Skip to main content

Biometric Privacy Policy

Last updated: 2026-04-19 · Version biometric_v1

This page satisfies the BIPA requirement (740 ILCS 14/14) that our retention schedule and destruction guidelines be publicly available. It applies to fingerprint biometric identifiers (FD-258 scans and generated .eft files) handled by the 2ATracker platform on behalf of FFL dealers and their customers.

What we collect

When an FFL dealer uses 2ATracker to prepare an ATF Form 1 or Form 4 filing for their customer, the dealer uploads a scan or photo of the customer's FD-258 fingerprint card. Our servers generate an ANSI/NIST-ITL “electronic fingerprint transmission” (.eft) file from that scan and encrypt it at rest.

How we use it

  • Produce the .eft file that the customer (or their dealer) attaches to their ATF eForm submission.
  • Deliver a copy to the customer's own 2ATracker vault via a single-use claim code, if the customer accepts.

Who we share it with

Nobody, except as required by law. Biometric data is never sold, leased, traded, or disclosed to any third party. The FFL dealer generating the file is the customer's chosen fiduciary. 2ATracker processes the data on behalf of the dealer; we do not transmit fingerprints to the FBI, ATF, or any background-check system.

Retention schedule

Record Retention
FFL dealer's copy of customer fingerprints Up to 30 days after the claim code is delivered to the customer, or 90 days from upload if no code is ever delivered.
Customer's own vault copy (after claim) Retained by the customer under their 2ATracker account. The customer may delete it at any time; we destroy it within 24 hours of account deletion.
Claim code metadata (not biometric) 30 days after expiration or redemption, then destroyed.
Audit log (timestamps + action names; no biometric content) Retained for the life of the corresponding account for compliance and incident-response purposes.

Destruction

When a retention period expires, we permanently destroy the biometric data: the encrypted .eft blob is irreversibly deleted from object storage, the database row is deleted, and the encryption keying material specific to that record is discarded. A purge-summary entry is written to the audit log (without any biometric content) so dealers can verify destruction occurred.

Purge runs daily. If you are a customer and want us to destroy your data sooner, ask your dealer to delete your customer record; destruction takes effect on the next purge cycle (typically within 24 hours).

Your rights (BIPA, CUBI, WA RCW 19.375)

  • Right to know what biometric data we hold for you — contact your dealer or email us.
  • Right to deletion on request — your dealer can trigger immediate purge; you can delete your own vault copy from Settings.
  • Right to withdraw consent for future processing. (Note: you cannot un-submit an ATF filing that has already been sent.)

Questions

Email privacy@2atracker.com or ask your dealer.