Last updated January 17, 2023.
- The Apps are photo or video editors that allow users to edit portraits with highly realistic facial transformations.
- We do not use photographs or videos you provide when you use the Apps for any reason other than to provide you with the editing functionality of the Apps.
- We use third-party cloud providers — specifically, Google Cloud Platform and Amazon Web Services — to process and edit photographs and videos.
- You only send to the cloud the photographs or videos that you specifically select for editing.
- Photographs or videos are temporarily cached on the cloud servers during the editing process, and encrypted using a key stored locally on your mobile device.
- Photographs or videos may remain in the cloud for a maximum limited period of 24 to 48 hours, for improved performance and lower bandwidth allowing additional changes to recently selected photos or videos in an optimal manner.
Here’s more on our privacy practices.
1. Information We Collect
1.1. When you use the App and select photographs or videos for editing, we cache them for processing to render the requested editing service:
- Photographs or videos you select when you use the Apps, via your camera or camera roll (if you have granted the Apps the permission to access your camera or camera roll), or via the in-App internet search functionality. We process only specific photos and videos you choose to modify using the Apps; and we do not collect your photo or video albums even if you grant us access to them. We safeguard each photograph or video that you select using an encryption key stored locally on your device. This means that the only device that can view the photo or video is the device from which the photograph or video was submitted using the Apps – the user’s device. Please note that while we do not require or request any metadata attached to the photographs or videos you select for editing, metadata (including, for example, geotags) may be associated with your photographs or videos by default. We take steps to delete any metadata that may be associated with a photograph or video you provide when you use the Apps. Photographs or videos may remain cached in the cloud for a limited period between 24 to 48 hours after your last edit, so that you can return to it and make additional changes if you so choose.
1.2. When you use the App and the Site, we may collect some information, including:
- App-related purchase history, if you choose to purchase an App subscription, we will not receive such information as billing address, credit card etc. (as we don’t distribute subscriptions directly), we will only receive confirmation from the relevant application store that you are a paid subscriber to the App so we can provide Pro services.
- Device data, such as your computer and mobile device operating system type and version number, manufacturer and model, push tokens, Google Advertising ID and Apple ID for Advertising, browser type, screen resolution, IP address (and the associated city/country in which you are located), and the website you visited before visiting our Site.
Only online identifiers such as the IP address, Apps Instance ID (that is assigned to an App copy, installed on your device) and Advertising ID are generally considered as personal data. However, we are not in a position to identify you directly as a data subject on the basis of such identifiers.
1.3. When you contact us by email, we may also collect:
- Contact information, such as your name and email address, and information relating to your communication.
2. How We Use Your Information
2.1. We do not use photographs or videos you provide when you use the Apps for any reason other than to provide you with the editing functionality of the Apps.
2.2. We may use information other than photographs and videos for the following purposes:
- Enable you to use the Apps’ features and to visit the Site.
- Communicate with you about the Apps, and the Site, including by sending you announcements (if you chose to “share email address”), updates, and security alerts, which we may send through a push notification, and responding to your requests, questions, and feedback.
- Provide technical support and maintenance for the Apps.
To improve, monitor, and protect our Apps and the Site. It is in our legitimate business interests to improve and keep our services safe and secure for our users. We do this by:
- Performing statistical analysis on aggregated data relating to the use of the Apps and Site (including through the use of third-party services).
- Troubleshooting, testing, and researching.
For compliance, fraud prevention, and safety. We may use and disclose the information we collect (such as device data and app usage information) where it is in our legitimate business interests to: (a) protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Apps and Site; and (c) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity. We may disclose this information to government authorities and other third parties as required by applicable law. We cannot disclose the photos and videos that have been cached for processing as we do not store the encryption keys.
To create anonymous, aggregated, or de-identified data. We may create anonymous, aggregated, or de-identified data where it is in our legitimate business interests, and use and share it with third parties.
2.3. We will only process personal information on the basis of our legitimate interests where such interests are not overridden by your interests or your fundamental rights and freedoms.
3. How We Share Your Information
3.1. We do not disclose user photographs or videos to third parties (with the exception of temporarily caching an encrypted version with our cloud providers, Google Cloud Platform and Amazon Web Services, to provide the photo and video editing features of the Apps). We cannot share the photos and videos cached for processing as we do not store the encryption keys.
3.2. We may share your non-photograph and non-video information in the following circumstances:
Advertising partners. When third-party cookies and other tracking tools are used, our advertising partners may collect information from your device to display advertisements on the Apps, and to advertise the Site and Apps (and related content) elsewhere online.
Professional advisors. We may disclose your information to professional advisors, such as lawyers and auditors, where necessary in the course of the professional services that they render to us.
Business transfers. We may sell, transfer, or otherwise share some or all of our business or assets, including information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization, or sale of assets, or in the event of bankruptcy or dissolution.
4. Compliance with Law
We may be required to disclose your information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities, or for the compliance, fraud prevention, and safety reasons described above. We do not have any access to your photos or videos as they are cached in encrypted format, and the key resides on the user’s device so we cannot disclose such content.
5. Your Choices
Opt out of push notifications. You may opt out of the push notifications we may send you by changing the settings on your mobile device.
Device permissions. You may revoke any permissions you previously granted to us, such as permission to access your camera, camera roll, or microphone through the settings on your mobile device.
Cloud processing. You may request that we remove your information, including the photographs and videos that are temporarily cached on Google Cloud Platform or Amazon Web Services, prior to the automatic 24 to 48 hours post-edit deletion time by clicking the”Request cloud data removal” button in the “Support” section of the App settings.
Personal information requests. We also offer you choices that affect how we handle the personal information that we control. Depending on your jurisdiction, you may request the following in relation to your personal information:
- Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
- Correction of personal information that is inaccurate or out of date.
- Deletion of personal information that we no longer need to provide the services or for other lawful purposes.
- Additional rights, such as toobject to andrequest that we restrict our use of your personal information.
To make a request, please email us at firstname.lastname@example.org . We may ask for specific information from you to help us confirm your identity. California residents can empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. If you are in Europe, you can find your data protection regulator here.
Choosing not to share your information. Where we need your information in order to provide the services to you or where we are required by law to collect your information, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services.
Limits on your choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “How to Contact Us” section below. Please note that we may require additional information in order to verify your identity and process your request.
6. Other Sites, Mobile Applications, and Services
The App may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications, or online services, and we are not responsible for their actions. Other websites, mobile applications, and online services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications, and online services you use.
7. Security Practices
We use commercially reasonable security practices to help keep the information collected through our services secure. However, FaceApp cannot guarantee the security of any information you provide, as bad actors, for example, may try to access, disclosure, alter, or destroy your information.
Please do your part to help us. You are responsible for maintaining the confidentiality of your information, and for controlling access to communications between you and FaceApp, at all times. We are not responsible for the functionality, privacy, or security measures of any other organization.
We configure Google Cloud Platform and Amazon Web Services to delete photographs and videos, and the information associated with those photographs and videos, within 24 to 48 hours after the photograph or video was last edited using the Apps. This allows you to revisit photographs or videos to make additional modifications during that time.
9. Cross-Border Data Transfers
If we transfer your personal information internationally, these countries may not provide the same protections as the data protection laws where you are based. Where we transfer information internationally, we:
- Make sure the data transfer complies with applicable law; and
- Make sure that the relevant safeguards are in place to afford adequate protection for your personal information.
We do this using a variety of protections, as appropriate for each data transfer. For example, we use:
- Standard Contractual Clauses (or an alternative legal tool, such as the UK Government-approved International Data Transfer Agreement or Addendum) to require the third party to protect your data and to provide you with EU- and UK-level rights and protections;
- Technical protections, such as automated deletion, encryption, and pseudonymization; and
- Policies and processes to challenge disproportionate or unlawful government authority requests.
Note, our technical support team may also access your information, such as App usage information, in locations outside of your state, province, or country.
Our Apps and Site are not directed at children under the age of 13. This explains why we do not consciously collect data from subjects under the age of 13. If you are less than 13 years old, do not use our Apps and Site. If you are a parent or the guardian of a person under the age of 13, please do not allow such person to use our Apps and Site. In certain cases, this age may be higher than 13 due to local regulatory requirements.
12. How to Contact Us
FaceApp Technologies Limited is the entity responsible for the processing of your personal information, and is the data controller in respect of such processing.
You may also write to us via postal mail at:
FaceApp Technology Limited
28th October Ave 319a
8th Floor - Office 801A
13. UK Representative Contact Information
For users in the United Kingdom, VeraSafe has been appointed as FaceApp’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the UK General Data Protection Regulation. VeraSafe can be contacted only on matters related to the processing of personal data.
To make such an inquiry, please contact VeraSafe using this contact form:https://verasafe.com/public-resources/contact-data-protection-representative
or via telephone at: +44 (20) 4532 2003.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL