Back to Home

Biometric Information Retention & Destruction Policy

Effective Date: January 20, 2026

This Biometric Information Retention & Destruction Policy (the "Policy") describes how Melochora LLC ("Company," "we," "us," or "our") retains and destroys biometric information and biometric identifiers that may be collected or derived in connection with the Expert Avatar platform and our Services.

This Policy is intended to satisfy applicable biometric privacy laws, including the Illinois Biometric Information Privacy Act (“BIPA”), and similar laws in other jurisdictions, to the extent they apply.

1. Scope

This Policy applies to biometric information, biometric identifiers, and biometric data derived from voice recordings that we collect or process to provide the Services, including voice cloning functionality.

2. What We Collect / What Counts as “Biometric”

Depending on the technology used, we may collect or create:

  • Audio recordings of an individual’s voice provided during interviews or voice cloning flows; and
  • Biometric identifiers or biometric information derived from that voice data, such as a voiceprint or similar voice model/embedding used to generate a synthetic voice (“Cloned Voice Data”).

We do not use biometric data for identity verification, surveillance, or law enforcement purposes.

3. Purpose of Collection and Use

We collect and use biometric data solely to:

  • Create, operate, and maintain an Expert’s Cloned Voice and related avatar features; and
  • Provide and improve the functionality, safety, and reliability of the Services (for example, debugging, security, and performance improvements).

4. Consent

We collect and process biometric data only after obtaining explicit, affirmative consent. Consent is captured through an in-product confirmation (e.g., a required checkbox) each time a user initiates voice cloning. We maintain logs evidencing consent, including timestamp, clone id, and consent version.

5. Retention Schedule

We retain biometric data only for as long as reasonably necessary to fulfill the purposes described above, unless a longer period is required or permitted by law.

5.1 Active Account

We retain voice recordings and Cloned Voice Data while the Expert’s account remains active and the Cloned Voice feature is enabled/available.

5.2 Account Deletion / Termination

When an Expert deletes their account, we delete biometric data from our active systems and schedule it for deletion from backup systems.

5.3 Backups and Residual Copies

Residual copies may persist in encrypted backups, disaster recovery systems, or logs for up to thirty (30) days after deletion/termination, after which they are automatically overwritten or deleted in the ordinary course.

6. Destruction (How We Delete)

Upon account deletion/termination (subject to the exceptions below), we destroy biometric data by deleting it from our active production systems and ensuring it is removed from backups pursuant to the backup retention schedule described above. Destruction may include deletion of:

  • Stored voice recordings associated with voice cloning;
  • Stored Cloned Voice Data (e.g., voiceprints/embeddings/models used for synthesis); and
  • Related identifiers used to access or operate the Cloned Voice.

7. Limited Exceptions (Legal, Security, and Disputes)

We may retain certain records for longer than the periods described above only to the extent necessary for:

  • Compliance with law or valid legal process;
  • Fraud prevention, security investigations, and abuse prevention; or
  • Establishing, exercising, or defending legal claims (including litigation holds).

When an exception applies, we will limit access and retention to what is reasonably necessary for the applicable purpose.

8. Service Providers (“Vendors”) and Flowdown Requirements

We use third-party service providers to support voice processing and related Services. When biometric data is processed by service providers on our behalf, we require contractual protections appropriate to the sensitivity of the data, which may include:

  • Restrictions that the provider may process biometric data only to provide services to us and not for unrelated purposes;
  • Confidentiality and security obligations;
  • Appropriate retention limits and deletion obligations; and
  • Access controls and incident notification obligations.

However, some third-party providers may, under their own terms, retain or use data processed through their services to improve their systems. We disclose this in our Privacy Policy. Where possible, we seek to minimize this risk through vendor selection, configuration, and contractual terms.

9. Updates to This Policy

We may update this Policy from time to time. If we make material changes, we will update the effective date and provide notice as required by law.

10. Contact

Questions about this Policy can be directed to:

Email: support@melochora.com

Mail:
Melochora LLC
2108 N ST #7813
Sacramento, CA 95816
USA

Color scheme toggle