Security & Compliance

Your data protection is our highest priority

Our Security Commitment

CheckMet is built with security and privacy at its core

At CheckMet, we understand that handling biometric data carries significant responsibility. Our platform is designed from the ground up with robust security measures and privacy protections to ensure your sensitive information is always safe.

We adhere to the highest security standards and comply with relevant data protection regulations, including GDPR, to provide you with a secure, privacy-first attendance management solution.

ISO 27001 Certified ISO 27001 Certified
GDPR Compliant GDPR Compliant
SOC 2 Compliant SOC 2 Compliant
CheckMet Security

Data Protection Architecture

Multi-layered security designed for biometric data

Biometric Template Protection

CheckMet doesn't store actual facial images. Instead, we create encrypted mathematical templates that cannot be reverse-engineered into an actual image.

  • Proprietary template encryption
  • Secure template storage
  • No facial images retained after enrollment
  • Templates unusable on other systems

End-to-End Encryption

All data in transit and at rest is protected with industry-leading encryption standards to prevent unauthorized access.

  • AES-256 encryption for stored data
  • TLS 1.3 for all data in transit
  • Secure key management
  • Regular encryption rotating procedures

Access Controls

Comprehensive access management ensures only authorized personnel can access specific data and functionality.

  • Role-based access control (RBAC)
  • Multi-factor authentication
  • Granular permission settings
  • Full audit logging of all access events

Secure Infrastructure

Our platform is hosted on enterprise-grade infrastructure with multiple layers of physical and network security.

  • Redundant, secure data centers
  • Network isolation and segmentation
  • Regular penetration testing
  • Distributed denial of service (DDoS) protection

GDPR Compliance Framework

Designed for European data protection requirements

GDPR Compliance Framework

Legal Basis for Processing

CheckMet helps you establish and document the legal basis for processing biometric data, with built-in consent management workflows and comprehensive record-keeping.

Data Minimization

Our system collects only the data necessary for attendance tracking. We convert facial scans to encrypted templates rather than storing actual images, adhering to data minimization principles.

Privacy Rights Support

CheckMet provides tools to help you fulfill data subject rights requests, including the right to access, right to be forgotten, data portability, and more.

Data Retention Controls

Configure customizable data retention policies to ensure biometric data is only kept as long as necessary for attendance tracking purposes.

Data Processing Agreements

We provide comprehensive Data Processing Agreements (DPAs) that clearly outline our responsibilities as a data processor and your rights as a data controller.

Download GDPR Whitepaper

Privacy By Design

Privacy principles built into every aspect of CheckMet

Consent Management

CheckMet includes comprehensive consent workflows for employee enrollment, ensuring transparent communication about data usage and proper documentation of consent.

Transparency

Clear documentation and notifications about what data is collected, how it's processed, and who has access to it. Employees can view their own attendance records at any time.

Privacy Impact Assessment

We provide templates and guidance for conducting Privacy Impact Assessments (PIAs) to help you evaluate and mitigate privacy risks before deployment.

Data Subject Rights

Built-in workflows for managing data subject requests, including access, correction, deletion, and data portability, helping you fulfill your GDPR obligations.

Anti-Spoofing Technology

Advanced protection against attendance fraud

CheckMet's facial recognition system incorporates sophisticated anti-spoofing technology to prevent fraudulent check-ins. Our system can detect and reject various spoofing attempts, ensuring the integrity of your attendance data.

Photo Detection

Advanced algorithms detect when someone attempts to use a printed or digital photo instead of a live face.

Video Replay Prevention

Our system can identify video replays and distinguish them from live facial presentations.

3D Mask Detection

The system can identify 3D masks and other physical spoofing attempts through depth and texture analysis.

Liveness Detection

Multi-factor liveness detection ensures the person is physically present during check-in.

Anti-Spoofing Technology

Security & Privacy FAQ

Common questions about data protection in CheckMet

How is facial recognition data stored?

CheckMet does not store actual facial images. During enrollment, we convert facial scans into mathematical templates that are encrypted and securely stored. These templates cannot be reverse-engineered into facial images and are unusable outside of our system.

Who has access to biometric information?

Access to biometric data is strictly limited through role-based permissions. Only authorized administrators with specific security clearances can access template data, and all access is logged for audit purposes. Regular employees can never access biometric data of other employees.

How long is biometric data retained?

CheckMet provides configurable data retention policies. By default, biometric templates are retained only for the duration of employment plus a short grace period. When an employee leaves, their biometric data can be automatically purged from the system. Attendance records can be retained separately for compliance purposes without keeping the biometric templates.

What employee rights are supported regarding their data?

CheckMet supports all GDPR data subject rights, including the right to access, right to be forgotten, data portability, and more. Employees can view what data is stored about them, request corrections, and withdraw consent for biometric processing (switching to alternative attendance methods if needed).

Is CheckMet's security independently verified?

Yes, CheckMet undergoes regular security assessments by independent third parties. We maintain ISO 27001 certification, SOC 2 compliance, and conduct regular penetration testing. Our security measures are continuously updated to address emerging threats.

What happens in case of a data breach?

CheckMet has a comprehensive data breach response plan in place. In the unlikely event of a breach, we would notify affected customers promptly, cooperate with authorities, and provide support for any required notifications to data subjects. However, it's important to note that even in a breach scenario, the encrypted templates cannot be used to recreate facial images.

Security Certifications & Compliance

Independent verification of our security practices

ISO/IEC 27001:2013

CheckMet maintains certification with the international standard for information security management systems, demonstrating our commitment to robust security practices.

SOC 2 Type II

Our annual SOC 2 Type II audit verifies that CheckMet has established and follows strict information security policies and procedures encompassing the security, availability, and confidentiality of customer data.

GDPR Compliance

CheckMet is designed to help organizations comply with the General Data Protection Regulation (GDPR) when processing biometric data for attendance purposes.

CCPA Compliance

Our platform supports compliance with the California Consumer Privacy Act for organizations operating in California or dealing with California residents' data.

Security You Can Trust

Want to learn more about our security measures and compliance framework?

Download Security Whitepaper Contact Our Security Team