Privacy First

Privacy First. By Architecture, Not By Policy.

Biometric data never leaves the device. This is not a configuration option or a policy promise — it is an architectural decision enforced by hardware.

Try Polyguard

How Data Flows

From biometric capture to Transaction Affidavit — what stays on-device and what gets transmitted.

Capture On-device camera 1 Secure Enclave On-device processing 2 Biometrics never leave Sign & Emit JWKS-signed token 3 Verify Token only, no biometrics 4 Signed tokens transmitted Raw biometrics never sent
1

Biometric Capture

Real-time facial recognition runs on Polyguard Mobile. 3D depth analysis, liveness confirmation, and biometric matching all execute on the device processor.

On-Device Only
2

Cryptographic Signing

Verification results are signed using a private key stored in the device's secure enclave (Apple Secure Enclave / Android StrongBox). The key never leaves the hardware.

On-Device Only
3

Token Transmission

A signed attestation token is transmitted to Polyguard's backend. It contains the verification result, confidence score, and cryptographic signature — but no raw biometric data, no photos, no templates.

Transmitted (No Biometrics)
4

Transaction Affidavit

The signed attestation is recorded in an immutable Transaction Affidavit. Geographic region (not precise coordinates), device attestation key IDs, and confidence scores are included. Raw biometric data is not.

Stored (No Biometrics)

On-Device Processing

Everything sensitive happens on the device. Nothing sensitive leaves it. This is least-privilege architecture — Polyguard accesses only what is needed, when it is needed, and nothing more.

Facial Recognition

ML models run entirely on Polyguard Mobile. Biometric templates are created, compared, and discarded on the device. They are never uploaded to any server.

Secure Enclave Keys

Cryptographic private keys are generated and stored in the device's hardware secure enclave. They cannot be exported, copied, or accessed by any software — including Polyguard.

Biometric Isolation

Biometric data exists only in device memory during active verification. No biometric database exists on any Polyguard server. There is nothing to breach.

Zero Trust Attestation Model

Attestations are signed on-device and independently verifiable. You do not need to trust Polyguard — you can verify the cryptography yourself. No bots join your meetings. No recordings are made. No biometric data is stored on any server. This is zero trust verification: every claim is cryptographically provable, and nothing is taken on faith.

Public Keys (JWKS)

Public keys are published at polyguard.ai/.well-known/jwks.json following the JSON Web Key Set standard. Any party can retrieve these keys and independently verify attestation signatures.

Private Keys (Hardware Enclave)

Corresponding private keys reside in each device's hardware secure enclave. They are generated on the device, used for signing on the device, and never leave the device. Not even Polyguard has access to them.

Independent Verification

Every attestation in a Transaction Affidavit can be independently verified by downloading the JWKS public keys and checking the cryptographic signatures. The verification is deterministic and does not require contacting Polyguard.

Regulatory Alignment

Privacy First, least-privilege architecture satisfies the strictest biometric privacy regulations by design — not through configuration.

Regulation Requirement How Polyguard Complies
BIPA Biometric data must not be collected or stored without consent; strict data retention limits. No biometric data exists on Polyguard servers. All biometric processing occurs on-device. There is no server-side biometric data to collect, store, or retain.
GDPR Data minimization; special category data (biometrics) requires explicit legal basis. Data minimization by architecture. Only verification results (not biometric data) are transmitted. The principle of least data is enforced structurally, not administratively.
CCPA Right to know what data is collected; prohibition on sale of personal information. No biometric data is collected on servers, so there is nothing to disclose, sell, or delete. Transaction Affidavits contain verification results, not personal biometric data.
SOC 2 Type II Independent audit of security, availability, and processing integrity controls. Polyguard holds a current, unqualified SOC 2 Type II opinion. Controls have been independently audited and verified.

What Transaction Affidavits Contain

Designed to prove verification without exposing private data.

Included

  • Verification factors completed (person, document, device, location)
  • Timestamps for each verification event
  • Geographic region (e.g., US-NY, CA-ON)
  • Device attestation key IDs
  • Biometric confidence score (e.g., 98.37%)
  • Cryptographic signatures (independently verifiable)

Never Included

  • Raw biometric data or templates
  • Identity Document #s or dates
  • Precise GPS coordinates
  • Unnecessary personally identifiable information

See How Privacy First Works

Access the Polyguard sandbox and see on-device verification, zero trust attestation, and Transaction Affidavits in action.

Try Polyguard