Biometric Data Retention & Destruction Policy

Purpose of this policy: This Biometric Data Retention and Destruction Policy is published in compliance with the Illinois Biometric Information Privacy Act (740 ILCS 14/15(a)) and serves as the publicly available, written policy of Simple Tech, LLC d/b/a BellaBear regarding the collection, retention, and destruction of biometric data.

1. What Biometric Data We Collect

BellaBear collects the following biometric data:

Biometric Data Type	Description
Voice Recordings	Audio recordings of adults reading aloud (typically 5-10 minutes), used as the source material for creating a voice model
Voiceprints / Voice Models	Digital representations of voice characteristics derived from the voice recording, used to synthesize narration that resembles the recorded voice

We do NOT collect biometric data from children. Only adults (parents, guardians, grandparents, or other family members) provide voice recordings, and each must provide individual written consent.

2. Purpose of Collection

Biometric data is collected for a single, specific purpose: creating voice models for personalized bedtime story narration within the BellaBear service.

Biometric data is never used for:

Identity verification or authentication
Surveillance or tracking
Advertising or marketing
Training AI models
Any purpose other than story narration

3. Consent

Before collecting any biometric data, BellaBear obtains informed, written consent from each individual whose voice is recorded. The consent process includes:

A clear explanation of the biometric data being collected
The specific purpose for collection (story narration)
The duration of storage
Disclosure of third-party processing (Fish Audio)
Acknowledgment of the right to revoke consent at any time

Each person must sign their own consent. A subscribing parent cannot consent on behalf of other adults.

4. Retention Schedule

Retention rules:
Active accounts: Voice recordings and voice models are retained for as long as the individual's consent remains active and the associated account exists.
Maximum retention: Biometric data will not be retained for longer than 3 years from the date of last account activity, even if the account has not been explicitly deleted.
After consent revocation: Deleted within 30 days of the revocation request.
After account deletion: Deleted within 30 days of account deletion.

The retention period is determined by whichever of the following occurs first:

Trigger Event	Destruction Deadline
Individual revokes voice consent	Within 30 days of revocation
Account holder deletes their account	Within 30 days of account deletion
3 years pass since last account activity	Within 30 days of the 3-year mark
Purpose for collection is satisfied or no longer relevant	Within 30 days

5. Destruction Method

When biometric data reaches the end of its retention period, BellaBear will permanently destroy it using the following process:

Primary storage deletion: Voice recordings and voice models are permanently deleted from Azure Blob Storage (our primary cloud storage provider).
Third-party deletion: Fish Audio (our TTS provider) is instructed to delete all associated voice data and voice models under the terms of our Data Processing Agreement.
Backup deletion: Voice data is purged from all backup systems within the 30-day destruction window.
Verification: Deletion is verified programmatically and logged.
Confirmation: The individual is notified via email that their biometric data has been permanently destroyed.

Destruction standard: Biometric data is permanently deleted such that it cannot be recovered, reconstructed, or re-identified. This includes removal from all production databases, backup systems, and third-party processors.

6. Third-Party Disclosures

Biometric data is disclosed to the following third party for processing purposes only:

Provider	Data Shared	Purpose	Protection
Fish Audio	Voice recordings	Voice model creation and text-to-speech synthesis	Data Processing Agreement (DPA) requiring equivalent security measures and deletion upon instruction

Biometric data is never sold, leased, traded, or otherwise profited from. It is never disclosed to any party other than Fish Audio, and only for the purpose stated above.

7. Data Security

Biometric data is protected by:

AES-256 encryption at rest in Azure Blob Storage
TLS 1.3 encryption for all data in transit
Role-based access controls with principle of least privilege
Regular security audits and access reviews
Voice recordings are never stored on local servers or personal devices

8. How to Request Destruction

Any individual whose biometric data has been collected may request its destruction at any time by:

Using the "Delete My Voice" option in account settings
Emailing [email protected] with the subject line "Biometric Data Deletion Request"

We will acknowledge the request within 5 business days and complete destruction within 30 days. You will receive email confirmation when destruction is complete.

9. Contact Information

For questions about this policy, your biometric data, or to submit a deletion request:

Email: [email protected]
Mail: Simple Tech, LLC, Attn: Biometric Data Policy, Pennsylvania

10. Policy Updates

This policy will be reviewed and updated as needed. Material changes will be communicated via email to all individuals whose biometric data we hold. The "Last updated" date at the top reflects the most recent revision.