Wicket Logo White

Security & Privacy

Wicket is committed to the responsible use and application of facial authentication technology, and to that end, takes security and privacy very seriously. Learn more about how we design our technology for that commitment below.


Wicket Values Your Security

Wicket restores trust in the use of biometric identification by keeping data security at the forefront of our products and following industry best practices related to system security.

Data Privacy & Security

In all product cases, all decisions and analyses are made locally (i.e., Edge-Decision) on the device instead of sending data back and forth to a cloud server (i.e., Cloud-Decision). Local decisions help minimize the possibility of information being intercepted. Additionally, all data is encrypted at industry standard levels at rest and in transit.

Algorithm Bias

Wicket algorithms are developed and optimized in-house by our team of scientists in Cambridge, MA, and are designed to address bias. We submitted to NIST testing, viewed as the industry gold standard. The results show Wicket has a 99.7% accuracy rate across all demographic categories and is top 3 for accuracy of matched decisions in the U.S. at the time of submission.


Personally Identifiable Information

All PII is directly provided by the Customer or User. PII is then translated from an image to a mathematical representation of the face for identification. Wicket only captures and stores PII for the stated use of our products and minimizes exposure of this Customer and User data at all times. This data is never sold, transferred, or otherwise utilized for any third-party purpose aside from our core products or partner integrations.

Infrastucture Security

Wicket utilizes Amazon Web Services and embedded security products within their trusted ecosystem to host and deploy our applications using containers run on AWS managed services. Wicket also uses Alert Logic, a managed detect and respond provider for threat and intrusion detection.

Application Security

Wicket performs ongoing third-party penetration tests from trusted security vendors. Wicket also uses static code analysis tooling to secure our product at every step of the development process.

Data & Image Retention

Wicket products require that different data and images be captured and held for varying time frames, depending on the customer’s use case. Data is only stored for the purpose of the product and is automatically purged according to the data policies of Wicket customers for the intended use of that data.

Images of the faces of individuals that present themselves to an Access touch-point are captured and retained for logging purposes. This data is purged from the system according to the specified data configuration of the customer.

User Privacy

It is imperative that our technology not only meet our customers’ needs but also ensure their privacy and safety. We take your trust in us very seriously and design our software to protect and securely store your personal data.
Secure Encoded Facial Templates
you are you

Your Face is Safe

Opt-in Only

All users must actively opt in, and users who wish to opt out of the program may do so immediately and at any time.

Customer-Owned Lists

Customers exclusively own the database where information lives, and all Personally Identifiable Information (PII) lives on the cloud, preventing 3rd party access or sharing.

Encrypted Photos

We use mathematical representations of faces instead of actual photos, meaning devices store no photos and keep your identity safe, even when compromised.


Facial Authentication

While Wicket’s computer vision algorithms could technically be classified as a facial recognition system, we prefer to use the term Facial Authentication.

Facial recognition systems like those used by law enforcement or security agencies (to identify an unknown individual by running an image through an extensive database) are based on a surveillance model.

Wicket differs from this approach in two ways: 

Firstly, Wicket has an opt-in-only model. We do not use our technology to keep people out, but rather to let known faces (registered users) in—only people who have explicitly opted into Wicket-powered services can use them.

Secondly, Wicket’s Facial Authentication system is designed to protect the privacy of those who do not want to be captured at all. To ensure unwilling participants aren’t scanned by Wicket, users must physically present to a Wicket sensor to gain access to confirm that the user is:

  1. Enrolled in a Wicket-powered service (by opting in)
  2. Eligible for access to that service
  3. Granted or denied the service based on their eligibility
Our current SOC2 Type II, NIST Cybersecurity Framework, and GDPR reports, as well as our ISO 27001 certificate are available in our Trust Report.