Privacy Policy

FaceSentry is operated by MeltingPixels LLC ("FaceSentry," "we," "us"). This policy explains what personal data we collect, why we collect it, how we use it, how long we keep it, and the rights you have over it. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

• Account information: email address, display name, password hash, and account timestamps.
• Reference photos: images you upload to identify a protected person. Stored in encrypted cloud storage with private access only.
• Biometric identifiers (special-category / sensitive personal data): 512-dimensional face embeddings derived from your reference photos. These are numerical vectors, not images, and cannot be reverse-engineered into a photo.
• Scan results: URLs, thumbnails, platform metadata, AI model verdicts, and similarity scores for matches found during scans.
• Consent records: the timestamp, IP address, and method of the consent you provided when creating your account and when adding each protected person.
• Takedown records: notices we generated on your behalf, evidence packages, delivery status, and platform responses.
• Payment information: handled entirely by Stripe. We receive only a customer reference, subscription tier, and billing status. We do not store or process credit card numbers.
• Technical logs: IP address, user agent, request timestamps, and error events, used solely for security, abuse prevention, and debugging.

2. How We Use Your Information

• To detect and monitor unauthorized use of your likeness across the internet.
• To run AI deepfake detection, NSFW classification, and liveness verification on scan results.
• To generate DMCA takedown notices and TAKE IT DOWN Act removal requests on your behalf.
• To send you email alerts about matches, takedowns, and account activity.
• To process subscription payments and deliver billing receipts.
• To enforce our Terms of Service, prevent abuse, and comply with law.

We do not use your photos, embeddings, or scan results to train AI models, for advertising, or for profiling unrelated to your own protection.

3. Lawful Basis for Processing (GDPR / UK GDPR)

• Explicit consent (Article 9(2)(a)): for all biometric data. You provide this at registration and again each time you add a person who is not yourself. You may withdraw consent at any time by deleting the protected person, or your entire account, from your Settings page.
• Contract (Article 6(1)(b)): to provide the Service you have subscribed to.
• Legitimate interests (Article 6(1)(f)): security, fraud prevention, and service integrity.
• Legal obligation (Article 6(1)(c)): tax, accounting, and law-enforcement requests.

4. AI Processing

All AI models run on our own infrastructure. Your photos and biometric data are never sent to OpenAI, Google, Anthropic, or any third-party AI service. We use the following proprietary and on-premise models:

• Proprietary Spartan deepfake detection model (designed and trained in-house)
• Proprietary Spartan NSFW classification model (designed and trained in-house)
• Proprietary Spartan GenD CLIP AI-generated content detector
• AdaFace face recognition model (Apache 2.0 license)
• SCRFD face detection model
• MiniFASNet liveness verification model

5. Data Security

• All data encrypted at rest and in transit (TLS 1.3) by our infrastructure providers.
• Biometric embeddings stored in an isolated PostgreSQL database with row-level security policies scoped to the owning user.
• Reference photos stored in private cloud storage buckets with per-user access controls.
• Database hosted on Supabase (SOC 2 Type II certified by its provider).
• Production systems hardened with rate limiting, SSRF protection, CSRF tokens, content security policy, and webhook idempotency.

6. Data Retention

We retain personal data only for as long as needed to provide the Service or meet legal obligations:

• Reference photos and face embeddings: retained until you delete the protected person or your account.
• Scan results (free tier): automatically purged after 90 days.
• Scan results (paid tiers): retained for the duration of your subscription, then purged 30 days after cancellation.
• Takedown records: retained for 2 years as a record of legal notices we filed on your behalf.
• Billing records: retained for 7 years for tax and accounting compliance.
• Security logs: retained for up to 90 days.
• Consent records: retained for as long as the underlying data is retained, plus 2 years for audit purposes.

You may trigger deletion at any time by deleting your account from Settings. Account deletion is permanent and irreversible. Some records may be retained in anonymized form where required by law.

7. Data Sharing

We do not sell, rent, or share your personal data. We disclose data only to the following processors and only for the purposes listed:

• Stripe (payments, tax).
• Supabase (database, storage, authentication).
• Resend (transactional email delivery).
• Upstash (rate-limit and idempotency cache).
• Third-party platforms receiving DMCA or TAKE IT DOWN Act notices you authorize us to send.
• Law-enforcement or court orders where we are legally compelled to disclose.

We have a data-processing agreement (DPA) in place with each of the processors above. Some are located in the United States. International transfers outside the EEA/UK are made under Standard Contractual Clauses or the EU-US Data Privacy Framework.

8. Your Rights

Depending on where you live, you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to fix inaccurate data.
• Deletion ("right to be forgotten") — delete your account and associated data from Settings, or email us.
• Portability — export your data in a machine-readable format from Settings.
• Restriction / objection — ask us to stop or limit certain processing.
• Withdraw consent — at any time, with no effect on processing already carried out.
• Lodge a complaint with a supervisory authority (EU/UK) or your state Attorney General (US).

9. California Residents (CCPA / CPRA)

California residents have the right to know, delete, correct, and limit use of sensitive personal information. We classify biometric identifiers as "sensitive personal information" under CPRA. We do notsell or share your personal information for cross-context behavioral advertising. To exercise your rights see Your Privacy Choices or email support@facesentry.com. We will not discriminate against you for exercising any of these rights.

10. Illinois, Texas, Washington Biometric Laws

FaceSentry creates and stores biometric identifiers (face embeddings). We comply with the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and the Washington My Health My Data Act. Specifically:

• We inform you in writing that biometric data is being collected and stored.
• We inform you of the specific purpose (monitoring the web for unauthorized use of the likeness) and of the retention period (see Section 6).
• We obtain your written release (a checkbox acknowledgement at registration and at each person creation).
• We do not sell, lease, trade, or profit from your biometric data.
• We permanently destroy biometric data when you delete the associated protected person, account, or three years after your last interaction with the Service, whichever comes first.

11. Children's Privacy

The Service is not directed to children under 13. Family-plan account holders may enroll their own minor children as protected people; in that case parental consent is required under the Children's Online Privacy Protection Act (COPPA), results are delivered only to the parent account, and we do not create user accounts for minors. If you believe we have inadvertently collected data from a child under 13 without parental consent, contact us and we will delete it.

12. Cookies and Tracking

We use strictly-necessary first-party cookies for authentication, session management, and CSRF protection. We do not currently use advertising or cross-context behavioral tracking cookies. If we introduce analytics or advertising pixels in the future we will display a consent banner and update this policy.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be announced by email and posted on this page with a new "last updated" date. Continued use of the Service after an update constitutes acceptance of the revised policy.

14. Contact

Data controller: MeltingPixels LLC, Greenwood, Indiana, USA. For privacy questions, data subject requests, or to withdraw consent, contact support@facesentry.com.