How do we protect Your Privacy?

Comprehensive privacy policy explaining how we collect, use, and protect your personal data with full transparency.

Last updated: December 2024

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data with which you can be personally identified.

What We Collect

  • Account information (email, phone, age, gender)
  • Facial images (temporarily, for analysis only)
  • Analysis results and preferences
  • Payment and subscription data
  • Technical data (browser, IP address, usage statistics)

2. Facial Image Processing and AI Analysis

Image Collection and Processing

When you use our facial analysis service, we temporarily process your facial images for the sole purpose of providing AI-powered analysis results. Here is how we handle your images:

Image Security Measures:

  • Temporary Storage: Images are temporarily stored on our secure servers only during the analysis process (typically 1-3 minutes)
  • Pseudonymization: All images are immediately pseudonymized using advanced encryption techniques
  • Encrypted Transfer: All image data is transmitted using SSL/TLS encryption (HTTPS) with 256-bit encryption standards
  • Automatic Deletion: Images are automatically deleted from our servers within 24 hours of analysis completion

Third-Party AI Processing

To provide accurate facial analysis, we utilize industry-leading AI services that comply with international data protection standards:

AI Services Used:

  • AWS Rekognition: Pseudonymized facial images for age estimation, emotion detection, and facial feature analysis. AWS is GDPR-compliant and processes data in EU data centers when possible
  • OpenAI GPT-4: Anonymized facial analysis data (not images) for generating personalized beauty recommendations. No facial images are transmitted to OpenAI
  • MediaPipe (Google): Facial landmark detection processed locally in your browser. No image data is sent to Google servers

3. GDPR Compliance and Your Rights

Legal Basis for Data Processing

Under GDPR Article 6, we process your personal data based on the following legal bases:

  • Contract Performance (Art. 6(1)(b)): Processing is necessary to provide our facial analysis services and manage your account
  • Legitimate Interest (Art. 6(1)(f)): We have a legitimate interest in improving our services, preventing fraud, and ensuring security
  • Consent (Art. 6(1)(a)): You provide explicit consent when uploading images for analysis
  • Legal Obligation (Art. 6(1)(c)): We process data when required by law, such as for tax reporting and compliance

Special Categories of Data

Facial images may be considered biometric data under GDPR Article 9. We process this data based on:

  • Explicit Consent: You provide explicit consent when uploading images for analysis
  • Processing is necessary for the performance of a contract

4. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have the following rights regarding your personal data:

Your Privacy Rights:

  • Right to Information: You have the right to know what personal data we process and how we use it
  • Right to Access: You can request access to all personal data we have about you
  • Right to Rectification: You can request correction of inaccurate personal data
  • Right to Erasure: You can request deletion of your personal data under certain circumstances
  • Right to Data Portability: You can request your data in a machine-readable format
  • Right to Object: You can object to processing of your personal data for marketing purposes
  • Right to Withdraw Consent: You can withdraw your consent for data processing at any time

5. Data Retention Periods

We retain different types of data for specific periods based on legal requirements:

Retention Periods:

  • Facial Images: Deleted within 24 hours of analysis completion
  • Analysis Results: Retained for the duration of your account plus 90 days
  • Account Information: Retained for the duration of your account plus 7 years for legal compliance
  • Payment Data: Retained according to financial regulations (typically 7-10 years)
  • Technical Logs: Retained for 30 days for security purposes

Contact for Privacy Matters

For questions about data protection and privacy, please contact us:

Nexera Media Group LTD

1317 N San Fernando Blvd #167

City, Country

Email: help@facedesign.me

Phone: +1 (877) 856-9784