer of security by catching many fake ID attempts. However, as noted below, no AI or security system is foolproof – we continuously train and update these systems to improve their accuracy.
  • Testing and Compliance: We regularly update our software and systems with security patches and improvements. We conduct periodic security audits, vulnerability assessments, and penetration testing to identify and fix potential weaknesses. Our security program is designed to meet or exceed relevant standards and legal requirements for protecting personal and biometric data.
  • Incident Response: We have procedures in place to handle any data security incidents. In the unlikely event of a data breach or security issue affecting your personal information, we will notify affected users and/or authorities as required by law, and we will take immediate steps to mitigate the impact and prevent future occurrences.

While we employ robust security measures, it’s important to understand that no system is 100% infallible. By using our service, you acknowledge that there is some risk whenever data is transmitted or stored electronically. We strive to minimize these risks and protect your information, but we cannot guarantee absolute security. You can help by safeguarding any credentials or devices you use in connection with our service and notifying us if you suspect any unauthorized access to your information.

Your Rights and Choices

We believe in giving you control over your personal information. Subject to certain legal limitations, you have the following rights regarding the data we collect about you:

  • Right to Access: You have the right to request a copy of the personal information we hold about you and to ask for details about how we use it. This means you can ask us to confirm if we’re processing your data and provide you with a summary or copy of that data. For example, you can request, “Please provide all personal data you have about me that was collected when I used the FasTrax POS verification kiosk on [date].” We will need to verify your identity before fulfilling an access request to ensure we don’t disclose your data to the wrong person. Once we have verified the request, we will provide the information we have within the timeframe required by law.
  • Right to Correct: If you believe any personal information we have about you is incorrect or outdated, you have the right to ask us to correct or update it. In practice, most of the data we collect comes directly from your government ID or from you, which should be accurate. However, mistakes can happen (for instance, a typo in our system or an outdated address). If you find an error, let us know, and upon verifying the correct information, we will fix it.
  • Right to Delete: You have the right to request deletion of your personal information. As described in the Data Retention section, we generally do not keep data longer than necessary, but you don’t have to wait for our schedule. You may contact us at any time after using the service and say, “Please delete my personal data.” Provided we are not required by law to keep it (and no other exception applies), we will erase your personal information from our records. This deletion is permanent and includes removal from any of our active databases. (Note that if the business you interacted with needs to keep certain info for their legal compliance, you may need to contact that business as well – but typically, data like an ID scan image would reside with us and can be deleted upon request.) Keep in mind, if you delete your data and later use our service again, you will need to re-verify your identity since we will not have any past record to recognize you.
  • Right to Withdraw Consent: In cases where our processing of your data is based on your consent, you have the right to withdraw that consent at any time. The most common example is biometric data – if you consented to a facial recognition or fingerprint process, you could later withdraw consent and request that we stop using and/or delete your biometric data. If you withdraw consent for a particular use (like a “remember me” feature that stores your data for reuse), we will stop that processing and remove the data, though we may need to retain some information if required by law. Please note that withdrawing consent will not affect any processing that has already occurred and might mean that you can no longer use certain features (for instance, if you withdraw consent for biometric verification, you would have to use an alternative verification method or might not be able to use the service on systems that rely solely on biometrics).
  • Right to Opt-Out of Communications: If we send you any non-essential communications (such as a newsletter or a survey separate from the core verification process), you have the right to opt out or unsubscribe. As mentioned, we typically do not send marketing communications without your opt-in, but if you ever receive one and do not wish to continue, you can use the provided opt-out mechanism (like an “unsubscribe” link in an email) or contact us to be removed from the mailing list. This opt-out does not apply to essential service or legal communications (for example, an email confirming a data deletion request or a notice of a policy update), which we may still send as needed.
  • California Privacy Rights (CCPA): If you are a California resident, you have specific rights under the CCPA (in addition to those above). These include the right to know the categories of personal information we collect and the purposes, the right to know what information we have disclosed or “sold” (note: We do not sell personal information), the right to opt-out of any sale of personal info, the right to request deletion (which we already honor), and the right not to receive discriminatory treatment for exercising your privacy rights. This Privacy Policy is intended to comply with the CCPA’s requirements. California users can exercise their rights through the same methods described here (contacting us via email or mail with your request). We will treat all user requests with equal care, whether or not you are a California resident.
  • Other State Privacy Rights: Residents of certain states (such as Virginia, Colorado, Connecticut, and others with privacy laws) may have additional rights like the right to opt out of certain data processing or appeal a decision we make regarding a privacy request. We honor the privacy rights of all our users in line with applicable laws. Even if you are not in one of these states, we aim to give you similar control over your information. For example, even if not strictly required, we allow all users to access and delete personal data, not just those from specific states.

Exercising Your Rights: To exercise any of your rights, please contact us using the information in the Contact Us section below. Specify what you are requesting (e.g., data access, deletion, correction) and provide enough information for us to verify your identity (we may guide you through this if needed). We will respond within the timeframe required by law (usually within 30-45 days for access or deletion requests). There is no charge for making a request, although if you make repetitive or excessive requests, we may charge a reasonable fee or decline the request as allowed by law. If we cannot fulfill your request in part or in full (for example, due to a legal requirement or an exemption), we will inform you of the reason, unless prohibited from doing so.

Fraudulent Submissions and Spoofing Attempts

FasTrax POS takes fraud very seriously. If you attempt to submit false information, a fake ID, someone else’s ID, or use any spoofing technique (such as deepfake technology or masks) to trick our verification system, you are violating our terms and potentially the law. We use sophisticated tools (including AI-based fraud detection) to catch most fraudulent attempts, and we cooperate with authorities to prevent underage sales and identity fraud.

However, you should understand that no verification system can catch 100% of fraudulent IDs or spoofing attempts. By using our service, you acknowledge this fact. FasTrax POS is not liable for any consequences or damages arising from a fraudulent ID or impersonation attempt that is not detected by our system. In other words, if someone succeeds in bypassing the verification with a fake or stolen identity, we will do our best to investigate and prevent such incidents in the future, but we are not responsible for any harm resulting from that person’s actions.

Users who engage in fraud or spoofing assume full responsibility for their actions. If you attempt to defraud the system, you may be banned from using the service, and we reserve the right to report the incident (along with any relevant personal information you provided) to the affected business, law enforcement, or other authorities as appropriate. You may also be held legally accountable under relevant fraud and identity theft laws. You agree to indemnify FasTrax POS for any costs, losses, or legal claims that arise due to your fraudulent actions (see the “Indemnification” clause in our Terms of Use for more details on your responsibility in such cases).

Compliance with Applicable Laws

We abide by all relevant U.S. laws and regulations regarding privacy and data protection:

  • CCPA (California Consumer Privacy Act): As noted, if you are a California resident, you have specific rights, which we honor. We also provide the disclosures in this policy to meet CCPA requirements (such as listing the categories of data collected, which are Name, Address, Date of Birth, etc., under Identification Information; biometric data; contact info; and so on). We do not “sell” your personal information as defined under CCPA. If in the future we ever consider new uses of data that could be interpreted as a “sale” or sharing for behavioral advertising, we will update our practices and provide opt-out options in accordance with the law.
  • Biometric Information Laws: For any biometric data we collect (e.g., face scans, fingerprints), we comply with state laws such as the Illinois Biometric Information Privacy Act (BIPA) and similar statutes in other states. This means we inform you and obtain consent before collecting biometric identifiers, we use them only for verification purposes, we protect them as sensitive data, and we do not disclose or profit from them. We also adhere to required retention schedules: generally, biometric data will be permanently destroyed once the initial purpose has been satisfied or within 3 years of your last use of our service (whichever comes first), unless you consent to a shorter retention for convenience.
  • COPPA (Children’s Privacy): Our services are intended for adults (18+) and are used to prevent minors from accessing restricted products. We do not knowingly collect personal information from children under 13. In fact, if an individual is under the legal age required, they are not permitted to use our service. If we learn that we have inadvertently collected personal data from a person under 13, we will delete that information as quickly as possible. Parents or guardians who believe their child may have used our service or provided us personal data can contact us to request deletion.
  • Other State and Federal Laws: We follow other applicable laws, including consumer protection laws and regulations issued by agencies (for example, FTC guidelines on data protection). If certain states grant you additional rights or impose additional duties on us, we will comply. We also comply with financial privacy laws and identity theft prevention regulations to the extent our services fall under their scope. Our aim is to meet or exceed the standards of privacy protection across all jurisdictions in which we operate. If there is ever a conflict between applicable laws, we will honor the law that provides the greatest protection to the user’s data.

In summary, we are committed to operating within the bounds of the law and respecting the privacy rights of all users. If you have questions about how this Privacy Policy aligns with specific laws or your local jurisdiction’s requirements, please reach out to us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes to how we handle your personal information, we will notify you by updating the “Last Updated” date at the top of this policy and, if appropriate, provide a prominent notice (such as on our website or at a kiosk interface). We encourage you to review this policy periodically to stay informed about how we are protecting your information. If you continue to use our services after a Privacy Policy update, it means you acknowledge and agree to the revised policy. If you do not agree with any changes, you should stop using the services, and you may request that we delete your data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us. We are here to help and will respond as promptly as possible.

  • Email: info@ftxidentity.com
  • Mailing Address: FasTrax POS LLC – Privacy Department, P.O. Box 960, Rock Hill, NY 12775, USA
  • Phone: +1 (256) 319-3470 (you may call and ask for the privacy officer or leave a message regarding a privacy inquiry)

You may use the above contact information to exercise your rights (access, deletion, etc.) or to ask any questions about our data practices. We appreciate your trust in FasTrax POS and will do our utmost to honor that trust by handling your personal information with care and integrity.