Privacy Policy

Last Updated: February 2026

1. Overview

FaceTrace is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information.

2. What We Collect

  • Account data: Email, name, encrypted password
  • Images: Images you upload for monitoring (stored encrypted, deleted on request)
  • Search results: URLs and metadata of pages where your images are found
  • AI detection data: URLs submitted for AI analysis, analysis results, and verdict data
  • Usage data: Login times, IP addresses, actions taken (for security and audit)

3. What We Do NOT Collect

  • We do NOT build facial templates or biometric databases
  • We do NOT sell your data to third parties
  • We do NOT use tracking cookies or third-party analytics

4. How We Use Your Data

Your data is used exclusively to provide the service: running searches, tracking matches, generating evidence packs, sending alerts, and analyzing images for AI-generated content.

5. AI Detection Data

When you use the AI Detection tool, we send the extracted image URL to Google Cloud Vision API for analysis. We store the analysis results including verdict, confidence score, and detected markers. AI detection usage is rate-limited per IP address for anonymous users.

6. Third-Party Services

When you initiate a search or AI analysis, your image may be sent to third-party APIs (Bing Visual Search, TinEye, Google Cloud Vision, SerpApi). We do not control how these providers process images. Review their respective privacy policies.

7. Data Security

  • Passwords are hashed with bcrypt (cost factor 12)
  • API keys are encrypted at rest using libsodium
  • All connections use HTTPS/TLS
  • CSRF protection on all forms
  • Rate limiting on sensitive endpoints

8. Data Retention

Your data is retained as long as your account is active. AI detection results are retained for service improvement. You may export or delete all data at any time from Privacy Settings.

9. Your Rights

  • Access: Export all your data in JSON format
  • Deletion: Permanently delete your account and all data
  • Control: Configure safe mode, storage preferences, and domain lists

10. Cookies

We use a single session cookie for authentication. No tracking cookies or third-party analytics.

11. Contact

For privacy-related inquiries, use the contact information in your account settings.