Security at Wicket

SOC 2 Type II Badge Wicket
ISO 27001 Badge Wicket
NIST CSF Badge Wicket

Our current SOC2 Type II report and ISO 27001 certificate are available in our Trust Report.

Algorithm Bias


Wicket algorithms are developed and optimized in-house by our team of scientists in Cambridge, MA, and are designed to address bias. We submitted to NIST testing, viewed as the industry gold standard. The results show Wicket has a 99.7% accuracy rate across all demographic categories and is top 3 for accuracy of matched decisions in the U.S.

Personally Identifiable Information


All PII is directly provided by the Customer or User. PII is then translated from an image to a mathematical representation of the face for identification. Wicket only captures and stores PII for the stated use of our products and minimizes exposure of this Customer and User data at all times. This data is never sold, transferred, or otherwise utilized for any third-party purpose aside from our core products or partner integrations.

Infrastructure Security


Wicket utilizes Amazon Web Services and embedded security products within their trusted ecosystem to host and deploy our applications using containers run on AWS managed services. Wicket also uses Alert Logic, a managed detect and respond provider for threat and intrusion detection.

Application Security


Wicket performs ongoing third-party penetration tests from trusted security vendors. Wicket also uses static code analysis tooling to secure our product at every step of the development process.

Lock and Shield Data Privacy Symbol

Data & Image Retention


Wicket products require that different data and images be captured and held for varying time frames, depending on the customer’s use case. Data is only stored for the purpose of the product and is automatically purged according to the data policies of Wicket customers for the intended use of that data.

Images of the faces of individuals that present themselves to an Access touch-point are captured and retained for logging purposes. This data is purged from the system according to the specified data configuration of the customer.

User Privacy

It is imperative that our technology not only meet our customers’ needs but also ensure their privacy and safety. We take your trust in us very seriously and design our software to protect and securely store your personal data.

Your Face is Safe


Opt-in Only

All users must actively opt-in, and users who wish to opt-out of the program may do so immediately and at any time.


Customer Owned Lists

Customers exclusively own the database where information lives, and all Personally Identifiable Information (PII) lives on the cloud, preventing 3rd party access or sharing.


Encrypted Photos

We use mathematical representations of faces instead of actual photos, meaning devices store no photos and keep your identity safe, even when compromised.

Encoded photograph passes safely through cloud, protecting data privacy

Facial Authentication


It is misleading to refer to the system process as ‘Facial Recognition’ in its traditional sense. Facial recognition systems like those used by law enforcement or security agencies (to identify an unknown individual by running an image through an extensive database) are based on a ‘One to Many’ or ‘1:N’ analysis. Wicket access control and ticketing products utilize a ‘One to One’ or ‘1:1’ match where the system is simply verifying the identity of an individual who has already provided consent to be in the system.

Ready to get started?