Privacy Policy

1. Introduction

FaceIn Technologies ("FaceIn," "we," "us," or "our") operates the FaceIn mobile application and the facein.id website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and handling your data with transparency. Our architecture is designed so that the most sensitive data — your biometrics — never reaches our servers.

2. Biometric Data — BIPA Disclosure

In compliance with the Illinois Biometric Information Privacy Act (BIPA) and similar state laws, we provide the following disclosures:

2.1 Collection and Storage

FaceIn processes biometric identifiers (facial geometry data) exclusively on your device. This data is generated by on-device machine learning models and stored in your device's hardware-backed secure element (Apple Secure Enclave or Android StrongBox). We do not collect, receive, store, or transmit biometric identifiers or biometric information to our servers.

2.2 Purpose

Biometric data is used solely for the purpose of authenticating your identity to third-party applications and services through the FaceIn platform. Your biometric data is not used for any other purpose.

2.3 Retention and Destruction

Since biometric data is stored only on your device, it is retained as long as you use the FaceIn app. When you uninstall the app or delete your account, all biometric data is permanently destroyed from your device. There is no server-side biometric data to delete because none was ever collected.

2.4 Sharing and Disclosure

We do not sell, lease, trade, or otherwise profit from your biometric data. We do not disclose biometric identifiers or biometric information to any third party. The zero-knowledge proofs sent to our servers are mathematically irreversible and cannot be used to reconstruct your biometric data.

3. Information We Collect

3.1 Information You Provide

• Email address (for account creation)
• Display name (optional)
• Payment information (for developer SDK billing, processed by Stripe)

3.2 Information Collected Automatically

• Device type and operating system version
• App version
• Authentication events (success/failure, timestamps — no biometric data)
• IP address (for security and rate limiting, not stored long-term)
• Anonymized usage analytics (can be opted out)

3.3 Information We Do NOT Collect

• Facial images or photographs
• Biometric templates or facial geometry data
• Passwords (we don't use passwords)
• Location data
• Contacts, messages, or other personal content

4. How We Use Your Information

• To provide and maintain the Service
• To verify your identity during authentication (via zero-knowledge proofs)
• To communicate with you about the Service (account notifications, security alerts)
• To detect and prevent fraud, abuse, and security threats
• To comply with legal obligations
• To improve the Service through anonymized, aggregated analytics

5. Data Processing Locations

Our servers are located in the United States (AWS us-east-1 and us-west-2). For EU users, we offer data residency in the European Union (AWS eu-west-1) upon request. Biometric data is processed exclusively on your device and is not subject to cross-border data transfers.

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request restriction of processing of your data
• Right to Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@facein.id or use the self-service options in the app under Settings → Privacy.

7. Data Deletion

You can delete your account and all associated data at any time:

• In-app: Settings → Account → Delete Account
• By email: Send a request to privacy@facein.id
• Biometric data: Automatically deleted when you uninstall the app (stored only on device)

Account deletion is processed within 24 hours. All server-side data (email, usage logs) is permanently deleted within 30 days. Biometric data on your device is deleted immediately upon app uninstallation.

8. Third-Party Services

We use the following third-party services:

• Stripe: Payment processing for developer billing
• AWS: Cloud infrastructure for API servers
• PostHog: Privacy-friendly product analytics (opt-out available)

None of these services have access to biometric data, which remains on your device.

9. Children's Privacy

FaceIn is not intended for use by children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@facein.id.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or in-app notification.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• 📧 Email: privacy@facein.id
• 🏢 FaceIn Technologies

For EU residents, you have the right to lodge a complaint with your local data protection authority.