The notice is specific
When fresh consent is required, the user sees who requested the check, its purpose, enabled checks, disclosed material processors, and the applicable retention boundary.
For security, privacy & legal teams
Sonavera puts explicit consent, tenant boundaries, protected biometric templates, limited outputs, and disclosed retention around each identity check—so your team can evaluate concrete controls, not broad promises.
This page is an executive summary of product controls. The current platform legal documents govern each ceremony.
Control map
The ceremony carries its privacy context from disclosure through deletion instead of treating consent, security, and retention as separate paperwork.
When fresh consent is required, the user sees who requested the check, its purpose, enabled checks, disclosed material processors, and the applicable retention boundary.
Ceremony startup rejects a missing, inactive, malformed, or superseded consent receipt instead of silently continuing.
Resolver sessions constrain database work to a validated tenant schema, with live database tests pinning the isolation boundary.
Stored biometric vectors use tenant-specific transforms, AES-GCM protection, encrypted data keys, and versioned key material.
Signed outputs carry compact evidence claims—not raw media, biometric embeddings, resolver vectors, or a tenant action recommendation.
The platform stamps a deletion deadline, sweeps eligible artifacts, and records the deletion outcome for accountability.
Tenant isolation
Resolver database sessions set a validated tenant-specific schema for the transaction and reassert it after commits. Candidate matching stays inside that boundary. Stored vectors add tenant-specific transforms and encryption key versions.
Signed-result boundary
Signed artifacts carry compact, policy-referenced claims. Sonavera reports what happened; your backend validates the artifact and decides what the evidence means for your product.
policy-referencedRetention
At admission, each ceremony receives an artifact-deletion deadline bounded by its governing consent and the applicable retention policy. The platform carries that deadline into scheduled deletion and a durable deletion record.
When collecting fresh consent, show the Sonavera-held artifact period or delete-no-later-than boundary.
Bind the applicable consent and tenant policy to the ceremony record.
Automatically remove eligible ceremony artifacts when their deadline arrives.
Keep a minimal consent and deletion record separate from the deleted artifacts.
Integration controls
Sonavera supports familiar integration shapes while keeping the authoritative decision path on systems you control.
Authorization Code with S256 PKCE, required state, and required nonce bind the browser flow to the initiating client.
The browser return is advisory. Your backend retrieves the authoritative ceremony result with backend-held credentials.
Signed webhook deliveries let your backend verify the callback before it drives downstream behavior.
Review the current Privacy & Biometric Notice, Biometric Consent Text, Retention Policy, and Subprocessor Policy in one versioned legal center.
Common review questions
No. Sonavera reports ceremony lifecycle and normalized evidence. The relying organization validates the result and applies its own policy to the protected action.
No. The signed-result contract excludes raw audio and video, face and voice embeddings, resolver vectors, prior-match identifiers, raw IP-derived identifiers, and raw browser or network fingerprints.
The consent experience records the platform’s disclosed material-processor list. It is a policy disclosure, not a runtime attestation that every optional provider was invoked. Current subprocessor information and provider-retention notes are in the platform legal center.
None. Product architecture is not a certification. We will distinguish implemented controls, current legal terms, and roadmap work in diligence rather than infer SOC 2, ISO 27001, HIPAA, GDPR, penetration-test, or audit status.
No. This is a readable product overview. The versioned Privacy & Biometric Notice, Biometric Consent Text, Retention Policy, and Subprocessor Policy presented through the platform legal center remain authoritative.
We will map questions to implemented controls, current legal terms, and open diligence items—without overstating the evidence.