NewFaceID

Privacy Policy

Last updated: January 15, 2025

At NewFaceID ("we," "us," or "our"), your privacy is our top priority. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our website, applications, and AI headshot generation services (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

We collect several types of information from and about users of our Service, including:

1.1 Personal Information You Provide

  • Account Information: When you create an account, we collect your name, email address, password (encrypted), and optional profile information.
  • Uploaded Photos (Face Data): To generate your AI headshots, you upload 5-20 photos of yourself. These photos contain biometric information and are processed by our AI algorithms to create a personalized model. This is the core data required to provide our Service.
  • Payment Information: We use Stripe, a PCI DSS-compliant third-party payment processor, to process payments. We collect billing names and addresses but do not store your full credit card numbers on our servers. Payment card data is securely handled by Stripe.
  • Communications: If you contact our support team, we collect your name, email address, and the contents of your messages, as well as any attachments you send.

1.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with our Service, including pages visited, features used, time spent, and actions taken (e.g., photo uploads, downloads).
  • Device Information: We collect device type, operating system, browser type and version, IP address, unique device identifiers, and mobile network information.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track activity, store preferences, and analyze usage patterns. See Section 7 for more details.
  • Log Data: Our servers automatically record information including IP addresses, browser types, referring/exit pages, date/time stamps, and clickstream data.

1.3 Information from Third-Party Sources

  • Social Login Data: If you register or log in using a third-party service (e.g., Google, Facebook), we receive basic profile information such as your name, email address, and profile picture as permitted by that service.
  • Analytics Providers: We use third-party analytics services (e.g., Google Analytics) to understand how users engage with our Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, and maintain our AI headshot generation Service
  • AI Training: To train personalized AI models using your uploaded photos and generate your headshots
  • Account Management: To create and manage your account, authenticate users, and provide customer support
  • Payment Processing: To process transactions, send receipts, and manage billing
  • Communications: To send service-related notifications, respond to inquiries, and provide customer support
  • Service Improvement: To analyze usage patterns, improve our algorithms, develop new features, and enhance user experience
  • Security and Fraud Prevention: To detect, prevent, and address technical issues, security threats, fraud, and violations of our Terms of Service
  • Legal Compliance: To comply with legal obligations, respond to lawful requests, and protect our rights
  • Marketing (with consent): To send promotional materials, newsletters, and product updates (you can opt out at any time)

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal bases for processing your personal information include:

  • Contractual Necessity: Processing is necessary to perform our contract with you (Service delivery)
  • Consent: You have given explicit consent for specific processing activities
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., service improvement, fraud prevention)
  • Legal Obligations: Processing is necessary to comply with legal requirements

3. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Here is our specific data retention policy:

3.1 Uploaded Photos and AI Model

Your uploaded photos and the personalized AI model trained from them are automatically and permanently deleted from our servers 30 days after your headshots are generated. This ensures your biometric data is not retained longer than necessary.

3.2 Generated Headshots

Your AI-generated headshots are available for download for 90 days after generation. After this period, they are permanently deleted from our servers. We recommend downloading all headshots you wish to keep within this timeframe.

3.3 Account Information

We retain your account information (name, email, transaction history) as long as your account remains active or as needed to provide you with services. You may delete your account at any time through your account settings, which will trigger the deletion of your personal information within 30 days, except where retention is required by law.

3.4 Legal and Compliance Data

We may retain certain information for longer periods if required by law, regulation, legal process, or to protect our legal rights (e.g., tax records, transaction records for fraud prevention).

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including:

  • Cloud Hosting: Amazon Web Services (AWS) for secure data storage and processing
  • Payment Processing: Stripe for secure payment processing (PCI DSS compliant)
  • Email Services: SendGrid or similar providers for transactional and marketing emails
  • Analytics: Google Analytics for usage analysis and service improvement
  • Customer Support: Zendesk or similar platforms for support ticket management

These service providers are contractually obligated to protect your information, use it only for the purposes we specify, and comply with applicable data protection laws.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government agencies) or to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our Service of any such change in ownership.

4.4 Aggregate and Anonymized Data

We may share aggregated or anonymized data that does not directly identify you with third parties for research, marketing, analytics, and other purposes.

5. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

5.1 General Rights

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to certain types of processing (e.g., marketing)
  • Restriction: Request restriction of processing under certain circumstances

5.2 GDPR Rights (EEA Users)

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to lodge a complaint with a supervisory authority in your country.

5.3 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by businesses
  • Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Non-discrimination for exercising your CCPA rights

5.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@newfaceid.com or use the account settings in your profile. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

6. Security Measures

We take the security of your personal information seriously and implement industry-standard security measures, including:

  • Encryption: All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
  • Access Controls: Strict access controls and authentication mechanisms to limit who can access your data
  • Secure Infrastructure: Hosting on enterprise-grade cloud infrastructure (AWS) with multiple security layers
  • Regular Security Audits: Periodic security assessments and penetration testing
  • Employee Training: All employees are trained on data protection and privacy best practices
  • Incident Response: Established procedures for detecting, responding to, and reporting security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information.

7.1 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (e.g., authentication, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how users interact with our Service (e.g., Google Analytics)
  • Marketing Cookies: Track advertising effectiveness and deliver personalized ads (with consent)

7.2 Cookie Management

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. You can manage your cookie preferences through our cookie consent banner or your browser settings.

8. International Data Transfers

Our Service is operated from the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those of your country.

For users in the EEA, we ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@newfaceid.com, and we will take steps to delete such information.

10. Third-Party Links

Our Service may contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top of this Privacy Policy
  • Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@newfaceid.com
Address: NewFaceID, Inc., Delaware, United States
Data Protection Officer: dpo@newfaceid.com

13. Data Processing Addendum (For Business Customers)

If you are a business customer processing personal data on behalf of your users, a Data Processing Addendum (DPA) may be available upon request. Please contact legal@newfaceid.com for more information.