Privacy Policy

Effective date: April 11, 2026 · Last updated: April 11, 2026

Reverse Face(“we,” “us,” or “our”) operates the website reverseface.comand provides AI-powered reverse face search services (the “Services”). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Services.

1. Information We Collect

a. Information You Provide

Account Data: Email address and authentication tokens when you register or log in.
Uploaded Images: Photographs you upload for face search queries. These images may contain biometric identifiers (facial geometry). See our Biometric Data Notice for details on how biometric data is handled.
Payment Data: Billing information processed by our third-party payment processor (Stripe). We do not store full payment card numbers on our servers.
Communications: Messages you send to us through our contact page or support channels.

b. Information Collected Automatically

Usage Data: Pages visited, search queries, click patterns, timestamps, and referring URLs.
Device Data: IP address, browser type, operating system, and device identifiers.
Cookies & Similar Technologies: We use cookies, local storage, and Google reCAPTCHA tokens for authentication, security, and analytics. See Section 7 below.

2. How We Use Your Information

Provide, maintain, and improve the Services.
Process face search queries and deliver results.
Authenticate users and protect against fraud, spam, and abuse.
Process payments and manage Subscriptions.
Communicate with you about account activity, updates, and promotional offers (you may opt out at any time).
Comply with legal obligations.

3. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your data include:

Contractual necessity: To perform our contract with you (e.g., delivering search results, managing Subscriptions).
Consent: For the processing of biometric data and optional marketing communications. You may withdraw consent at any time.
Legitimate interests: For analytics, security, and fraud prevention, balanced against your rights and freedoms.
Legal obligation: To comply with applicable law.

4. Data Sharing & Third Parties

We do not sell your personal information. We share data only in the following circumstances:

Service Providers: We use third-party processors including FaceCheck.id (facial recognition search), Stripe (payments), Resend (transactional email), Neon (database hosting), Vercel (hosting), and Google reCAPTCHA (bot protection). Each processor acts on our instructions and is contractually bound to protect your data.
Legal Requirements: We may disclose data when required by law, regulation, legal process, or enforceable governmental request. See our Law Enforcement Guidelines.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

5. Data Retention

Uploaded Images:Uploaded photos are transmitted to our facial recognition provider for processing and are not permanently stored on our servers. Transient copies are deleted within 24 hours of search completion.
Search Results & Reports:Report data is retained for 90 days or the duration of your Subscription, whichever is longer.
Account Data:Retained for as long as your account is active. Upon account deletion, personal data is purged within 30 days, except where retention is required by law.
Biometric Data: See our Biometric Data Notice for specific retention schedules.

6. Your Rights

Depending on your jurisdiction you may have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Request deletion of your personal data.
Restrict or object to certain processing activities.
Data portability (receive your data in a structured format).
Withdraw consent at any time (without affecting the lawfulness of prior processing).
Do Not Sell My Personal Information: We do not sell personal information. If you are a California resident and wish to exercise your CCPA rights, please contact us.

To exercise any of these rights, please email us at privacy@reverseface.com or use our contact page. We will respond within 30 days (or within the timeframe required by applicable law).

7. Cookies & Tracking Technologies

We use the following categories of cookies:

Category	Purpose	Examples
Strictly Necessary	Authentication, session management	NextAuth session token
Security	Bot protection, abuse prevention	Google reCAPTCHA
Analytics	Usage metrics, performance monitoring	Telemetry events

You can manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies may prevent parts of the Services from functioning correctly.

8. International Data Transfers

Your data may be transferred to and processed in the United States or other countries where our service providers operate. Where such transfers occur, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an adequate level of protection.

9. Data Security

We implement industry-standard technical and organizational measures to protect your data, including TLS encryption in transit, encryption at rest, and access controls. However, no method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10. Children’s Privacy

The Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Site with a new effective date. We encourage you to review this page periodically.

12. Contact

For privacy-related inquiries, data subject requests, or to lodge a complaint, please contact our Data Protection Officer at privacy@reverseface.com or visit our contact page.