Adobe can collect faceprints and voiceprints when you use certain photo and video organization features. These features are off by default and Adobe says it deletes biometric data when you turn them off, but some exceptions may apply.
This analysis describes what Adobe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric data like faceprints is sensitive and largely irreplaceable if misused. Users in states like Illinois have strong legal protections for this data that may exceed what this policy describes, and the carve-out 'unless otherwise specified in the Software or Services' creates some ambiguity about data deletion timelines.
Interpretive note: The carve-out 'unless otherwise specified in the Software or Services' for biometric data deletion introduces ambiguity about which products or features may deviate from the default deletion commitment, and the sufficiency of in-app enablement as written consent under BIPA is legally unsettled.
Enabling photo grouping or voice features in Adobe apps may result in the collection of biometric identifiers such as faceprints, which are subject to specific legal protections in several U.S. states. The policy states this data is deleted when the feature is turned off, with a carve-out for cases where the software specifies otherwise.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Adobe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Biometric identifiers or information defined under United States laws or other applicable laws (e.g., faceprints and voiceprints, etc.); Where required by law, we will seek any required permissions from you prior to any such collection. Adobe offers certain features that let you edit and organize your photographs, videos, and other types of content using characteristics like face and voice (e.g., you can group similar faces, places, and image characteristics within your collection), and such characteristics may be considered biometric identifiers or biometric information under certain US laws or other applicable privacy laws. When you choose to use these features, Adobe is acting only on your instructions in order to facilitate the service requested by you. These features are off by default and, should you choose to enable them, you can always disable these features. Where we process biometric identifiers or biometric information to deliver a feature requested by you, we delete this information once you turn off the feature, unless otherwise specified in the Software or Services.— Excerpt from Adobe's Adobe Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the Illinois Biometric Information Privacy Act (BIPA), which requires written informed consent prior to collection of biometric identifiers including faceprints, a publicly available retention and destruction policy, and prohibition on sale or profit from biometric data. Texas and Washington have analogous biometric privacy statutes. The California Consumer Privacy Act treats biometric information as sensitive personal information under CPRA, requiring disclosure and opt-out rights. Enforcement of BIPA is primarily through private right of action, with significant litigation risk. State attorneys general in Illinois, Texas, and Washington also have enforcement authority. GOVERNANCE EXPOSURE: High. BIPA carries statutory damages of $1,000 to $5,000 per violation and has generated substantial class action litigation. The policy's statement that biometric data is deleted upon feature disablement 'unless otherwise specified in the Software or Services' creates a conditional carve-out that may not satisfy BIPA's written policy requirements or the requirement that retention schedules be publicly disclosed. The adequacy of consent mechanisms, particularly whether in-app enablement constitutes written informed consent under BIPA, warrants careful review. JURISDICTION FLAGS: Illinois users face the highest exposure given BIPA's private right of action. Texas and Washington residents are covered by state biometric statutes. California residents have CPRA rights over biometric data as sensitive personal information. EU and EEA users' biometric data is special category data under GDPR Article 9, requiring explicit consent and a valid Article 9(2) condition. CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Adobe tools to employees in Illinois, Texas, or Washington should assess whether enterprise agreements include biometric data processing terms that satisfy applicable state law requirements. Vendor assessments should confirm whether Adobe's consent and deletion mechanisms meet the specific technical and legal requirements of BIPA. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the opt-in consent mechanism for biometric features constitutes legally sufficient informed written consent under applicable state biometric laws. The conditional deletion clause ('unless otherwise specified in the Software or Services') should be investigated to identify which products or features may retain biometric data beyond feature disablement. A data map update should capture biometric identifiers as a distinct sensitive data category with jurisdiction-specific handling requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric data like faceprints is sensitive and largely irreplaceable if misused. Users in states like Illinois have strong legal protections for this data that may exceed what this policy describes, and the carve-out 'unless otherwise specified in the Software or Services' creates some ambiguity about data deletion timelines.
Enabling photo grouping or voice features in Adobe apps may result in the collection of biometric identifiers such as faceprints, which are subject to specific legal protections in several U.S. states. The policy states this data is deleted when the feature is turned off, with a carve-out for cases where the software specifies otherwise.
ConductAtlas has identified this type of provision across 21 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Adobe.