Privacy Policy

Last Updated: 04 Feb 2026

Thank you for using BiodeHUB, which incorporates the BiodeHUB management console accessible at www.biodehub.com.au and the BiodeTIME mobile apps available for download from the Google and Apple app stores ("BiodeHUB", "Services"). We are committed to protecting your privacy and safeguarding your Personal Information. We understand the importance of keeping Personal Information private and secure. This Privacy Policy outlines how we collect, use, share, and protect your data when you use our services.

This Policy forms part of and is subject to our Terms of Use.  

Company Information and Privacy Contact

• Biode Pty Ltd (ABN 70 647 561 082) ("we", "us" or the "Company")
• Unit 9, 43 Station Avenue, Darra QLD 4076, Australia
• Email: biometricsupport@biode.com.au
• Phone: 1300 605 036

For any inquiries regarding your privacy or this Privacy Policy, please contact our Privacy Point of Contact at the email or phone number provided.

The Australian Privacy Principles 

We will treat all personal information in accordance with the obligations that are binding upon us under the Privacy Act 1988 (Cth) ("Privacy Act"). The Privacy Act sets out 13 key principles in relation to the collection and handling of Personal Information, which are called the "Australian Privacy Principles" ("APP").

Types of Data Collected

For the purpose of this Privacy Policy, Personal Information means information or an opinion, whether true or not and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable

Personal Information includes information relating to employees, contractors, and other end users of the Services whose data is uploaded to or generated within the Services by a customer that may be used to personally identify individuals, such as, but not limited to:

• Biometric Data
• Name and date of birth
• Contact details such as mobile phone number and email address
• Time and attendance records
• Other information collected, generated, or processed through the Services, including any combination of images obtained while using our Services
• Preferences and password / PIN for using our Services, and
• Any information that you otherwise share with us.

Location Information:

• Geolocation information (GPS data), including time and date, is collected during biometric identification at the point in time you use the BiodeTIME mobile app.
• You can manage and revoke access to location services through your device settings at any time. Revoking access to the location services will significantly reduce the BiodeTIME app's functionality, and geofenced access control and dynamic buttons will no longer be possible.
• We do not capture, track, or use location data at any time or for any purpose except as explicitly stated in this Privacy Policy.

Biometric Information:

Depending on the biometric devices in use at your organisation, the following biometric data may be collected.

• Face
• Fingerprint
• Iris

We will treat all biometric data collected in line with the Biometrics Institute's privacy guidelines.

Biode's face algorithms are trained using diverse biometric databases to ensure usability - I.e. accurately identifying people of different races, genders, ages, and ethnicities.

By using BiodeHUB, you consent to the collection and usage of Biometric data as described in this Privacy Policy.

Photos and Videos

BiodeHUB may request access to your PC's webcam, biometric device, or mobile phone camera to:

1. capture and store photos, which will be used as part of your user record.
2. capture and process video images for biometric identification. The video data is not retained after processing.

Image data is used solely for the intended BiodeHUB functionality and is not shared with any third parties unless explicitly stated in this Privacy Policy.

We do not access your camera or collect photos/videos without your explicit consent or outside the scope of BiodeHUB functionalities.

You can manage and revoke access to the mobile phone camera through your device settings at any time. Revoking access to the mobile phone camera will significantly reduce the BiodeTIME app's functionality, and biometric identification will no longer be possible.

By using BiodeHUB, you consent to the collection and usage of photos or videos as described in this Privacy Policy.

Transaction Information:

Biode will be collecting transaction log data, which includes the functionality of recording each transaction's timestamp, request headers and metadata, the output of any biometric liveness results, anti-spoof results, verification results, ISO compliance results, and at the customers' discretion, any combination of photos from the transactions – e.g. every photo, last photo, or no photo at all etc.

How we may collect Information

The Personal Information is collected whenever an authorised operator or user of the customer's BiodeHUB account creates, edits or updates a user's profile via the user's web browser on a PC, tablet, or mobile device.

In addition, the location (optional), biometric (optional), photo and video (optional), and transaction information is collected whenever an authorised user performs a biometric identification (which includes a biometric liveness check and image quality check) using the BiodeTIME mobile app or a biometric device. This data is securely stored on our servers, which also host the BiodeHUB website and face matching service. No Personal Information (including Face Data) is stored on the mobile device.

How we use the Information that we collect

The data we collect is solely for providing the BiodeHUB service. We collect and use the above-mentioned data to:

• Identify the person using biometric data (Optional - A User ID and PIN can be used instead)
• Provide the BiodeHUB Service, including certain features such as geofenced access control, validation of the user's location at the time of identification, and dynamic buttons.
• Improve our Services.
• Customise user experience.
• Communicate with users.
• Ensure app functionality.
• Allow us to manage your account, and for billing purposes.
• Analyse app usage and performance.
• Comply with legal obligations.

Only the customer's authorised users, which may include Biode's support personnel, who have direct access to the BiodeHUB platform can access the information.

IP addresses

We may also collect Internet Protocol (IP) addresses. IP addresses are assigned to computers or devices on the internet to uniquely identify them within the global network. The Company collects and manages IP addresses as part of providing the BiodeHUB service, such as connecting biometric devices and internet-connected relay devices. The Company may also collect and use web logs, computer, location, connection information and technical data (which may include IP address, the types of devices you are using to access the platform, device attributes, browser type, language and operating system) for security purposes and to help prevent and detect any misuse of, or fraudulent activities involving this platform.

Cookies

We may use "cookies" to help personalise your online experience. A cookie is a text file or a packet of information that is placed on the user’s device by a web page server to identify and interact more effectively with the user's device. There are two types of cookies we may use: a persistent cookie and a session cookie.

A persistent cookie is entered by the user’s web browser into the "Cookies" folder on the user’s device, remains in that folder after the browser is closed, and may be used by the browser on subsequent visits.

A session cookie is stored temporarily in the user’s device memory and is deleted after the browser is closed or the device is shut down.

Cookies cannot be used to run programs. Cookies are uniquely assigned to each user and can only be read by a web server in the domain that issued the cookie to the end user.

In some cases, cookies may collect and store Personal Information about the user. The Company extends the same privacy protection to the user's data or Personal Information, whether gathered via cookies or from other sources.

The user can configure their internet browser to accept all cookies, reject all cookies, or notify them when a cookie is sent. Most web browsers automatically accept cookies, but the user can usually modify their browser settings to decline cookies if they prefer. If a user declines cookies, they may not be able to use BiodeHUB.

Why we use cookies

BiodeHUB uses cookies in order to:

• remember the user’s preferences for using our Services;
• recognise users as logged in while they remain so. This avoids users from having to log in again every time they visit a new page;
• remember details of data that users choose to submit to us (eg. images).

Many of these cookies are removed or cleared when users log out, but some may remain so that the user’s preferences are remembered for future sessions.

Data Sharing

In order to deliver BiodeHUB, or for any other purpose set out in this Policy, the Company may disclose Personal Information to organisations outside the Company. Personal Information may be disclosed to these organisations only in relation to BiodeHUB, and the Company takes reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your Personal Information. These organisations may carry out or provide:

• customer support enquiries;
• information technology services; and
• platform usage analysis.

In addition, we may disclose Personal Information to:

• a user’s authorised representatives or legal advisers (when requested by the user to do so);
• identity data validation providers;
• government and regulatory authorities and other organisations, as required or authorised by law;
• our IT service providers, payment system operators, messaging service providers, data storage, webhosting and server providers, security vendors and maintenance or problem-solving providers;
• persons the user may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances;
• the police or other appropriate persons, where user communication suggests possible illegal activity or harm to others.

Secure Data Handling

We are committed to maintaining the confidentiality of the Personal Information provided to us. We will take all reasonable precautions to protect Personal Information from unauthorised use or alteration.

Personal Information we collect is stored in an SQL database in our BiodeHUB data centres in Australia. We employ industry-standard security measures to protect personal and sensitive user data against unauthorised access, alteration, disclosure, or destruction.

All website traffic is secured by HTTPS.

Data Retention and Deletion

User Data (excluding Face Data)

We retain user data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. At the end of any retention period, user data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning). In some circumstances, users can ask us to delete their data by contacting our Privacy Point of Contact.

Biometric Data

We retain Biometric Data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Users can ask for their Biometric Data to be deleted. Biometric Data will be removed as per the following:

• The user has contacted Biode's Privacy Point of Contact and requested their Biometric Data to be deleted. This will result in an authorised operator of Biode manually deleting the data.
• The user requests their employer to remove their Biometric Data. This will result in the employer's authorised operator manually deleting the data.
• The user is deactivated by the employer. Deactivation automatically deletes the user's Biometric Data.
• The user is inactive for a period of 1 year.
• The user's employer's subscription has been suspended/cancelled for longer than 3 months.

In some cases, we may refuse to delete a user's Personal Information. This may include circumstances where doing so would:

• be unlawful (e.g., where a record that contains Personal Information about users is subject to a claim for legal professional privilege by one of our contractual counterparties, or 

• contravene the rights or obligations of our customer (e.g. where a record that contains Personal Information about users is subject to mandatory record-keeping obligations of our customer).

If we refuse to delete a user’s Personal Information, we will provide them with reasons for our refusal.

We cannot guarantee the security of any information transmitted to or by us over the internet. The transmission and exchange of information is carried out at the user's own risk.

Likewise, we take all reasonable measures to ensure the security of hard-copy Personal Information.

Consent

By using BiodeHUB, you consent to the collection, use, and sharing of your Personal Information as described in this Privacy Policy.

Contacting us about privacy

If users would like more information about how we manage the Personal Information we hold about them, or are concerned that we may have breached users' privacy, please contact us by email to biometricsupport@biode.com.au or by post.

Access to user's personal information 

In most cases, users may have access to the Personal Information we hold about them. We will handle requests for access to users' Personal Information in accordance with the Australian Privacy Principles.

All requests for access to a user’s Personal Information must be directed to the Privacy Officer by email using the email address provided above or by writing to us at our postal address. We will deal with all requests for access to Personal Information as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time before a response can be given. We may charge users a fee for access if a cost is incurred by us in order to retrieve user's information, but in no case will we charge users a fee to apply for access to their information

In some cases, we may refuse to give users access to Personal Information we hold about them.

This may include circumstances where giving users access would:

• be unlawful (e.g., where a record that contains Personal Information about users is subject to a claim for legal professional privilege by one of our contractual counterparties);
• have an unreasonable impact on another person's privacy; or 
• prejudice an investigation of unlawful activity.

We may also refuse access where the Personal Information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings.

If we refuse to give users access, we will provide them with reasons for our refusal.

Correcting a user's personal information 

We will amend any Personal Information we hold about a user that is inaccurate, incomplete, or out of date, upon request. If a user asks us to note that they disagree with the accuracy, completeness, or currency of their Personal Information that we hold, and we do not agree that the information is incorrect, we will take reasonable steps to associate the user’s statement of disagreement with the relevant record.

Complaints

If users have a complaint about how we have handled any privacy issue, including users' requests for access or correction of their Personal Information, users should contact us. Our contact details are set out above.

We will consider a user's complaint and determine whether it requires further investigation. We will notify users of the outcome of this investigation and any subsequent internal investigation.

If users remain unsatisfied with how we have handled a privacy issue, they may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action.

Keeping user's information up-to-date

To ensure that users' Personal Information is accurate and up to date, please promptly advise us of any changes to users' information by contacting our Privacy Officer by email at biometricsupport@biode.com.au or by post.

Changes to this Privacy Policy 

From time to time, it may be necessary for us to revise this Privacy Policy. Any changes will be in accordance with any applicable requirements under the Privacy Act and the Australian Privacy Principles, and an updated version of the Privacy Policy will be posted on this platform with a revised "Last Updated" date.

* * * *

If users require any further information about the Privacy Act and the Australian Privacy Principles, they can visit the Federal Privacy Commissioner's website (see www.privacy.gov.au).

Clear Labeling

This document is labelled as a "Privacy Policy" to ensure transparency and accessibility.

Your continued use of BiodeHUB following any changes to this Privacy Policy constitutes acceptance of those changes