THE GROVE, INC. BIOMETRIC INFORMATION PRIVACY POLICY

In accordance with The Grove, Inc.’s timekeeping systems, certain biometric information is collected and used in order to accurately record all time worked for those employees who use the company’s timekeeping systems.  This Biometric Information Privacy Policy (“Policy”) explains what information is collected, the purpose and length of time in which it is used and stored, and how this information is permanently deleted and destroyed when no longer needed. 

Biometric Information Defined

As used in this Policy, “biometric information” means: (i) a retina or iris scan, fingerprint, voiceprint, scan or record of hand or face geometry, or any other unique biological pattern or characteristic used to identify an individual; or (ii) any information, regardless of how it is captured, converted, stored, or shared, based on a biometric identifier listed in (i) above used to identify an individual.

Collection of Data

The Grove does not collect or store any employee biometric identifiers or biometric information; this is done through a third-party vendor, which provides employee fingerprint or facial recognition authentication software for the timekeeping systems.

Fingerprint Scanning (for locations using EasyClocking)

When employees scan their fingerprints into EasyClocking, the actual scan, or image of the fingerprint, is not collected or stored.  Rather, EasyClocking creates a mathematical algorithm of certain unique characteristics of the fingerprint and uses this algorithm to create a unique template, which then becomes a mathematical representation of the fingerprint.  This mathematical representation is collected and stored as an encoded file.  The file is then used by the timekeeping system to record time worked for each employee.  This unique process helps to ensure that any employee biometric information is treated as confidential and is protected from unauthorized disclosure.  Any authorized disclosure of employee biometric information must be done in accordance with applicable law.  Upon termination of employment for any reason, the employee’s encoded file is permanently deleted from all time clocks used by the employee. 

If you have any questions or concerns about how the EasyClocking timekeeping system works, how it is used, or how it interfaces with the payroll process, or would like to exercise any of the rights available to you under applicable laws, please contact your manager and EasyClocking will work with The Grove to fulfill the request.

Facial Recognition (for locations using Harri)

The Grove, Inc. has engaged Harri, Inc. (“Harri”) to administer a facial recognition technology enabled time-tracking system (the “Harri Timekeeping System”) through the TeamHub App. On behalf of The Grove and pursuant to The Grove’s instruction, Harri collects, uses, and discloses employees’ biometric information as described in this Policy.

If you have any questions or concerns about how the Harri Timekeeping System works, how it is used, or how it interfaces with the payroll process, or would like to exercise any of the rights available to you under applicable laws, please contact your manager and Harri will work with The Grove to fulfill the request.

Purpose for Collection

The Harri Timekeeping System collects, uses, and discloses biometric information for employee identification, fraud prevention, time-tracking, and payroll administration purposes. Harri does not sell, lease, trade, or otherwise profit from biometric information collected through the Harri Timekeeping System.

Collection and Use of Biometric Information

When an employee first uses the Harri Timekeeping System, it takes a photo and saves it for reference. This is referred to as the “Reference Photo.” From that point on, each time you clock-in or clock-out of a shift, the Harri Timekeeping System takes a photo, and using a third-party provider, runs a biometric analysis of the Reference Photo to determine whether the individual in the Reference Photo is the same individual as in each subsequent photo. This analysis entails measuring key biometric landmarks between facial features (facial geometry) in the photos and generating a comparison score from 1 to 100, where 100 indicates the highest likelihood of a match. If the comparison score exceeds a certain threshold determined by the third-party provider, your identity is confirmed and the clocking-in or clocking-out is approved. At that point, the biometric analysis is discarded by the third-party provider and biometric information, as defined above, is not retained, either by the third-party provider or by Harri. If the comparison score is below such threshold, the Harri Timekeeping System neither authenticates your identity nor records the time entry and the biometric analysis is discarded. If this happens, you would be required to provide your Employee PIN to log in to the Harri Timekeeping System.

Disclosure

For the operation of the Harri Timekeeping System, Harri only discloses the Reference Photo and any subsequent photo to its (i) biometric facial recognition provider for the sole purpose of facilitating the real time comparison analysis between the photos, and (ii) cloud storage provider for the sole purpose of the storage. All such information is encrypted with AES-256. Note that without your consent, Harri will not disclose or otherwise share your information with third parties other than necessary to comply with (a) state or federal law or municipal ordinance, or (b) a valid warrant or subpoena issued by a court of competent jurisdiction.

Security

Harri uses and requires its service providers to implement reasonable technical and organizational measures designed to protect biometric information as well as the Reference Photo and subsequent photos from unauthorized, access, use, modification, or disclosure. Such measures are the same as or more protective than the way Harri and its service providers protect other similar confidential and sensitive information.

Retention

No biometric information, as such term is defined above (including any biometric tokens or mathematical representations derived from facial features), is stored following the completion of the real-time comparison of the photos. Neither The Grove nor Harri and its providers retain biometric information beyond what is necessary to conduct such real-time comparison.

Your Reference Photo, subsequent photos, and comparison scores are retained until the initial purpose for collecting or obtaining such information has been satisfied or within 3 years of your last interaction with The Grove, whichever occurs first, unless retention is required for purposes such as (i) complying with a court order, statute, or public records retention schedule specified under federal, state, or local law, (ii) complying with a valid warrant or subpoena issued by a court of competent jurisdiction, or (iii) protecting against or preventing actual or potential fraud, criminal activity, claims, security threats, or liability.

Purpose and Length

The sole purpose for which biometric information is used is to enable The Grove to accurately record all time worked for those employees who use the Company’s timekeeping systems. This information is used for only as long as necessary, and solely as needed for this purpose. Any biometric information will be destroyed once the initial purpose for collecting or obtaining such information has been satisfied or within 3 years of the employee’s last interaction with The Grove, whichever occurs first, unless retention of such information is required to comply with the law.

Changes

This policy may be updated and changed, as necessary, to reflect any changes in vendors, procedure, and processes, and to conform with applicable law.

© 2026 The Grove Inc. Privacy Policy | Careers | Terms Of Use | Biometric Policy