For people completing a Sonavera check

Your biometric data. Clear boundaries.

Processing requires a current consent record. When fresh consent is needed, you see who requested the check, what will happen, which material processors are disclosed, and how long Sonavera-held artifacts may remain—then choose whether to continue.

The organization that sent you remains responsible for the account action and any alternative path it offers.

Your Sonavera check and signed result stay in the requesting organization’s tenant boundary, separate from other customers.

One request · one customer boundary

The organization that sent youyour lane
Tenant boundary
Other Sonavera customersseparate
Clear requesterKnow who asked for the check
Active choiceAccept or decline when fresh consent is needed
Tenant boundaryNo cross-customer matching
AfterwardDeletion boundary; receipt after fresh-consent success

The ceremony lifecycle

Before. During. After.

A current consent record carries privacy context through the result and its deletion schedule. When fresh consent is needed, you can review and choose before processing.

01

Before fresh consent: review and choose

When fresh consent is required, see who requested the check, why, which checks apply, which material processors are disclosed, and the retention boundary. You can accept or decline.

02

During: only the disclosed check

Your camera and microphone support the configured checks and guided interaction. Sonavera does not retain raw audio or video unless a tenant configuration explicitly enables retention.

03

After: evidence, receipt, deletion

The requesting organization receives a minimized signed result. If this interaction records fresh consent and succeeds, you can save its privacy receipt. Eligible artifacts follow the governing deletion boundary.

Tenant privacy

This is not a shared biometric network.

Matching uses the isolated tenant boundary of the organization that requested your check. Another Sonavera customer does not receive that enrollment or use it as its candidate pool.

Your organization’s matching flow and another customer’s matching flow use separate record boundaries.
The site that sent youyour scope
Your check
Scoped match
Its records
No cross-tenant matching
Another customerseparate
Other check
Separate match
Separate records

What gets shared

The site gets an answer—not your biometric record.

The signed result summarizes the ceremony without exposing raw media or biometric templates. The organization that sent you—not Sonavera—decides what action to take from that evidence.

The requesting organization receives signed evidence but not raw biometric data.
Sent to the requesting organizationsigned result

It receives

  • Ceremony status and timestamps
  • Normalized check evidence
  • Policy and evidence references
  • Limited, tenant-safe context

It does not receive

  • Raw audio or video
  • Face or voice embeddings
  • Biometric or resolver vectors
  • Prior-match identifiers

Retention

A deletion boundary you can see.

When fresh consent is collected, the screen shows the Sonavera-held artifact boundary. A still-current receipt may govern a returning enrollment or verification, and its recorded boundary continues to cap retention. Service providers may have different retention, documented separately in the current notice.

1

Shown up front

When fresh consent is collected, the screen presents the applicable artifact period or delete-no-later-than time.

2

Attached to the check

The platform records the boundary that applied when your ceremony began.

3

Artifacts deleted

Eligible biometric, liveness, anti-spoofing, and evidence artifacts are automatically purged.

4

Accountability remains

A minimal consent and deletion record remains separately from the deleted ceremony artifacts.

After an interaction records fresh consent and succeeds, an optional downloadable privacy receipt records what you agreed to and when.
Fresh consent + successful checkReceipt offered
Receipt IDpr_••••••••
Consented atRecorded
PurposeIncluded
ProvidersDisclosed
Legal versionsLinked + hashed
RetentionBoundary included

Your privacy receipt

When offered, keep proof of what you agreed to.

When an interaction records fresh consent and then succeeds, you can download a receipt with its ID, consent time, purpose, disclosed providers, legal-document versions, and retention information. Repeat ceremonies that reuse a current consent record do not offer a new download. If you later request deletion, give the receipt ID to the organization that sent you.

The AI guide has a narrow job.

An AI guide may help explain steps and keep the interaction moving. It does not make the biometric match, decide whether you pass, or tell the requesting organization what action to take. The material processors in the governing consent record are a policy disclosure, not a runtime log showing that every optional provider ran.

Common privacy questions

Plain-language answers.

Can I decline the Sonavera check?

When fresh consent is required, yes: you can decline on the consent screen and the ceremony will not proceed. A still-current consent receipt may be reused for a returning enrollment or verification interaction, so that interaction may not show a new consent screen. The organization that sent you decides whether it can offer another path.

Does Sonavera keep my raw video or audio?

Not by default. Sonavera does not retain raw audio or video unless a tenant configuration explicitly enables retention. The current notice governs that exception. Disclosed service providers may process live data for their described role, and their retention may differ.

Can another Sonavera customer search my biometric record?

No. Matching stays inside the tenant boundary of the organization that requested the check. Another customer does not receive that enrollment or use it as its candidate pool.

What does the organization that sent me receive?

It receives a signed result with ceremony status, normalized check evidence, timestamps, and policy references. It does not receive raw audio or video, face or voice embeddings, biometric vectors, or prior-match identifiers.

How do I ask for deletion later?

If you were offered a privacy receipt at the end of the check, download it and give its receipt ID to the organization that sent you. If no new receipt was offered, contact that organization with the interaction details. It manages the account relationship and can route the request. For questions about Sonavera’s platform privacy practices, email privacy@sonavera.ai.

Does this page replace the consent screen?

No. This page explains the design in plain language. When fresh consent is required, the ceremony-specific screen shows the terms for the check. A returning enrollment or verification may instead use a still-current consent receipt. The versioned platform legal documents remain authoritative.

Know what you are agreeing to.

Read the current platform notice at any time. When fresh consent is required, the ceremony-specific screen shows the requester, purpose, disclosed material processors, and retention boundary. A returning enrollment or verification may instead reuse a still-current receipt until its bound legal terms change.