Protect My Face

Privacy Policy

Protect My Face is provided by Sundial Mirage, Inc. (“Sundial,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, store, and protect your information when you use Protect My Face (the “Service”).

Effective date: April 17, 2026 ยท Version 2026-04-17

1. Overview

Protect My Face helps you monitor where your likeness may appear online. To do this, we process images you upload and generate a mathematical facial signature that can be compared against images found online. We are committed to handling your data responsibly, securely, and transparently.

Certain features of the Service involve the processing of biometric data derived from your uploaded images. That processing is described in our Biometric Data Policy, which forms part of this Privacy Policy.

2. Information We Collect

a. Information You Provide

  • Photos you upload to enroll your face
  • Account information (e.g., email address, login credentials)
  • Information you provide when submitting reports or takedown requests
  • Communications with us (support, feedback, etc.)

b. Facial Data

When you upload photos, we analyze them to extract facial features and generate a mathematical facial signature that can be compared against images found online.

Certain processing performed by the Service may involve biometric data under applicable laws. That processing is described in our Biometric Data Policy, which forms part of this Privacy Policy.

c. Automatically Collected Information

We may collect limited technical data such as:

  • device type and browser
  • IP address
  • usage activity within the Service
  • log and diagnostic information

This helps us operate, secure, and improve the Service.

d. Match and Monitoring Data

When we detect potential matches, we may collect and store:

  • image excerpts or screenshots
  • source URLs
  • timestamps
  • confidence scores and metadata

3. How We Use Your Information

We use your information to:

  • provide and operate the Service;
  • generate and maintain data used to identify possible matches;
  • detect and report possible matches;
  • support and facilitate takedown requests you initiate;
  • improve accuracy, safety, and performance;
  • communicate with you; and
  • comply with legal obligations.

4. How We Store and Retain Your Data

We retain your uploaded photos and related data:

  • for as long as your account remains active; and
  • as needed to provide the Service and support your use of it.

If you delete your account or request deletion, we will delete your photos within 30 days, except where retention is required for:

  • legal obligations;
  • security or fraud prevention;
  • dispute resolution; or
  • completing or documenting actions (such as takedown requests) initiated before deletion.

Retention and deletion of biometric data are governed by the Biometric Data Policy.

5. How We Share Information

We do not sell your personal data.

We may share information only in limited circumstances:

a. Service Providers

With trusted vendors who help us operate the Service (e.g., hosting, security, payments), under strict confidentiality obligations.

b. Takedown and Reporting

When you choose to submit a takedown request or report, we may include relevant information (such as images or evidence) as part of that process.

c. Legal Requirements

If required by law, regulation, legal process, or to protect rights, safety, or the integrity of the Service.

d. Business Transfers

In connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards.

6. Your Rights and Choices

Depending on your location, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • delete your data;
  • restrict or object to certain processing; and
  • withdraw consent (where processing is based on consent).

You can:

  • delete your account at any time;
  • request deletion of your uploaded photos; and
  • contact us to exercise your rights.

Additional rights and controls relating to biometric data are described in the Biometric Data Policy.

7. Data Security

We take the security of your information seriously and implement a combination of technical, administrative, and organizational safeguards designed to protect your data.

These measures include:

  • Encryption

    We use encryption in transit and, where appropriate, at rest to protect data from unauthorized access.

  • Access Controls

    Access to personal data is restricted to authorized personnel and service providers who require it to operate the Service. Access is limited based on role and subject to confidentiality obligations.

  • Secure Infrastructure

    We use reputable cloud and infrastructure providers with security controls designed to protect against unauthorized access, data loss, and service disruption.

  • Monitoring and Detection

    We maintain logging, monitoring, and alerting systems to detect and respond to suspicious activity, unauthorized access attempts, and potential vulnerabilities.

  • Data Minimization

    We design our systems to collect and retain only the data necessary to provide the Service and support its functionality.

  • Protection of Biometric Data

    Facial data and derived mathematical representations are handled with heightened safeguards appropriate to their sensitivity.

  • Testing and Improvement

    We periodically review and improve our security practices to address evolving threats and technologies.

We take the security of your personal data seriously and invest in industry-leading safeguards, including encryption, access controls, and continuous monitoring, to keep it protected. Our security practices are regularly reviewed and strengthened to stay ahead of evolving threats.

That said, as with any system operating over the internet, no technology can eliminate every conceivable risk. While such events are highly unlikely, should a security incident ever affect your personal data, we will act swiftly to investigate and contain it, and will notify affected users and relevant authorities where required by applicable law.

8. International Use

Your information may be processed in countries other than where you live. We take steps to ensure appropriate safeguards are in place where required by law.

Where required by applicable law, we implement safeguards for cross-border data transfers.

9. Children’s Privacy

The Service is intended for adults.

We do not knowingly collect personal data from children without appropriate authorization.

If you believe a child’s data has been submitted improperly, please contact us and we will take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide notice through the Service or other appropriate means.

11. Contact Us

Sundial Mirage, Inc.
1111B S Governors Ave STE 20907
Dover, Delaware, USA 19904
ProtectMyFace.org