Skip to main content

FT-I-1 — Biometric image data (selfie) persisted beyond processing

Component: Biometric Verification. Mitigations: FaceTec SDK responsible for storage; facetec-api is stateless for image data. Action: Confirm FaceTec data retention policy; document data processing agreement

PropertyValue
SectionInformation Disclosure
Ownerplatform

Mapped Controls

ControlTitle
SID-DATA-01SD-JWT Selective Disclosure
SID-PRIV-01Minimal Disclosure Enforcement

Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md