Adobe can collect faceprints and voiceprints when you use certain photo and video organization features. These features are off by default and Adobe says it deletes biometric data when you turn them off, but some exceptions may apply.
This analysis describes what Adobe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes a framework under which Adobe processes biometric data only when users explicitly activate specific features and only to perform the operations users have requested. The specification of deletion upon feature disablement creates a defined data retention boundary for this processing activity.
Interpretive note: The carve-out 'unless otherwise specified in the Software or Services' for biometric data deletion introduces ambiguity about which products or features may deviate from the default deletion commitment, and the sufficiency of in-app enablement as written consent under BIPA is legally unsettled.
Enabling photo grouping or voice features in Adobe apps may result in the collection of biometric identifiers such as faceprints, which are subject to specific legal protections in several U.S. states. The policy states this data is deleted when the feature is turned off, with a carve-out for cases where the software specifies otherwise.
How other platforms handle this
We may use third-party vendors for identity verification. These vendors analyze whether the Client's "selfie" matches the government-issued identity document. The information collected from Client photographs may constitute biometric information in some jurisdictions. Where required by law, we will ...
Your use of the Services is also governed by our Privacy Policy, which is incorporated into these Terms by reference. By using the Services, you consent to the data collection and use practices described in the Privacy Policy. Roblox collects information you provide directly, information collected a...
We collect information about you in a variety of ways depending on how you interact with us and our products and services. This includes information you provide directly, information we collect automatically when you use our services, and information we receive from third parties. We may collect ide...
Monitoring
Adobe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Biometric identifiers or information defined under United States laws or other applicable laws (e.g., faceprints and voiceprints, etc.); Where required by law, we will seek any required permissions from you prior to any such collection. Adobe offers certain features that let you edit and organize your photographs, videos, and other types of content using characteristics like face and voice (e.g., you can group similar faces, places, and image characteristics within your collection), and such characteristics may be considered biometric identifiers or biometric information under certain US laws or other applicable privacy laws. When you choose to use these features, Adobe is acting only on your instructions in order to facilitate the service requested by you. These features are off by default and, should you choose to enable them, you can always disable these features. Where we process biometric identifiers or biometric information to deliver a feature requested by you, we delete this information once you turn off the feature, unless otherwise specified in the Software or Services.— Excerpt from Adobe's Adobe Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the Illinois Biometric Information Privacy Act (BIPA), which requires written informed consent prior to collection of biometric identifiers including faceprints, a publicly available retention and destruction policy, and prohibition on sale or profit from biometric data. Texas and Washington have analogous biometric privacy statutes. The California Consumer Privacy Act treats biometric information as sensitive personal information under CPRA, requiring disclosure and opt-out rights. Enforcement of BIPA is primarily through private right of action, with significant litigation risk. State attorneys general in Illinois, Texas, and Washington also have enforcement authority. GOVERNANCE EXPOSURE: High. BIPA carries statutory damages of $1,000 to $5,000 per violation and has generated substantial class action litigation. The policy's statement that biometric data is deleted upon feature disablement 'unless otherwise specified in the Software or Services' creates a conditional carve-out that may not satisfy BIPA's written policy requirements or the requirement that retention schedules be publicly disclosed. The adequacy of consent mechanisms, particularly whether in-app enablement constitutes written informed consent under BIPA, warrants careful review. JURISDICTION FLAGS: Illinois users face the highest exposure given BIPA's private right of action. Texas and Washington residents are covered by state biometric statutes. California residents have CPRA rights over biometric data as sensitive personal information. EU and EEA users' biometric data is special category data under GDPR Article 9, requiring explicit consent and a valid Article 9(2) condition. CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Adobe tools to employees in Illinois, Texas, or Washington should assess whether enterprise agreements include biometric data processing terms that satisfy applicable state law requirements. Vendor assessments should confirm whether Adobe's consent and deletion mechanisms meet the specific technical and legal requirements of BIPA. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the opt-in consent mechanism for biometric features constitutes legally sufficient informed written consent under applicable state biometric laws. The conditional deletion clause ('unless otherwise specified in the Software or Services') should be investigated to identify which products or features may retain biometric data beyond feature disablement. A data map update should capture biometric identifiers as a distinct sensitive data category with jurisdiction-specific handling requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes a framework under which Adobe processes biometric data only when users explicitly activate specific features and only to perform the operations users have requested. The specification of deletion upon feature disablement creates a defined data retention boundary for this processing activity.
Enabling photo grouping or voice features in Adobe apps may result in the collection of biometric identifiers such as faceprints, which are subject to specific legal protections in several U.S. states. The policy states this data is deleted when the feature is turned off, with a carve-out for cases where the software specifies otherwise.
ConductAtlas has identified this type of provision across 18 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Adobe.