Terms of Service
Our full Terms of Service are being finalized. The Biometric Data & Image Clone Policy below governs the photos and models behind your Image Clone and applies today.
Biometric Data & Image Clone Policy
CloneIQ operates an AI-powered platform (the “Platform”) that enables users to create a personalized AI image model (“Image Clone”) derived from photos they upload. Because those photos constitute biometric data under applicable law, CloneIQ has adopted this Biometric Data & Image Clone Policy (this “Policy”) to explain, in plain language, exactly how we collect, use, store, protect, and delete that data.
1. Policy Application
This Policy applies to:
- All users who create or attempt to create an Image Clone on the Platform, regardless of their location;
- All employees, contractors, and service providers who access, process, or handle biometric data on behalf of CloneIQ; and
- All systems, databases, and third-party processors that CloneIQ engages to provide the Image Clone feature.
This Policy supplements CloneIQ’s general Privacy Policy and Terms of Service. In the event of a conflict, this Policy controls with respect to biometric data.
2. What Is Biometric Data?
For purposes of this Policy, “biometric data” means any data derived from photos that identifies or could be used to identify an individual based on their physical characteristics. This includes:
- Photos and images you upload to the Platform;
- Facial geometry, facial feature maps, and other facial recognition data extracted or derived from those photos; and
- The trained AI model (your Image Clone) generated from those inputs.
Biometric data is distinct from general personal data because it cannot be changed if compromised. CloneIQ treats it with heightened care accordingly.
3. Legal Basis for Processing
CloneIQ processes your biometric data solely on the basis of your freely given, specific, informed, and unambiguous consent, obtained at the point of upload through our Image Clone consent screen. You may withdraw that consent at any time as described in Section 8. Depending on your location, additional or overlapping legal frameworks may apply:
3.1 Illinois — Biometric Information Privacy Act (BIPA)
If you are an Illinois resident, CloneIQ complies with the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”). Specifically:
- Written Policy: We maintain and make publicly available this written policy establishing our retention schedule and guidelines for permanently destroying biometric data.
- Written Release: We obtain your written, informed consent prior to collecting or processing your biometric data.
- No Sale or Profit: CloneIQ does not sell, lease, trade, or otherwise profit from your biometric data.
- Limited Disclosure: We do not disclose or disseminate your biometric data to third parties except as described in Section 6 (Service Providers) or as required by law.
- Retention & Destruction: We permanently destroy biometric data within the timeframes set forth in Section 7.
Illinois residents have the right to bring a civil action for violations of BIPA, including statutory damages of $1,000 per negligent violation and $5,000 per intentional or reckless violation.
3.2 European Economic Area (EEA) and United Kingdom — GDPR / UK GDPR
If you are located in the EEA or the United Kingdom, your biometric data constitutes a “special category” of personal data under Article 9 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the UK GDPR. CloneIQ processes this data exclusively on the basis of your explicit consent under Article 9(2)(a). As a data subject under GDPR/UK GDPR, you have the following rights:
- Right of Access (Art. 15): You may request a copy of all biometric data we hold about you.
- Right to Rectification (Art. 16): You may request correction of inaccurate data.
- Right to Erasure (Art. 17): You may request permanent deletion of your biometric data at any time.
- Right to Restriction (Art. 18): You may request that we restrict processing of your data.
- Right to Data Portability (Art. 20): You may request your data in a structured, machine-readable format.
- Right to Withdraw Consent (Art. 7(3)): You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
- Right to Lodge a Complaint:You have the right to lodge a complaint with your local supervisory authority. For EEA residents, this is your national data protection authority. For UK residents, this is the Information Commissioner’s Office (ICO), reachable at ico.org.uk.
CloneIQ’s Data Protection Officer (DPO) can be reached at: compliance@ugenticai.com.
3.3 Other U.S. State Laws
Texas, Washington, and a growing number of other U.S. states have enacted biometric privacy statutes. Where applicable, CloneIQ’s practices — including written consent, no sale of biometric data, and timely destruction — are designed to comply with those frameworks. California residents should also refer to CloneIQ’s CCPA/CPRA disclosures, available at /legal/privacy.
4. How We Collect Your Biometric Data
CloneIQ collects biometric data only through one mechanism: the Image Clone onboarding flow, which requires your affirmative consent before upload begins. We do not collect biometric data passively, through tracking pixels, or from third-party sources. Specifically:
- You upload 20–30 photos through the Platform interface after completing the consent step.
- Our systems process those photos to extract facial geometry and train your personal Image Clone model.
- The resulting model is stored in your account and used solely to generate images at your direction.
5. How We Use Your Biometric Data
CloneIQ uses your biometric data for one purpose only: to create and operate your Image Clone so you can generate AI images of yourself. We do not use your biometric data for any of the following:
- Training general-purpose AI models or any model other than your personal Image Clone;
- Identifying you in other contexts or across other platforms;
- Advertising, marketing, or analytics targeting;
- Sale, lease, or licensing to any third party; or
- Any purpose not explicitly described in this Policy.
If CloneIQ ever seeks to use your biometric data for a new or different purpose, we will obtain fresh, specific consent before doing so.
6. Disclosure to Third Parties
CloneIQ does not sell or license your biometric data. We may disclose it only in the following limited circumstances:
- Service Providers: We engage third-party cloud infrastructure and AI model training providers who process data on our behalf under written data processing agreements that prohibit use for any purpose other than providing services to CloneIQ. Current categories of providers include cloud hosting, model training compute, and secure storage.
- Legal Compliance: We may disclose biometric data if required to do so by a court order, subpoena, or applicable law, provided we give you advance notice where legally permitted.
- Business Transfers: In the event of a merger, acquisition, or sale of substantially all assets, your biometric data will be subject to the same protections under this Policy and we will notify you before any transfer occurs.
We require all third-party processors to maintain security standards at least as protective as those described in Section 9.
7. Retention and Destruction
CloneIQ retains your biometric data only for as long as your Image Clone exists in your account. Upon deletion, the following schedule applies:
- Active Storage: Your photos and Image Clone model are stored in encrypted active storage for as long as your Image Clone is active.
- Deletion Queue: Upon your request to delete your Image Clone, your data is placed in an irreversible deletion queue within 24 hours.
- Permanent Destruction: All biometric data — including uploaded photos, derived facial geometry, and the trained model — is permanently and irreversibly purged from all active systems within 45 days of your deletion request.
- Backups: Residual copies in encrypted backup systems are overwritten or destroyed within 90 days of your deletion request.
We will confirm destruction in writing upon request. CloneIQ does not retain biometric data beyond these periods under any circumstances.
8. Your Rights and How to Exercise Them
Regardless of your location, CloneIQ honors the following rights with respect to your biometric data:
8.1 Deletion
You may delete your Image Clone — and all associated photos and biometric data — at any time by navigating to Account Settings > Image Clone > Delete Clone. Deletion is permanent and irreversible. The retention schedule in Section 7 applies from the date of your request.
8.2 Access
You may request a copy of all biometric data CloneIQ holds about you by emailing compliance@ugenticai.comwith the subject line “Biometric Data Access Request.” We will respond within 30 days (or within any shorter period required by applicable law).
8.3 Portability
Upon request, we will provide your uploaded photos in a standard format. Note that the trained Image Clone model is a derivative computation and is not portable as a standalone asset.
8.4 Withdrawal of Consent
You may withdraw consent to biometric processing at any time by deleting your Image Clone. Withdrawal does not affect the lawfulness of any processing that occurred prior to withdrawal. After withdrawal, CloneIQ will not process any new biometric data from you unless you re-consent through the standard onboarding flow.
8.5 Complaints
Illinois residents may bring a civil action under BIPA. EEA and UK residents may lodge a complaint with their local supervisory authority. All users may contact us at compliance@ugenticai.com to raise concerns before escalating to a regulatory body.
9. Security
CloneIQ implements reasonable and appropriate technical and organizational measures to protect biometric data, including:
- Encryption at rest (AES-256) and in transit (TLS 1.2+) for all biometric data;
- Access controls limiting biometric data access to personnel with a documented need;
- Regular security assessments and penetration testing;
- Incident response procedures with notification obligations as required by law.
In the event of a data breach affecting your biometric data, CloneIQ will notify you and applicable regulatory authorities within the timeframes required by law.
10. User Representations Regarding Uploaded Photos
By uploading photos to create your Image Clone, you represent and warrant that:
- You are the person depicted in each photo you upload, or you are an authorized representative of that person;
- You are authorized to upload each photo for this purpose, and each photo was taken or obtained with the knowledge and consent of any person depicted in it;
- You hold sufficient rights in each photo to grant CloneIQ the license described herein, or you have obtained all necessary permissions from the copyright holder;
- No uploaded photo contains images of minors; and
- You will not use your Image Clone to create content that is defamatory, obscene, harassing, or otherwise in violation of CloneIQ’s Terms of Service or applicable law.
CloneIQ reserves the right to suspend or terminate your Image Clone immediately upon discovering any violation of these representations.
11. Children
The Image Clone feature is not available to users under the age of 18. CloneIQ does not knowingly collect biometric data from minors. If we discover that biometric data has been collected from a user under 18, we will delete it immediately. If you believe a minor has created an Image Clone, please contact us at compliance@ugenticai.com.
12. Changes to This Policy
CloneIQ will notify you of material changes to this Policy by email and through a prominent notice on the Platform at least 30 days before the changes take effect. For any change that requires re-consent under applicable law (including BIPA and GDPR), we will obtain fresh consent before continuing to process your biometric data under the revised terms. Your continued use of the Image Clone feature after the effective date of a revised Policy constitutes your acceptance of the non-material changes.
13. Contact Us
For questions, requests, or complaints regarding this Policy or CloneIQ’s handling of your biometric data, please contact:
CloneIQ Privacy Team
Email: compliance@ugenticai.com
Data Protection Officer: compliance@ugenticai.com
Mailing Address: UgenticAI Compliance, 9211 Corporate Blvd, Suite 300, Rockville, MD 20850.
Important Notice for Illinois Residents
This document constitutes CloneIQ’s publicly available written policy as required by the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/15(a). This policy establishes CloneIQ’s retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three (3) years of your last interaction with CloneIQ, whichever occurs first.