Biometric Data Privacy Policy

Date of Last Revision: July 22, 2025

INTRODUCTION

This Biometric Data Privacy Policy (the “Policy”) applies to users in the United States who use or access SheMed’s services (“Services”) where this Policy is referenced or linked. This Policy is intended to comply with applicable biometric privacy laws, including, but not limited to, those in Illinois, Texas, and Washington.

In addition to the information in our Privacy Policy, we want to help you better understand how SheMed, LLC, and its US subsidiaries, including SheMed US, LLC (together, “SheMed,” “we” or “ours”) collect and treat biometric information.

SheMed is committed to protecting your privacy, including your Biometric Data. Where permitted by law, and in connection with providing the Services, SheMed and certain of our service providers may use identity verification technologies through ID scanning, facial recognition and voice processing technology to confirm your identity and safeguard personal information as part of our security, compliance, and fraud prevention efforts.

This Policy describes how SheMed and its authorized service providers treat data from photos/videos (including audio recordings) of you and your identity documents captured via your device camera or otherwise uploaded, including data that may be construed as a scan of face geometry or voiceprint extracted from such images/videos of you and your identity documents submitted to the Services (“Scan Data”) and information, regardless of how it is captured, converted, stored, or shared, based on your Scan Data that is used to identify you (“Scan Information”). Scan Data and Scan Information (collectively, “Biometric Data”) may be considered to be biometric identifiers or biometric information by applicable biometric privacy laws.

This Biometric Data Privacy Policy should be read in conjunction with our Privacy Policy and our Terms of Use. If there is any conflict between those documents and this Policy, the terms of this Policy will prevail with respect to biometric data.

WHAT WE COLLECT

Some Services do not require biometric data. However, when required for identity verification or fraud prevention, SheMed and its authorized service providers may collect the following:

• Images and Video: Selfies or videos captured using your device camera or uploaded by you.

• Government-issued ID: Images of the front and back of your ID, including the embedded photo and ID number.

• Biometric Data: Facial geometry or voiceprints extracted from your selfie, video, or voice recording.

• Device and Technical Data: IP address, location, or other device-related identifiers.

PURPOSES

We use biometric data only for the following purposes:

• To verify your identity and authenticate your access to our Services;

• To detect and prevent identity theft or fraud;

• To assess whether ID documents are authentic or manipulated;

• To improve or develop our identity verification services, where permitted by law;

• To comply with applicable laws and regulations.

We do not use biometric data for marketing, personalization, or profiling.

NOTIFICATIONS

You will be asked whether you consent to the use of your Biometric Data as described above. If you do not consent, SheMed will not extract Biometric Data from your photos/videos or audio recordings, process your Biometric Data, or verify or authenticate your identity. Please note that certain Services require biometric identity verification to function. If you choose not to consent, you will not be able to access those specific Services.

SHARING AND DISCLOSURE OF BIOMETRIC DATA

Unless otherwise required by law, your biometric data is accessible only to us and our authorized service providers, which process your data only on our behalf to accomplish the purposes above. We do not share biometric data with any other third parties unless required by law. We do not sell, lease, trade or otherwise profit from the Biometric Data. We may disclose your biometric data to our authorized service providers or third parties if:

• You or your authorized representative consent to the disclosure (for example, by selecting checking the consent box (or similar button) to verify identity using a photo of yourself and/or a ID);

• the disclosure completes a financial transaction requested or authorized by you or your authorized representative;

• the disclosure is required pursuant to a valid warrant, subpoena, or court order issued by a court of competent jurisdiction; or

• the disclosure is required by law.

RETENTION AND DESTRUCTION

SheMed along with our service providers will only retain Biometric for as long as necessary to fulfill the above purposes. Unless a shorter period is specified, we will:

• Retain biometric data for no longer than 365 days after submission, or until the purpose has been fulfilled, whichever comes first;

• Retain ID images and videos for up to three (3) years from the date of submission.

Permanently delete or destroy data once the applicable retention period ends, unless we are legally required to retain it longer.

SheMed is committed to transparency, data privacy, and compliance. This Policy may be updated from time to time to reflect changes in our practices or applicable law. We will post updates on our website with a revised effective date.

For any questions regarding SheMed’s use of biometric data or other privacy inquiries, please message us through our website or contact us at:

Privacy Officer
SheMed, LLC
990 Biscayne Boulevard, Suite 1501
Miami, Florida 33132
Email: privacy@shemed.com

If you have a complaint, you must submit your complaint in writing to:

Compliance Officer
SheMed, LLC
990 Biscalyne Boulevard, Suit 1501
Miami, Florida 33132
Email: compliance@shemed.com