Skip to content

How Truly Aligns with ISO/IEC 2382-37 in Handling Biometric

As the use of deepfake detection grows across industries, so does the need for clarity, transparency, and compliance when handling biometric data. At Truly, we believe trust starts with responsible design, and part of that means speaking a common language when it comes to biometric systems.

In this post, we’ll explain what ISO/IEC 2382-37 is, why it matters, and how Truly aligns with its principles to ensure our biometric data practices are both secure and consistent with international standards.

What Is ISO/IEC 2382-37?

ISO/IEC 2382-37 is part of the ISO/IEC 2382 series, which defines standard vocabulary for information technology. Specifically, Part 37 focuses on terminology related to biometric systems, such as definitions for biometric samples, templates, modalities, and matching processes.

It’s important to note: ISO/IEC 2382-37 is not a certifiable compliance standard like SOC 2 or GDPR. Rather, it’s a vocabulary standard, a foundational reference to ensure consistency across biometric technologies, regulatory documents, and system architectures.

By aligning with this vocabulary, companies can improve clarity in their product documentation, compliance efforts, and data protection strategies.

Why This Matters for Deepfake Detection

Truly’s deepfake detection technology often relies on analyzing facial or vocal features, both of which may qualify as biometric data under privacy regulations like GDPR or CCPA. Using standardized terminology ensures that when we talk about biometric data, we’re doing so clearly and responsibly.

For example:

  • A biometric sample in Truly might refer to a single frame of a user’s video feed.

  • A biometric template might describe the abstracted features used to assess authenticity or detect manipulation.

  • A modality refers to the type of biometric data being analyzed, such as face or voice.

By grounding our system design in this shared vocabulary, we make it easier for our customers, auditors, and partners to understand and trust how Truly handles sensitive data.

How Truly Aligns with ISO/IEC 2382-37

While Truly doesn’t claim formal certification to ISO/IEC 2382-37 (as it’s not a certifiable standard), we do follow its definitions and structure in how we:

  • Define and classify biometric data types used in deepfake detection.

  • Separate raw biometric samples (e.g., video/audio) from derived data or detection metadata.

  • Minimize data retention by default, Truly does not store raw media unless explicitly configured by the customer.

  • Encrypt data in transit and at rest using TLS 1.2+ and AES-256 respectively.

  • Control access to biometric-related data based on least-privilege principles and audit logs.

This alignment not only improves the clarity of our internal processes and documentation, but also helps our customers meet their own privacy and compliance obligations when using our technology.

Going Further: Beyond Terminology

In addition to aligning with ISO/IEC 2382-37, Truly is also designed with broader privacy and security frameworks in mind:

  • SOC 2: We’re currently working with EY to complete our SOC 2 certification.

  • GDPR & CCPA: Our data handling practices support compliance with both European and U.S. privacy laws.

  • Security-first architecture: Truly operates as a backend-to-backend system, ensuring minimal exposure of biometric data and tight integration with platforms like Zoom.

As standards like ISO/IEC 30107 (presentation attack detection) and ISO/IEC 19792 (security evaluation of biometric systems) become more relevant to the threat landscape, we continue to monitor and align with their best practices as well.

Conclusion

Truly’s mission is to bring trust and security back to real-time communication, without compromising privacy or accessibility. Aligning with ISO/IEC 2382-37 helps us speak a common language when it comes to biometric data, and ensures our detection technology remains both effective and responsible.

If you’re a security, compliance, or procurement professional looking to understand how Truly handles biometric data, feel free to contact us at privacy@truly.ws we’re happy to provide a technical brief or dive deeper into our data protection practices.