App Privacy Policy

EasyEFT Privacy Policy

Effective date: 16 June 2026

Service: EasyEFT (“the App”), provided by Tyr Ident (“we,” “us”).

Contact: easyeft.app@tyr-ident.com

1. Overview

EasyEFT lets you capture fingerprints with your phone’s camera and generates an FBI EBTS-compliant electronic fingerprint file (an “EFT”) for federal applicant submissions (e.g., ATF NFA Form 4 / FAUF transactions). To do this we necessarily process sensitive personal information, including biometric data. This policy explains what we collect, why, how long we keep it, and your rights.

2. Service availability and eligibility

  • You must be at least 18 years old to use EasyEFT. The App verifies your date of birth and will not accept submissions from anyone under 18.
  • EasyEFT is not available to residents of every U.S. state. We currently do not serve residents of: California, Connecticut, Dela ware, Hawaii, Illinois, Massachusetts, New Jersey, New York, Rhode Island, Washington, or the District of Columbia. The App asks for your state of residence to check availability; if your state is not served, you cannot proceed.
  • Your state of residence is used only for this availability check. It is checked and then immediately discarded — it is never stored on our servers and never included in your EFT file.
  • If you edit your information after capturing fingerprints and the change makes you ineligible (state of residence or age), your captured fingerprint images and submission information are immediately deleted from our servers.

3. Information we collect

  • Account information: your email address and name, used to create your account and deliver your file.
  • Biometric information — fingerprints: images of your fingertips captured with your device camera, and fingerprint quality measurements derived from them.
  • Demographic information for your submission: name, date of birth, place of birth, sex, race, height, weight, eye and hair color, citizenship, and reason fingerprinted. These are fields of the federal EFT format you are creating. We do not collect your Social Security Number, employer, or home address.
  • Payment information: processed by our payment provider (Stripe). We do not receive or store your full card number.
  • Device & diagnostic information: device model, operating-system version, and anonymous capture-quality metrics. This information is not linked to your identity and is used to improve capture reliability.
  • State of residence (availability check only): asked to confirm we can serve you; checked and discarded — never stored (see Section 2).

4. How we use your information

  • To capture, process, and generate your EFT fingerprint file.
  • To deliver that file to you (by email and within the app).
  • To process your payment.
  • To operate, secure, and improve the App (using de-identified diagnostics only).
  • To comply with legal obligations and maintain a record of your consent.

We do not sell your personal or biometric information, and we do not use it for advertising.

5. Biometric information — collection, use, retention, and destruction

We collect your fingerprints only to create the EFT file you request, with your consent obtained in the App before capture.

  • We do not sell, lease, trade, or otherwise profit from your biometric identifiers.
  • Server-side retention: once your EFT has been generated and delivered, we delete your fingerprint images, your demographic information, and the EFT file from our servers — automatically when your device confirms it has saved the file, or within 3 days of completion otherwise. Submissions you start but do not finish are deleted within 7 days (with an email reminder first).
  • Quality-improvement samples: to improve capture reliability, we may retain a limited set of de-identified image samples — primarily failed or low-quality captures that are not usable fingerprints — for up to 30 days. These samples are not linked to your name, email, or account.
  • On your device: your finished EFT file is stored on your phone so you keep your own copy. Your fully processed fingerprints are never written to device storage outside that file.
  • Your account email and a record of your consent (including the date and IP address of consent) are retained as required to evidence lawful processing.

6. How we share information

  • Service providers who process data on our behalf under contract: our payment processor (Stripe), email delivery, and cloud hosting. They may access information only as needed to perform their services.
  • Legal/safety: where required by law, legal process, or to protect rights and safety.
  • Business transfers / change of control: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or a sale of all or part of our assets, the information we hold may be transferred to the successor or acquiring entity as part of that transaction. We will require the successor to honor the commitments in this Privacy Policy, or we will provide notice (and, where required by law, obtain your consent) before your information becomes subject to a materially different privacy policy. Because we delete fingerprint images and submission data shortly after delivery (see Sections 5 and 7), biometric data is generally not retained and would not be included in such a transfer.
  • We do not share or disclose your biometric information to any other third party except as required by the EFT delivery you request or by law.

7. Data retention summary

Data Retention
Fingerprint images, demographics, EFT (on our servers) Until delivery confirmed, or ≤3 days after completion; ≤7 days for unfinished submissions
De-identified quality samples ≤30 days
De-identified diagnostics (device, scores) Retained (anonymous)
Account email/name Until you delete your account
Consent record (email, name, IP) Retained as a legal record
State of residence Never stored (checked and discarded)

8. Your rights and choices

  • Access / deletion: you can request access to, or deletion of, your personal information, and you can delete your account in the App (which purges associated submission data).
  • California (CCPA/CPRA) and other states: rights to know, delete, correct, and to non-discrimination for exercising them. We do not sell or “share” personal information for cross-context behavioral advertising.
  • Consent withdrawal: you may withdraw biometric consent by deleting your account; note that withdrawal does not affect EFT files already generated and delivered to you.

To exercise any right, contact easyeft.app@tyr-ident.com

9. Security

We use encryption in transit, encryption of sensitive fields at rest, access controls, and automatic deletion to limit how long sensitive data exists. No method of transmission or storage is 100% secure, but we design to hold biometric and identifying data for the shortest time necessary.

10. Age requirement and children

The App requires users to be at least 18 years old and enforces this with a date-of-birth check; submissions from anyone under 18 are refused, and if ineligibility is discovered after capture, the captured data is deleted (see Section 2). The App is not directed to children, and we do not knowingly collect information from anyone under 18.

11. Changes to this policy

We may update this policy; we will post the new effective date and, where required, notify you.

12. Contact

Questions or requests: easyeft.app@tyr-ident.com