Biometric Information Privacy Policy
1. Purpose and Scope
Ironborne Industries LLC ("Ironborne," "we," "us," or "our"), a Texas limited liability company and subsidiary of Wyoming Holding LLC, operates iron extraction and foundry facilities in Hudspeth County, Texas. We use NFC (Near Field Communication) keychain lanyards for employee time tracking and facility access control at our worksites.
Each worker receives an iron keychain lanyard embedded with a passive NFC tag (NXP NTAG215 chip). These tags store a unique identifier number -- not biometric data in the traditional sense. The tag does not read your body, scan your fingerprints, or capture biological characteristics. It functions as a digital key tied to your identity.
However, when a unique identifier is permanently paired to a specific person and used to track that person's movements, entries, and exits, some state laws may treat this as biometric-adjacent data under their broadest interpretations. We publish this policy out of an abundance of caution to comply with the widest possible reading of all applicable biometric privacy statutes, including:
- Illinois BIPA -- Biometric Information Privacy Act, 740 ILCS 14/
- Texas CUBI -- Capture or Use of Biometric Identifier, Tex. Bus. & Com. Code Ch. 503
- Washington State -- Biometric Privacy Law, RCW 19.375
- New York City -- Biometric Identifier Information Law, NYC Admin. Code 22-1201
- Portland, Oregon -- Facial Recognition Technology Ordinance (for reference)
- Any other current or future state, county, or municipal biometric privacy regulation
Additionally, security cameras installed on Ironborne premises may capture images and video of workers and visitors. This footage is addressed within this policy as it relates to facial images recorded during general surveillance operations.
2. What We Collect
The following data is collected through our NFC timekeeping and access control system:
| Data Type | Description |
|---|---|
| NFC Tag Unique Identifier | A numeric ID stored on the NXP NTAG215 chip, permanently paired to your employee record |
| Tap Event Timestamp | Date and time recorded each time you tap your keychain at a reader |
| Reader Location Identifier | Which station, gate, or access point you tapped (e.g., "Main Gate In," "Foundry Floor Station 3") |
| Security Camera Footage | Video and still images captured by on-site surveillance cameras, which may include facial images |
What we do NOT collect: Fingerprints, retina scans, iris scans, voiceprints, hand geometry, facial geometry measurements for recognition purposes, gait analysis, keystroke dynamics, DNA, or any direct physiological biometric measurement.
3. Purpose of Collection
We collect NFC-related data and security footage for the following specific, limited purposes:
- Automated Timekeeping and Payroll Calculation. NFC tap data replaces manual timesheets. Arrival and departure times are recorded automatically and fed into our payroll system to calculate hours worked, overtime, and compensation.
- Facility Access Control. NFC keychains restrict entry to authorized personnel. Only workers with active, registered keychains can access the foundry floor, equipment storage, and restricted operational zones.
- Emergency Roll Call. In the event of a fire, structural incident, chemical exposure, or other emergency, NFC tap records allow management to determine which workers are currently on-site and at which locations, enabling faster and more accurate headcounts.
- Production Tracking. Tap data at station-level readers helps track which workers were present at specific production stations during specific shifts. This supports quality control, efficiency reviews, and incident investigations.
- Security and Loss Prevention. NFC access logs and camera footage support investigation of theft, unauthorized access, equipment damage, and safety violations.
4. Consent
Written consent is required before any biometric-adjacent data is collected from you.
Before your NFC keychain is activated and paired to your identity, you must sign the NFC Timekeeping and Access Control Consent Form (referenced internally as Waiver 3 from Safety Waivers documentation). This form is a standalone written consent document that satisfies the informed consent requirements of Illinois BIPA, Texas CUBI, Washington RCW 19.375, and all other applicable statutes.
The consent form discloses:
- The specific data being collected (NFC tag ID, timestamps, reader location)
- The purpose of collection (timekeeping, access, emergency roll call, production tracking, security)
- The retention period and destruction schedule
- Your rights under applicable law
Voluntariness and Employment Conditions
Your consent is voluntary in the legal sense -- no one will physically force you to sign. However, NFC-based timekeeping is a condition of employment at Ironborne Industries. Our foundry operations require accurate, automated time tracking for safety, payroll, and regulatory compliance. If you decline to consent, we cannot activate your NFC keychain, and you will be unable to clock in, access the facility, or perform your job duties.
Revocation of Consent
You may revoke your consent at any time by submitting a written request to legal@ironborne.us. Upon revocation, your NFC keychain will be deactivated within 5 business days. Because NFC timekeeping is required for employment, revocation of consent may result in reassignment, alternative work arrangements, or separation of employment, depending on operational feasibility. We will discuss options with you before taking any action.
5. Storage and Protection
We take the security of your data seriously. NFC timekeeping data and associated records are protected by the following measures:
- Encrypted Database. All NFC data is stored in a Supabase database instance with row-level security (RLS) policies enforced. Each user record is isolated; no worker can access another worker's tap history.
- Encryption in Transit. All data transmitted between NFC readers and our servers uses TLS 1.3 encryption.
- Encryption at Rest. Stored data is encrypted using AES-256 at the storage layer.
- Access Controls. Only the following roles may access raw NFC data: the Foundry Manager, the Managing Principal, and authorized payroll personnel. No other employees, contractors, or third parties have database access.
- Access Logging. Every query and access event against NFC data is logged with timestamp, user identity, and action performed. Logs are retained for 1 year.
- Infrastructure Security. Our database infrastructure is hosted on secured servers with firewall protection, intrusion detection, and regular security audits.
Security camera footage is stored on local, encrypted storage devices at the facility with access limited to the Managing Principal and the Foundry Manager.
6. Retention and Destruction
| Data Type | Retention Period | Destruction Method |
|---|---|---|
| NFC timekeeping records | 3 years after the last tap event OR 3 years after termination of employment, whichever is later | Permanent deletion via secure database purge with verification |
| Security camera footage | 90 days from date of recording | Automatic overwrite on rolling storage cycle |
| NFC consent forms | Duration of employment plus 5 years | Secure deletion from document storage |
| Access logs (database audit trail) | 1 year from date of log entry | Automated purge |
Post-Termination Requests
If you leave Ironborne Industries (voluntarily or otherwise) and request deletion of your NFC data, we will destroy all NFC timekeeping records within 30 days of your written request -- except where we are legally required to retain records for payroll, tax, workers' compensation, or regulatory compliance purposes. In those cases, we will retain only the minimum data required by law and destroy the remainder.
7. Disclosure to Third Parties
Your NFC data is not shared broadly. We disclose it only in these limited circumstances:
- Payroll Processor. Our payroll provider receives aggregated hours worked per pay period (total hours, overtime hours, shift dates). They do not receive raw tap-by-tap data, NFC tag identifiers, or reader location details.
- Legal Authorities. We will disclose NFC data in response to a valid subpoena, court order, search warrant, or other legal process issued by a court of competent jurisdiction. We will notify you of such disclosure unless prohibited by law or court order.
- Workers' Compensation Insurance Carrier. In the event of an on-site injury claim, we may share NFC data showing your on-site status at the time of the reported incident to verify the claim. This disclosure is limited to the specific time window relevant to the claim.
We never sell, lease, trade, or otherwise profit from NFC data or any biometric-adjacent information.
8. Your Rights
Regardless of which state you reside in, we extend the following rights to all Ironborne workers:
- Right to Access. You may request a copy of all NFC timekeeping data associated with your identity. Submit your request in writing to legal@ironborne.us. We will provide your data within 30 days.
- Right to Correct. If you believe any tap record is inaccurate (wrong time, wrong location, missing entry), you may request a correction. Corrections are reviewed by the Foundry Manager and processed within 15 business days.
- Right to Delete. You may request deletion of your NFC data, subject to legal retention requirements described in Section 6 above.
- Right to a Copy of This Policy. You may request a printed or electronic copy of this Biometric Information Privacy Policy at any time, at no charge.
- Right to File a Complaint. If you believe your biometric privacy rights have been violated, you may file a complaint with us at legal@ironborne.us, with your state's attorney general, or through private legal action where applicable.
9. Illinois-Specific Provisions (BIPA Compliance)
The Illinois Biometric Information Privacy Act (740 ILCS 14/) provides the strongest biometric privacy protections in the United States. Even though Ironborne operates in Texas, we recognize that workers or future workers may have connections to Illinois, and we provide these protections to all workers regardless of location.
In compliance with BIPA, Ironborne Industries:
- Obtains written informed consent before collecting any biometric-adjacent data
- Discloses the specific purpose for collection and the length of time data will be stored
- Publishes a written retention schedule and guidelines for permanent destruction of data (this policy)
- Does not sell, lease, trade, or otherwise profit from any biometric-adjacent data
- Stores, transmits, and protects biometric-adjacent data using a standard of care consistent with or exceeding industry standards
Private Right of Action
BIPA provides a private right of action to aggrieved individuals. Under 740 ILCS 14/20, a prevailing party may recover:
- $1,000 or actual damages (whichever is greater) for each negligent violation
- $5,000 or actual damages (whichever is greater) for each intentional or reckless violation
- Reasonable attorneys' fees and costs
- Injunctive relief or other relief as the court determines appropriate
Ironborne acknowledges these statutory damages and takes its obligations under BIPA seriously.
10. Texas-Specific Provisions (CUBI Compliance)
Texas Business and Commerce Code Chapter 503 (Capture or Use of Biometric Identifier) prohibits the capture of a biometric identifier for a commercial purpose without first obtaining informed consent. In compliance with Texas CUBI:
- Ironborne does not capture biometric identifiers for any commercial purpose outside of the employment and operational purposes described in Section 3
- Informed consent is obtained before any NFC keychain is activated
- We use reasonable care to store, transmit, and protect NFC data from unauthorized access
- We destroy NFC data within a reasonable time after the purpose for collection has been satisfied, and no later than the retention periods described in Section 6
Under Texas CUBI, enforcement authority rests with the Texas Attorney General, who may bring an action for injunctive relief and civil penalties up to $25,000 per violation. There is no private right of action under Texas law as of the effective date of this policy.
11. Changes to This Policy
Ironborne Industries reserves the right to modify this Biometric Information Privacy Policy at any time. If we make material changes to data collection practices, retention periods, or third-party disclosure terms, we will:
- Provide written notice to all affected workers at least 30 days before the change takes effect
- Post the updated policy on our website and distribute copies at the facility
- Where required by law, obtain new written consent before applying changes to existing data
Non-material changes (formatting, clarifications, contact information updates) may be made without advance notice. The "Last Updated" date at the top of this document reflects the most recent revision.
12. Contact Information
For questions, requests, or complaints related to this Biometric Information Privacy Policy, contact:
Ironborne Industries LLC
Attn: Legal and Compliance
Hudspeth County, TX
Email: legal@ironborne.us
Parent Entity: Wyoming Holding LLC
We aim to respond to all inquiries within 10 business days. Formal data access or deletion requests are processed within the timeframes specified in Section 8.