Eye-tracking sensors track where a user looks and are being increasingly integrated into mixed-reality devices. Although critical applications are being enabled, there are significant possibilities for violating user security and privacy expectations. There is an appreciable risk of unique user identification from eye-tracking camera images and the resulting eye movement data. Biometric identification would allow an app to connect a user’s personal ID with their work ID without needing their consent, for example. Solutions were explored to address concerns related to the leaking of biometric features through eye-tracking data streams. Privacy mechanisms are introduced to reduce the risk of biometric recognition while still enabling applications of eye-tracking data streams. Gaze data streams can thus be made private while still allowing for applications key to the future of mixed-reality technology, such as animating virtual avatars or prediction models necessary for foveated rendering.