Protect My Face

Biometric Data Policy

This Biometric Data Policy explains how Protect My Face collects, uses, stores, and protects biometric data. This Policy forms part of the Protect My Face Privacy Policy and Terms of Service.

Effective date: April 17, 2026 ยท Version 2026-04-17

1. Overview

To provide the Service, Protect My Face processes certain information derived from images you upload.

This may include data relating to facial features that can be used to recognize or compare a face.

Because this information may be considered biometric data or sensitive personal information under applicable laws, we apply heightened safeguards and provide the disclosures below.

2. What We Collect

When you upload photos, we analyze them to extract facial features and generate a mathematical facial signature.

This may include:

  • facial geometry
  • relationships between facial features
  • numerical representations used for comparison

This data is used only within the Service.

3. Purpose of Collection

We collect and use biometric data solely to:

  • identify possible matches to your likeness;
  • provide facial monitoring and alerting;
  • improve matching accuracy; and
  • support user-initiated takedown workflows.

We do not use biometric data for advertising, sale, or unrelated profiling.

4. Notice and Consent

By using the Service and uploading photos, you acknowledge that your images will be analyzed to extract facial features and generate a mathematical facial signature for matching purposes.

You consent to the collection, use, and storage of biometric data as described in this Policy.

Where required by applicable law, this constitutes your informed or explicit consent.

You may withdraw consent at any time by deleting your account or requesting deletion of your data, subject to limited exceptions described below.

5. Retention and Deletion

We retain biometric data:

  • for as long as your account remains active; and
  • only as long as necessary to provide the Service.

We will permanently delete biometric data within 30 days after:

  • you delete your account; or
  • the data is no longer needed to provide the Service,

whichever occurs first, unless a longer retention period is required by law or necessary to:

  • complete actions you initiated;
  • comply with legal obligations; or
  • prevent fraud or misuse.

Where applicable law requires earlier deletion, we will comply with that requirement.

6. No Sale or Unauthorized Disclosure

We do not:

  • sell biometric data;
  • lease or trade it; or
  • otherwise profit from biometric data.

We disclose biometric data only:

  • to service providers operating on our behalf under confidentiality obligations;
  • when required by law or legal process; or
  • when necessary to carry out actions you initiate through the Service.

7. Security

We apply safeguards appropriate to the sensitivity of biometric data, including:

  • encryption in transit and, where appropriate, at rest;
  • access controls limiting who can access such data; and
  • secure infrastructure and monitoring systems.

8. Your Rights

You may:

  • request deletion of biometric data;
  • withdraw consent; and
  • contact us regarding biometric processing.

Additional rights may apply depending on your location, as described in our Privacy Policy.

9. U.S. State-Specific Notices

Certain U.S. states regulate biometric data or classify it as sensitive personal information. This section provides additional disclosures where required.

a. Illinois and Texas

Where applicable, we:

  • inform you in writing that biometric data is being collected;
  • describe the purpose and duration of its use;
  • obtain consent before collection; and
  • maintain a retention and deletion policy consistent with this Policy.

Biometric data is destroyed when the purpose for its collection has been satisfied or within the timeframes described above, unless otherwise required by law.

b. Washington

We provide notice that biometric data is collected and used for identification and matching purposes as described in this Policy.

c. States Treating Biometric Data as Sensitive Personal Information

In certain jurisdictions, including Colorado, Virginia, Oregon, Delaware, Maryland, and Tennessee, biometric data may be classified as sensitive personal information.

Where applicable, we:

  • process such data only for the purposes described in this Policy;
  • rely on consent or another lawful basis where required; and
  • limit use and retention to what is reasonably necessary to provide the Service.

10. Changes to This Policy

We may update this Policy from time to time.

11. Contact

Sundial Mirage, Inc.
1111B S Governors Ave STE 20907
Dover, Delaware, USA 19904