1. Purpose and Scope

This Biometric Data Retention and Destruction Policy (this "Policy") is adopted by Querious, Inc. ("Querious," "we," "us," or "our") in compliance with the Illinois Biometric Information Privacy Act, 740 ILCS 14/15(a) ("BIPA").

This Policy establishes Querious's retention schedule and guidelines for the permanent destruction of biometric identifiers and biometric information that Querious collects, captures, or otherwise obtains in connection with the operation of its AI-powered legal conversational intelligence platform (the "Platform").

This Policy applies to all biometric identifiers and biometric information in Querious's possession, regardless of the format in which such identifiers or information are maintained.

‍

2. Definitions

The following definitions apply to this Policy, consistent with the definitions set forth in 740 ILCS 14/10:

2.1 "Biometric Identifier" means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.

2.2 "Biometric Information" means any information, regardless of how it is captured, converted, stored, or shared, based on a biometric identifier used to identify an individual. Biometric information does not include information derived from items excluded from the definition of biometric identifier.

2.3 "Voiceprint" means a mathematical representation or model of an individual's unique voice characteristics, including but not limited to vocal patterns, pitch, cadence, and tonal qualities, used to identify or distinguish individual speakers. For purposes of this Policy, voiceprint data includes any data generated by Querious's speaker diarization, speaker identification, or speaker attribution features.

‍

3. Biometric Identifiers Collected by Querious

In connection with the operation of the Platform, Querious may collect the following biometric identifiers:

3.1 Voiceprints. When speaker diarization or speaker identification features are enabled, the Platform analyzes unique voice characteristics of meeting participants to distinguish and attribute speech to individual speakers. This process generates voiceprint data, which constitutes a biometric identifier under BIPA.

3.2 No Other Biometric Identifiers. Querious does not collect retina or iris scans, fingerprints, or scans of hand or face geometry. Querious does not process video data for facial recognition or facial geometry analysis.

‍

4. Purpose of Collection

Querious collects voiceprint data solely for the following purpose:

To provide speaker-attributed meeting intelligence to licensed attorneys and law firms ("Authorized Users") who use the Platform in connection with their legal representation of clients. Speaker attribution allows Authorized Users to receive meeting summaries, action items, and insights that identify which participant made specific statements, enhancing the accuracy and utility of the Platform's outputs.

Querious does not collect voiceprint data for any other purpose, including but not limited to:

(a) Identity verification or authentication;

(b) Marketing, advertising, or customer profiling;

(c) Training, fine-tuning, evaluating, or improving any artificial intelligence or machine learning model;

(d) Sale, lease, trade, or any other commercial purpose; or

(e) Any purpose unrelated to the provision of speaker-attributed meeting intelligence to the Authorized User for the specific meeting session in which the voiceprint data was generated.

‍

5. Retention Schedule

Querious maintains the following retention schedule for biometric identifiers and biometric information:

5.1 Voiceprint Data (Active Meeting Sessions)

Voiceprint data is processed ephemerally. Voiceprint data is generated in real-time during an active meeting session and exists only in volatile memory (RAM) for the duration of the meeting. Voiceprint data is not written to persistent storage (disk, database, or any other non-volatile medium) at any point during or after processing.

Retention period: Duration of the active meeting session only. Voiceprint data is permanently destroyed within sixty (60) seconds of the conclusion of each meeting session.

5.2 Audio Data

Raw audio is processed in real-time using streaming architecture. Audio data is not stored, retained, or written to persistent storage. Audio data is permanently destroyed upon completion of real-time processing during the active meeting session.

Retention period: None. Audio is processed ephemerally and is never retained.

5.3 Maximum Retention Period

In no event shall any biometric identifier or biometric information be retained by Querious for longer than three (3) years from the individual's last interaction with Querious, or until the initial purpose for collecting the biometric identifier or biometric information has been satisfied, whichever occurs first, as required by 740 ILCS 14/15(a).

Because Querious's ephemeral processing architecture destroys all biometric identifiers within sixty (60) seconds of each meeting session, the three-year statutory maximum is never approached under normal operations.

‍

6. Destruction Guidelines

Querious permanently destroys biometric identifiers and biometric information in accordance with the following guidelines:

6.1 Method of Destruction

(a) Automated destruction. Destruction of voiceprint data is performed automatically by Querious's systems. No human intervention is required or involved in the destruction process.

(b) Irreversible deletion. Voiceprint data is permanently erased from volatile memory (RAM) through memory deallocation and overwriting. Once destroyed, voiceprint data cannot be recovered, reconstructed, or retrieved.

(c) No backup copies. Because voiceprint data is never written to persistent storage, no backup copies, archives, disaster recovery copies, or other secondary copies of voiceprint data exist.

(d) No AI training use. Voiceprint data is never used to train, fine-tune, evaluate, or improve any artificial intelligence or machine learning model. This prohibition is enforced through architectural separation of production and training data pipelines, making it technically impossible for voiceprint data to enter training systems.

6.2 Trigger for Destruction

Destruction of biometric identifiers is triggered automatically upon:

(a) Conclusion of the meeting session (whether ended by the host, by system timeout, or by any other means); or

(b) Revocation of consent by any meeting participant during an active session (in which case speaker attribution features are immediately disabled and any voiceprint data for that participant is immediately destroyed).

6.3 Third-Party Processing

Voiceprint data may be processed by Querious’s third-party AI infrastructure providers (currently including OpenAI and Anthropic, operating within Querious’s secure cloud environment). Querious’s contractual agreements with its third-party providers require:

(a) Processing through private, isolated model instances not shared with other customers;

(b) Deletion of all input data upon completion of processing;

(c) A prohibition on using any input data for model training, fine-tuning, or improvement; and

(d) Compliance with destruction timelines no less protective than those set forth in this Policy.

‍

7. Storage and Security

During the brief period in which biometric identifiers exist in volatile memory for active processing, Querious protects them using security measures that are the same as or more protective than the measures used to protect other confidential and sensitive information, as required by 740 ILCS 14/15(e):

(a) Encryption. All data in transit is encrypted using industry-standard TLS 1.2 or higher. Processing occurs within encrypted memory environments within Querious's secure Microsoft Azure infrastructure.

(b) Access controls. Access to biometric processing systems is restricted to essential automated systems only. No Querious personnel have access to biometric identifiers in decrypted form.

(c) SOC 2 Type II certification. Querious maintains SOC 2 Type II certification, demonstrating annual independent audit of security controls.

(d) Confidential information protections. Querious stores, transmits, and protects biometric identifiers in a manner that is the same as or more protective than the manner in which Querious stores, transmits, and protects other confidential and sensitive information, including attorney-client privileged communications.

‍

8. Compliance and Enforcement

8.1 Querious shall comply with this Policy and the requirements of BIPA at all times, absent a valid warrant or subpoena issued by a court of competent jurisdiction.

8.2 This Policy is reviewed and updated no less than annually by Querious's legal and privacy teams. The effective date and last review date are noted at the top of this document.

8.3 Questions, concerns, or requests regarding this Policy may be directed to: Querious, Inc., Attn: Privacy Team, Email: privacy@querious.ai.

‍

9. Statutory Reference

This Policy is adopted pursuant to Section 15(a) of the Illinois Biometric Information Privacy Act, 740 ILCS 14/15(a), which provides:

"A private entity in possession of biometric identifiers or biometric information must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first."

‍