In order to offer the highest security possible, our Identity Server utilizes non-reverse engineerable biometric templates and encrypted communications to maintain PII integrity.
Biographical information (ex: personnel names and access control credentials) is stored in the Postgres database.
Biometric data (encoded templates used for matching) is stored within the data folder on the machine that the Identity Server rests on. This data is hashed and non-reverse engineerable, so any criminal/hacker/bad actor won't be able to use them. The Identity Server can also store face and iris images there as well (this option can be enabled/disabled via the Identity Server's Data Retention settings).
Encryption of the data folder is the responsibility of the customer. It is configured this way to prevent access to sensitive data and ensure identity protection.