Privacy Policy

• The photo you upload (or the demo photo you choose), plus the cropped, cleaned, and AI-corrected versions we generate from it.
• A face embedding derived from your photo — a 512-number mathematical summary of facial geometry (ArcFace). It cannot reconstruct your photo. We use it solely as an identity anchor: after the AI fixes lighting, crop, or background, we compare the edit to this signature to make sure it is still you. If the similarity drops too far, we reject the edit.
• Validation measurements derived from the photo (head height, head angle, background uniformity, color, and similar metrics) used to show you a pass/fail report.
• Your email address, only if you reach checkout — collected by our payment processor so we can send your order and receipt.
• Basic technical and usage data (an anonymous session cookie, and aggregate product analytics and error reports) to run and improve the service. We never log the bytes of your image.

For the photo and the face embedding, our legal basis is your explicit consent, which you give by ticking the consent box before you upload. Because the embedding is special-category / biometric data, we do not process it without that consent, and you can withdraw consent at any time by not completing — or by deleting — your photo (see “Retention” and “Your rights”). For payment and order email, our basis is performing the service you asked for.

We use your photo and its embedding only to create and validate your passport photo. We do not use them for advertising, facial recognition, surveillance, training third-party identity models, or any unrelated purpose. We do not sell your personal data and we do not “share” it for cross-context behavioral advertising, as those terms are defined under the CCPA.

Your uploaded photo, every generated image, and the derived face embedding are automatically and permanently deleted within 72 hours. Deletion happens on a schedule regardless of whether you finish — the embedding is stored on the same record as the photo and is destroyed with it. We keep a minimal order and payment record (for example: order id, amount, email, refund status) for legal, tax, and accounting purposes; that record does not include your photo or your face embedding.

We use the following vendors to operate the service. We share only what each needs, and we do not authorize any of them to use your data for their own purposes:

• Cloudflare R2 — encrypted, private photo storage (served only via short-lived signed URLs).
• Google (Gemini) — AI image editing that corrects fixable issues.
• Fireworks AI — AI vision checks used during photo validation.
• Stripe — payment processing and checkout. We never see your card number.
• Mailgun — transactional email (your order and receipt).
• PostHog — product analytics (aggregate usage, not your image).
• Sentry — error monitoring so we can fix crashes.

Your photo and embedding are sent only to the storage and AI providers above (R2, Gemini, and Fireworks) and only for the purpose of making and validating your photo.

Some of the providers above operate in the United States and other countries, so your data may be processed outside your home country. Where required, transfers rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses. Because data is deleted within 72 hours, it is not retained abroad beyond that window.

Depending on where you live (for example under the GDPR, UK GDPR, CCPA/CPRA, or BIPA), you may have the right to access, correct, delete, or port your personal data, to withdraw consent, and to object to or restrict processing. Because we already delete everything within 72 hours, the fastest way to exercise your delete right is simply to not complete your order, or to email us. To make any request, contact privacy@snapassport.com. We will not discriminate against you for exercising these rights.

Snapassport is intended for adults creating photos for themselves or for a child in their care. The service is not directed to children, and you may not create an account or submit your own information if you are under 16 (or under 13 where that is the applicable age). A parent or legal guardian may create a compliant photo of their child; by doing so you confirm you have the authority to provide consent on the child’s behalf.

Photos are stored encrypted in private storage and are reachable only through short-lived signed URLs. We never log image bytes. No system is perfectly secure, but we limit what we collect, limit who can process it, and delete it quickly.

If we change this policy we will update the date above. Questions or requests: privacy@snapassport.com.