Home / Privacy Policy

Privacy Policy

Last updated: 28 June 2026

1. About us and this policy

eaglecheck (“we”, “us”, “our”) provides face- and image-verification technology (the “Service”), available through our website, our interactive demo, and our verification API. We are committed to protecting your privacy and to handling personal information in accordance with the Privacy Act 1988 (Cth)(the “Privacy Act”) and the Australian Privacy Principles (APPs).

This policy explains what personal information we collect, how and why we collect, hold, use and disclose it, how we keep it secure, and how you can access, correct or complain about it. By using our website, demo or Service, you agree to the handling of your information as described here.

2. Personal, sensitive and biometric information

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Sensitive information is a special category that receives a higher level of protection and includes biometric information that is to be used for the purpose of automated biometric verification or identification, and biometric templates. We treat images and video of your face, and the biometric data derived from them, as sensitive information.

3. The information we collect

Depending on how you interact with us, we may collect:

  • Biometric information (sensitive): images or video of your face captured from your camera or uploaded by you, and the data derived from them, such as an estimated age range, a liveness score, a face-match score, and detected attributes.
  • Identity and contact information: your name, email address, phone number, organisation and role, when you contact us, request a demo or enquire.
  • Account and billing information: if you hold an account, your username, credentials, configuration, usage records and billing contact details.
  • Technical and usage information: IP address, device and browser type, operating system, the pages you visit, timestamps and referring URLs, collected through server logs and aggregate, cookieless analytics.
  • Information from our business customers: where a customer uses the Service to verify individuals, we process those individuals’ images and related information on the customer’s behalf and on its instructions.

4. How we collect it

  • Directly from you: when you use the demo (via your camera or an upload), contact us, request a demo, or register.
  • From our business customers: who submit end-users’ images to the Service for a check.
  • Automatically: through your use of our website, via server logs and aggregate analytics.

We collect sensitive and biometric information only by lawful and fair means and, as set out below, with consent.

5. Why we collect, hold, use and disclose it

  • To perform the verification checks you or our customers request (such as age, liveness, face matching and detection) and return the results.
  • To operate, secure, maintain, troubleshoot and improve the Service and website.
  • To respond to your enquiries and provide demonstrations and support.
  • To manage accounts, configuration and billing.
  • To comply with our legal obligations and enforce our terms.

We do not use biometric information for any purpose other than performing the requested check.

6. Consent

We collect sensitive information, including biometric information, only with your consentand where it is reasonably necessary for our functions. In the demo, we ask for your consent before the camera is used. Providing this information is voluntary; you may decline, or withdraw your consent at any time by stopping the check or contacting us, although we may then be unable to provide the check. Where we process information on behalf of a business customer, that customer is responsible for obtaining the individual’s consent and providing any required notice.

7. How we use and disclose information

  • Service providers: trusted providers that host and process the Service on our behalf (for example, Amazon Web Services for cloud infrastructure, and Cloudflare for DNS and analytics), under contract and only to the extent necessary.
  • Business customers: results of a check are returned to the customer that requested it.
  • Legal and safety: where required or authorised by law, to enforce our terms, or to protect the rights, property or safety of any person.
  • Business transfers: in connection with a sale, merger or restructure of our business, subject to appropriate protections.

We do not sell your personal information, and we do not disclose it to third parties for their own direct marketing.

8. Overseas disclosure

Our verification checks run primarily on cloud infrastructure located in Australia. The liveness check is the exception: it is processed by a cloud service located overseas (Japan), so when you run a liveness check your video is disclosed to that overseas service. By consenting to the liveness check you consent to this overseas disclosure. You acknowledge that, where you consent to an overseas disclosure, APP 8.1 may not apply and we may not be accountable under the Privacy Act for how the overseas recipient handles your information, although we take reasonable steps to ensure it is handled consistently with the APPs. We also use global providers for content delivery and analytics — Amazon CloudFront and Cloudflare — which may process limited technical information, such as your IP address, outside Australia, including in the United States.

9. Direct marketing

We may send you information about our products and services where you would reasonably expect it or where you have agreed. Every marketing message contains a simple way to opt out, and you can opt out at any time by contacting us. We do not use sensitive or biometric information for direct marketing.

10. Keeping information accurate

We take reasonable steps to ensure the personal information we hold is accurate, up to date, complete and relevant. Please tell us if your details change so we can keep our records current.

11. Security, storage and retention

  • Security: we protect personal information with encryption in transit and at rest, access controls, monitoring, and contractual safeguards on our providers.
  • Data minimisation and no retention of biometrics: for the demo and for age, liveness and match checks, face images and video are processed to produce the result and then discarded; we do not retain them.
  • Retention of other information: we keep other personal information only for as long as it is needed for the purposes described above or as required by law — generally, enquiry and contact information for up to 24 months after our last interaction, account and billing records for the duration of the relationship and then up to 7 years to meet tax and record-keeping obligations, and server logs for approximately 12 months — after which we destroy or de-identify it.

No method of transmission or storage is completely secure, and while we take reasonable steps to protect your information we cannot guarantee absolute security.

12. Automated processing and decisions

Our checks produce results using automated processing (for example an estimated age range, or a liveness or face-match score). We do not use these results to make decisions that have a legal or similarly significant effect on you. Our business customers configure the thresholds and decide how to act on a result, and may instead take the underlying data and make the decision themselves. In the demo, results are shown to you for demonstration only and are not used to make any decision about you. Where a customer uses a result to make a decision about an individual, the customer is responsible for any human review, explanation or other safeguard required by law.

13. Cookies and analytics

To understand, in aggregate, how our website is used so we can improve it, we use Cloudflare Web Analytics — a privacy-focused, cookieless tool that does not use tracking cookies, does not track you across other websites, and does not build a profile of you. We do not use advertising or third-party tracking cookies. Our interactive demo uses only the functional browser storage needed to run the check in your browser. You can control or delete site data through your browser settings; disabling some of it may affect how the site works.

14. Children and young people

Age verification may involve information about young people. We handle such information with particular care and do not retain it. Our website and demo are intended for adults: you must be at least 18 to use the demo, and we do not knowingly collect biometric information from people under 18 without appropriate parental or guardian consent. Where our customers use the Service for age verification involving young people, the customer is responsible for the lawful basis and any consents required.

15. Accessing and correcting your information

You may request access to, or correction of, the personal information we hold about you (APPs 12 and 13). To make a request, contact our Privacy Officer at privacy@eaglecheck.com.au. We will respond within a reasonable period (generally 30 days) and may need to verify your identity first. In some cases we may charge a reasonable cost for providing access, and if we refuse a request we will explain why and how you can complain.

16. Complaints

If you have a concern or complaint about how we have handled your personal information, please contact our Privacy Officer at privacy@eaglecheck.com.au. We will acknowledge your complaint, investigate it, and aim to resolve it promptly. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC): oaic.gov.au, phone 1300 363 992, or GPO Box 5288, Sydney NSW 2001.

17. Data breaches

If a data breach involving your personal information is likely to result in serious harm, we will notify you and the OAIC as required by the Notifiable Data Breaches scheme, and take steps to contain and remediate the breach.

18. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites; please review their privacy policies.

19. Changes to this policy

We may update this policy from time to time. The current version is always available on this page, with the “last updated” date shown above. Where changes are material we will take reasonable steps to notify you; otherwise changes take effect when posted.

20. Contact us

Privacy Officer, eaglecheck · privacy@eaglecheck.com.au