Privacy policy clauses for React Native Biometrics
React Native Biometrics is a library that enables fingerprint and facial recognition authentication in mobile applications built with React Native. It allows users to unlock or authenticate within an app using their device's biometric sensors instead of passwords.
Free scan · No signup · Results in 60 seconds
What data React Native Biometrics collects
Your privacy policy must disclose each of the following data types when you use React Native Biometrics.
When does React Native Biometrics trigger privacy obligations?
React Native Biometrics triggers privacy obligations the moment you integrate it into your app, because it processes biometric authentication data—a category regulated as sensitive personal data under GDPR (Article 9) and CCPA (Section 1798.140(o)). Even though biometric templates never leave the device, the *authentication result* (success/failure, timestamp, device identifier linked to the user) is data you collect and control.
GDPR applies if: You have users in the EU. Biometric data is Article 9 special category data, requiring lawful basis *plus* explicit Article 9(2) grounds (typically user consent or necessary for authentication). You must issue an Article 13/14 privacy notice *before* first authentication.
CCPA applies if: You have California residents. Biometrics are explicitly protected under Section 1798.100(d); users have the right to know, delete, and opt-out of sale. You must disclose collection in your privacy policy before deployment.
iOS-specific: iOS requires `NSFaceIDUsageDescription` in Info.plist. This is an App Store requirement, not just privacy—its absence will reject your app.
First step: Update your privacy policy to disclose: (1) biometric authentication data collection, (2) lawful basis (GDPR) or opt-out rights (CCPA), (3) that templates stay on-device but results are logged server-side if applicable, (4) retention period for auth logs.
