Security at Wicket

Wicket restores trust in the use of biometric identification by keeping data security at the forefront of our products and following industry best practices related to system security.

Data Privacy & Security


In all product cases, all decisions and analyses are made locally (i.e., Edge-Decision) on the device instead of sending data back and forth to a cloud server (i.e., Cloud-Decision). Local decisions help minimize the possibility of information being intercepted. Additionally, all data is encrypted at industry standard levels at rest and in transit.

Algorithm Bias


Wicket algorithms are developed and optimized in-house by our team of scientists in Cambridge, MA, and are designed to address bias. We submitted to NIST testing, viewed as the industry gold standard. The results show Wicket has a 99.7% accuracy rate across all demographic categories and is top 3 for accuracy of matched decisions in the U.S.

Personally Identifiable Information


Wicket only captures and stores PII for the stated use of our products and minimizes exposure of this Customer and User data at all times. This data is never sold, transferred, or otherwise utilized for any third-party purpose aside from our core products or partner integrations.

Facial Authentication

All PII is directly provided by the Customer or User. PII is then translated from an image to a mathematical representation of the face for identification.

Audience Metrics

Wicket does not identify or associate an image used for demographic and audience analysis with any individual or their PII.

Crowd Management

Density does not capture, analyze or store any PII data, and instead identifies key features such as arms and legs.

Content Management

Publish is used for display purposes only and does not use cameras or sensors to collect any identifiable data.

Infrastructure Security


Wicket utilizes Amazon Web Services and embedded security products within their trusted ecosystem to host and deploy our applications using containers run on AWS managed services. Wicket also uses Alert Logic, a managed detect and respond provider for threat and intrusion detection.

Application Security


Wicket performs ongoing third-party penetration tests from trusted security vendors. Wicket also uses static code analysis tooling to secure our product at every step of the development process.

Data & Image Retention


Wicket products require that different data and images be captured and held for varying time frames, depending on the customer’s use case. Data is only stored for the purpose of the product and is automatically purged according to the data policies of Wicket customers for the intended use of that data.

Facial Authentication

Images of the faces of individuals that present themselves to an Access touch-point are captured and retained for logging purposes. This data is purged from the system according to the specified data configuration of the customer.

Audience Metrics

Only ‘crop images’ are captured for Audience data analysis. All images are purged following analysis, and no additional data or information is captured, sought, or retained about any individual.

Crowd Management

No images or PII is captured as part of Density analysis.