Data Minimization
Data minimization is a core privacy principle at Circadify. We collect and process only the minimum data required to deliver results.
Principles
Section titled “Principles”- Collect less — The SDK captures camera input only for the duration of a scan session. No persistent recording occurs. Only the specific vital signs requested by the integration are extracted.
- Process locally — The SDK runs the rPPG (remote photoplethysmography) algorithm entirely on-device using WebAssembly and Web Workers. Camera frames are processed in-browser and never leave the user’s device.
- Transmit results, not inputs — Only derived vital sign scores (heart rate, respiratory rate, HRV, SpO2, blood pressure) and confidence metrics are sent to the Circadify API. Raw biometric data is discarded locally after processing.
- Delete early — By default, vital sign results are returned directly in the API response and not stored server-side. When persist mode is enabled for async workflows, results are cached with a 15-minute TTL and automatically deleted after expiry. No long-term storage of session health data occurs.
What We Don’t Collect
Section titled “What We Don’t Collect”Circadify never collects, transmits, or stores:
- Raw biometric images or video — Camera frames are processed on-device and discarded. No images or video are sent to any server.
- Persistent device identifiers — No device fingerprinting or cross-site tracking identifiers are collected.
- Precise location data — No GPS, IP-based geolocation, or fine-grained location data is collected. Country-level information may be inferred from the request origin for compliance routing only.
- Unrelated sensor data — Only the device camera is accessed during a scan session. No microphone, accelerometer, or other sensor data is collected.
- Biometric templates — Derived vital signs are numerical scores, not biometric templates. They cannot be used to reconstruct or identify the original biometric input.
Configuration
Section titled “Configuration”You can restrict optional data collection through SDK configuration:
const client = new Circadify({ apiKey: 'pk_your_key', dataCollection: { metadata: false, // Disable custom metadata attachment deviceInfo: 'minimal', // Send only hardware tier, omit full user agent analytics: false, // Disable SDK usage analytics },});When deviceInfo is set to 'minimal', only the hardware capability tier is reported (used for processing optimization). When analytics is disabled, no SDK usage telemetry is sent.
Verification
Section titled “Verification”Customers on Enterprise plans can request audit reports to verify our data minimization practices. Because the SDK processes biometric data on-device, customers can independently verify via browser network inspection that no raw biometric data leaves the client — only derived numerical scores are transmitted to the API.
Contact sales@circadify.com to discuss audit and verification options.
Next Steps
Section titled “Next Steps”- What We Collect — Full data collection inventory
- Encryption — How collected data is protected